VIRUS SENDING MASS EMAILS, ONLY WAY TO STOP IS ccApp... help!!!!!!!!!!

Unknown · March 2009

My case is very much like
http://icrontic.com/forum/showthread.php?t=50076

I did try everything mentioned here

The final solution to this was Running SDFIX
the log is as follows

SDFix: Version 1.240
Run by varun malhotra on Thu 03/12/2009 at 04:45 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\varun malhotra\My Documents\Downloads\SDFix\SDFix

Checking Services :

Name :
FCI

Path :
C:\WINDOWS\system32\svchost.exe:ext.exe

FCI - Deleted

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\DOCUME~1\VARUNM~1\LOCALS~1\Temp\tmp12.tmp - Deleted
C:\DOCUME~1\VARUNM~1\LOCALS~1\Temp\tmp19.tmp - Deleted
C:\DOCUME~1\VARUNM~1\LOCALS~1\Temp\tmp54.tmp - Deleted
C:\DOCUME~1\VARUNM~1\LOCALS~1\Temp\tmp5A.tmp - Deleted
C:\DOCUME~1\VARUNM~1\LOCALS~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\VARUNM~1\LOCALS~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\VARUNM~1\LOCALS~1\Temp\tmp9.tmp - Deleted
C:\DOCUME~1\VARUNM~1\LOCALS~1\Temp\tmpE.tmp - Deleted
C:\WINDOWS\Temp\temp.dat - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 16:48:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\varun malhotra\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Ã¦Torrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\DOCUME~1\VARUNM~1\MYDOCU~1\DOWNLO~1\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 25 Feb 2009 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Finished!

I manually deleted "C:\WINDOWS\system32\KGyGaAvL.sys" by using avenger.

But did not work.
As soon as i connect to the internet the within a minute i start getting these scanning messages window by the hundred. The only way to clearing up the screen is by shutting down CCAPP

below is my HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:46 PM, on 3/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.222.1/24online/webpages/clientlogin.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKUS\.DEFAULT\..\Run: [Java S1] \\?\globalroot\systemroot\system32\mschr.exe (User 'Default user')
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (file missing)
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{2EA579A4-D775-445D-A0B9-4BE80ABF39B4}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10659 bytes

Please help

Katana · March 2009

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

I manually deleted "C:\WINDOWS\system32\KGyGaAvL.sys" by using avenger.

Which is why we don't recommend that people use these tools on there own.
There was no need to delete KGyGaAvL.sys at all.

FYI, the thread that you followed was from 2006. I very much doubt that you have the same problem.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

varunmalhotra21 · March 2009

hi ive done what u have advised.
It did found some infected file and have taken care of it the logs are below

Also my Media Player 11 is not working on clicking it does not work . this was before i did this can is this a result of my deleting
C:\WINDOWS\system32\KGyGaAvL.sys ???

Malwarebytes' Anti-Malware 1.34
Database version: 1856
Windows 5.1.2600 Service Pack 3

3/17/2009 11:08:37 AM
mbam-log-2009-03-17 (11-08-37).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Objects scanned: 188023
Time elapsed: 41 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ea579a4-d775-445d-a0b9-4be80abf39b4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ca83a0f5-eb12-4146-8000-4ca72c6c189e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

Folders Infected:
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\nDler.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\1ee46ad2.sys (Rootkit.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0850\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336031-4052116379-881863308-0851\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaalktlilr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaivoxtpib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaarwjeyar.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaeuwsfvdn.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.05 (written by random/random)
Run by varun malhotra at 2009-03-17 11:18:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (66%) free of 25 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:26 AM, on 3/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\varun malhotra\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\varun malhotra.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.222.1/24online/webpages/clientlogin.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Java S1] \\?\globalroot\systemroot\system32\mschr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Java S1] \\?\globalroot\systemroot\system32\mschr.exe (User 'Default user')
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (file missing)
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56393399-041a-4650-94c7-13dfcb1f4665} (PSFormX Control) - http://www.ca.com/US/securityadvisor/pestscan/pestscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9528 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-776561741-725345543-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{62999427-33FC-4baf-9C9C-BCE6BD127F08} - DAP Bar - C:\Program Files\DAP\DAPIEBar.dll [2009-03-04 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-03-14 125632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-11 69632]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\varun malhotra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-01-29 23975720]
"HijackThis startup scan"=C:\Program Files\Trend Micro\HijackThis\HijackThis.exe [2009-03-12 396288]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-02-20 4363504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
24Online Client.lnk - C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ÂµTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe"="C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe:*:Enabled:24Online Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ebe35c8-0a6b-11de-963d-0015f2164999}]
shell\AutoRun\command - dsncb.exe
shell\Explore\command - dsncb.exe
shell\Open\command - dsncb.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d18df50-ce54-11dd-be85-806d6172696f}]
shell\AutoRun\command - G:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae7665e-f7e1-11dd-ac08-0015f2164999}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\
shell\Open\command - h:\

======List of files/folders created in the last 1 months======

2009-03-17 11:18:25 ----D---- C:\rsit
2009-03-17 10:22:44 ----D---- C:\Documents and Settings\varun malhotra\Application Data\Malwarebytes
2009-03-17 10:22:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-17 10:22:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-14 10:14:43 ----D---- C:\WINDOWS\system32\appmgmt
2009-03-14 01:55:31 ----A---- C:\WINDOWS\system32\mschr.exe
2009-03-13 20:37:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-03-13 19:32:08 ----D---- C:\Documents and Settings\varun malhotra\Application Data\Lavasoft
2009-03-13 01:12:43 ----A---- C:\WINDOWS\IsUninst.exe
2009-03-12 20:48:13 ----D---- C:\Program Files\Trend Micro
2009-03-12 16:44:35 ----D---- C:\WINDOWS\ERUNT
2009-03-12 13:22:12 ----A---- C:\WINDOWS\WININIT.INI
2009-03-12 12:51:21 ----SHD---- C:\Config.Msi
2009-03-12 11:35:55 ----D---- C:\WINDOWS\pss
2009-03-12 00:09:17 ----D---- C:\Documents and Settings\varun malhotra\Application Data\Share-to-Web Upload Folder
2009-03-12 00:08:56 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-03-12 00:08:22 ----D---- C:\Program Files\Hewlett-Packard
2009-03-11 10:30:05 ----D---- C:\Documents and Settings\varun malhotra\Application Data\Google
2009-03-11 10:29:31 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-03-04 16:46:10 ----D---- C:\Documents and Settings\varun malhotra\Application Data\Apple Computer
2009-03-04 16:45:57 ----D---- C:\Program Files\iPod
2009-03-04 16:45:53 ----D---- C:\Program Files\iTunes
2009-03-04 16:45:46 ----D---- C:\Program Files\Bonjour
2009-03-04 16:45:20 ----D---- C:\Program Files\QuickTime
2009-03-04 16:45:19 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-03-04 16:45:07 ----D---- C:\Program Files\Apple Software Update
2009-03-04 16:45:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-04 16:44:34 ----D---- C:\Program Files\Common Files\Apple
2009-03-04 16:44:34 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-03-04 00:24:32 ----D---- C:\Program Files\DAP
2009-03-04 00:24:32 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2009-03-03 13:51:27 ----D---- C:\Program Files\eLitecore
2009-03-03 13:51:27 ----A---- C:\WINDOWS\UnGins.exe
2009-03-02 00:31:52 ----D---- C:\Program Files\uTorrent
2009-03-02 00:31:51 ----D---- C:\Documents and Settings\varun malhotra\Application Data\uTorrent
2009-03-01 23:00:45 ----D---- C:\Documents and Settings\varun malhotra\Application Data\skypePM
2009-03-01 22:47:00 ----D---- C:\Documents and Settings\varun malhotra\Application Data\Skype
2009-03-01 22:46:51 ----D---- C:\Program Files\Common Files\Skype
2009-03-01 22:46:48 ----RD---- C:\Program Files\Skype
2009-03-01 22:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-03-01 22:27:06 ----D---- C:\Documents and Settings\varun malhotra\Application Data\Yahoo!
2009-03-01 22:27:06 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-03-01 22:25:15 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-03-01 22:25:14 ----D---- C:\Program Files\Yahoo!
2009-02-25 15:01:45 ----D---- C:\WINDOWS\Sun
2009-02-25 15:01:45 ----D---- C:\Documents and Settings\varun malhotra\Application Data\Sun
2009-02-24 04:49:13 ----D---- C:\WINDOWS\system32\AGEIA
2009-02-24 04:49:13 ----D---- C:\Program Files\AGEIA Technologies
2009-02-24 04:48:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-20 11:08:35 ----D---- C:\Documents and Settings\varun malhotra\Application Data\Auslogics

======List of files/folders modified in the last 1 months======

2009-03-17 11:10:47 ----D---- C:\Program Files\Symantec AntiVirus
2009-03-17 11:10:01 ----D---- C:\WINDOWS\system32\drivers
2009-03-17 11:10:01 ----D---- C:\WINDOWS
2009-03-17 11:09:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-17 11:08:37 ----SHD---- C:\RECYCLER
2009-03-17 11:08:37 ----D---- C:\WINDOWS\system32
2009-03-17 10:22:44 ----D---- C:\WINDOWS\Prefetch
2009-03-17 10:22:39 ----RD---- C:\Program Files
2009-03-17 10:14:25 ----D---- C:\WINDOWS\Temp
2009-03-15 11:29:30 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-15 00:52:21 ----D---- C:\Program Files\Mozilla Firefox
2009-03-15 00:13:31 ----SHD---- C:\WINDOWS\Installer
2009-03-14 10:14:38 ----D---- C:\WINDOWS\WinSxS
2009-03-14 10:14:31 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-13 20:59:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-13 20:39:15 ----SD---- C:\WINDOWS\Tasks
2009-03-13 20:39:06 ----HD---- C:\WINDOWS\inf
2009-03-13 19:43:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-13 14:06:59 ----SD---- C:\Documents and Settings\varun malhotra\Application Data\Microsoft
2009-03-13 13:50:58 ----D---- C:\Documents and Settings\varun malhotra\Application Data\Adobe
2009-03-13 01:08:31 ----D---- C:\Program Files\Common Files\Adobe
2009-03-13 01:08:24 ----D---- C:\Program Files\Adobe
2009-03-12 21:33:27 ----D---- C:\Documents and Settings
2009-03-12 16:45:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-12 12:40:06 ----D---- C:\WINDOWS\system32\Restore
2009-03-12 10:27:45 ----A---- C:\WINDOWS\system32\svchost.exe
2009-03-12 00:16:15 ----D---- C:\WINDOWS\twain_32
2009-03-12 00:16:05 ----A---- C:\WINDOWS\win.ini
2009-03-12 00:08:56 ----D---- C:\Program Files\Common Files
2009-03-11 10:29:03 ----D---- C:\Program Files\Google
2009-03-08 01:13:15 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-07 00:19:54 ----RSD---- C:\WINDOWS\Fonts
2009-03-04 14:30:18 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-02 03:33:24 ----D---- C:\WINDOWS\Minidump
2009-03-01 22:25:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-25 14:56:31 ----D---- C:\WINDOWS\system32\config
2009-02-24 04:50:25 ----D---- C:\WINDOWS\Help
2009-02-24 04:50:24 ----D---- C:\WINDOWS\nview
2009-02-20 14:53:43 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-03-12 82380]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-02-12 196752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090316.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090316.002\navex15.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-02-12 24720]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 1ee46ad2;1ee46ad2; C:\WINDOWS\System32\drivers\1ee46ad2.sys []
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekalovmtkdv.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\VARUNM~1\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 ntmer;ntmer; C:\WINDOWS\System32\svchost.exe [2009-03-12 14336]
S2 yedinyxiu;yedinyxiu; C:\WINDOWS\System32\svchost.exe [2009-03-12 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-02-10 68096]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-03-12 14336]

EOF

info.txt logfile of random's system information tool 1.05 2009-03-17 11:18:27

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
Cyberoam Client for 24Online-->C:\WINDOWS\UnGins.exe "C:\Program Files\eLitecore\Cyberoam Client for 24Online\install.log"
Download Accelerator Plus -->C:\PROGRA~1\DAP\UNWISE.EXE C:\PROGRA~1\DAP\INSTALL.LOG
EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Google SketchUp 7-->MsiExec.exe /I{E5D52570-5EF1-4576-A434-6CCD92268F0F}
Google SketchUp-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Photo and Imaging 1.0 - Scanjet 2300c Series-->MsiExec.exe /I{9D18465E-8B80-4AC1-8ABB-B42978B171E3}
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Skypeâ„¢ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Symantec AntiVirus-->MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Symantec AntiVirus Corporate Edition

System event log

Computer Name: S-C823F0B713C14
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 612
Source Name: Service Control Manager
Time Written: 20090306103150.000000+330
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: S-C823F0B713C14
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 611
Source Name: Service Control Manager
Time Written: 20090306103150.000000+330
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: S-C823F0B713C14
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 610
Source Name: Service Control Manager
Time Written: 20090306103150.000000+330
Event Type: information
User:

Computer Name: S-C823F0B713C14
Event Code: 55
Message: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume D:.

Record Number: 609
Source Name: Ntfs
Time Written: 20090306103141.000000+330
Event Type: error
User:

Computer Name: S-C823F0B713C14
Event Code: 2
Message: Device identified.

Record Number: 608
Source Name: nvata
Time Written: 20090306103141.000000+330
Event Type: information
User:

Application event log

Computer Name: S-C823F0B713C14
Event Code: 34
Message: The 'Symantec Settings Manager' service is starting.

Record Number: 5
Source Name: ccSetMgr
Time Written: 20090301214209.000000+330
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: S-C823F0B713C14
Event Code: 7
Message:

New virus definition file loaded. Version: 110224q.

Record Number: 4
Source Name: Symantec AntiVirus
Time Written: 20090225150030.000000+330
Event Type: information
User:

Computer Name: S-C823F0B713C14
Event Code: 16
Message:

Manual LiveUpdate successfully downloaded Virus Definitions.

Record Number: 3
Source Name: Symantec AntiVirus
Time Written: 20090225150029.000000+330
Event Type: information
User:

Computer Name: S-C823F0B713C14
Event Code: 101
Message: wuauclt (216) The database engine stopped.

Record Number: 2
Source Name: ESENT
Time Written: 20090225145607.000000+330
Event Type: information
User:

Computer Name: S-C823F0B713C14
Event Code: 103
Message: wuaueng.dll (216) SUS20ClientDataStore: The database engine stopped the instance (0).

Record Number: 1
Source Name: ESENT
Time Written: 20090225145607.000000+330
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

EOF

Katana · March 2009

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Katana · March 2009

Whilst we appreciate that you may be busy, it has been 5 days or more since we heard from you. This topic is now closed.

Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead

VIRUS SENDING MASS EMAILS, ONLY WAY TO STOP IS ccApp... help!!!!!!!!!!

Comments