hello,

i am using my friend's computer curently..she gave to me cause she hd virus problems..

she hd an old symantec antivirus..which cnt be complelty uninstalled. so i couldnt install a newer version of norton. hence i installed bitdefender and performed a scan and it deleted 11 infections.

but evn so..the problems exists..

wenevr i restart ..there's a msg saying..'cannot load khatra.exe'...i know that this khatra .exe is a trojan n bitdefender couldnt remove it.
moreover the taskmanager, windows media center tray applet and few other features are not working properly..wnevr i try to open it..thy crash..

here's my hijackthis log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:45:24, on 19-09-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\sointgr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL Welcome
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! India
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Web Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Web Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! India
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Exploiter
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\Windows\system32\KHATRA.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\Windows\Trntfiltr.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,Regi sterModule
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\Windows\SOINTGR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Unknown owner - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13157 bytes

You have not only Norton's leftovers, but Kaspersky's as well.
Run:
- Norton Removal Tool: Download and run the Norton Removal Tool
- Kaspersky Anti-virus Removal Tool: http://support.kaspersky.com/downloads/products2009/kavremover9.zip

When done.....

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15087 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

sorry for the late reply


GMER not working..its crashing after a few minutes everytime...


comp still slow and m getting the khatra.exe msg still wn i restart.

cannot open task manager and media centre


here are the logs you wanted..


superantispyware:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 09/19/2009 at 09:12 PM

Application Version : 4.29.1002

Core Rules Database Version : 4102
Trace Rules Database Version: 2051

Scan type : Complete Scan
Total Scan Time : 01:57:55

Memory items scanned : 302
Memory threats detected : 0
Registry items scanned : 8992
Registry threats detected : 32
File items scanned : 180443
File threats detected : 1

Trojan.Agent/Gen
HKLM\Software\Classes\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}#AppID
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\Control
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\InprocServer32
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\InprocServer32#ThreadingModel
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\MiscStatus
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\MiscStatus\1
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\ProgID
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\ToolboxBitmap32
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\TypeLib
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\Version
HKCR\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\VersionIndependentProgID
HKCR\DNSCache.DNSCacheObj.1
HKCR\DNSCache.DNSCacheObj.1\CLSID
HKCR\DNSCache.DNSCacheObj
HKCR\DNSCache.DNSCacheObj\CLSID
HKCR\DNSCache.DNSCacheObj\CurVer
HKCR\TypeLib\{1FD79A59-37B1-459B-9097-09F9FAB8A523}
HKCR\TypeLib\{1FD79A59-37B1-459B-9097-09F9FAB8A523}\1.0
HKCR\TypeLib\{1FD79A59-37B1-459B-9097-09F9FAB8A523}\1.0\0
HKCR\TypeLib\{1FD79A59-37B1-459B-9097-09F9FAB8A523}\1.0\0\win32
HKCR\TypeLib\{1FD79A59-37B1-459B-9097-09F9FAB8A523}\1.0\FLAGS
HKCR\TypeLib\{1FD79A59-37B1-459B-9097-09F9FAB8A523}\1.0\HELPDIR
C:\WINDOWS\TRNTFILTR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}
HKU\S-1-5-21-2345447196-3982951443-1247423673-1000\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{376892AE-1825-4E5F-9F85-23F9640051CC}
HKCR\Interface\{B97F9125-71A1-48D0-B920-F140EF8DE809}
HKCR\Interface\{B97F9125-71A1-48D0-B920-F140EF8DE809}\ProxyStubClsid
HKCR\Interface\{B97F9125-71A1-48D0-B920-F140EF8DE809}\ProxyStubClsid32
HKCR\Interface\{B97F9125-71A1-48D0-B920-F140EF8DE809}\TypeLib
HKCR\Interface\{B97F9125-71A1-48D0-B920-F140EF8DE809}\TypeLib#Version




malwarebytes:

Malwarebytes' Anti-Malware 1.41
Database version: 2825
Windows 6.0.6000

20-09-2009 03:17:50
mbam-log-2009-09-20 (03-17-49).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 278681
Time elapsed: 2 hour(s), 55 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:15:09, on 20-09-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\sointgr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL Welcome
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! India
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Web Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Web Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! India
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Exploiter
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\Windows\system32\KHATRA.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,Regi sterModule
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\Windows\SOINTGR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12422 bytes

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE. If Combofix asks you to install Recovery Console, please allow it.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

here is the combofix log

ComboFix 09-09-18.02 - rashmi 20-09-2009 13:12.1.2 - NTFSx86
Running from: c:\users\rashmi\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2345447196-3982951443-1247423673-500
c:\$recycle.bin\S-1-5-21-4289253314-3795482031-3209853760-500
c:\program files\BitDefender\BitDefender Online Backup\ntSVc.ocx
c:\windows\cbsys.dll
c:\windows\Installer\115cec8.msi
c:\windows\Installer\538ac.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-20 08:14 . 2009-09-20 08:15 -------- d-----w- c:\users\rashmi\AppData\Local\temp
2009-09-20 08:14 . 2009-09-20 08:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-19 18:40 . 2009-09-19 18:40 -------- d-----w- c:\users\rashmi\AppData\Roaming\Malwarebytes
2009-09-19 18:39 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 18:39 . 2009-09-19 18:39 -------- d-----w- c:\programdata\Malwarebytes
2009-09-19 18:39 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-19 18:39 . 2009-09-19 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 07:35 . 2009-09-19 07:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-09-19 07:33 . 2009-09-19 07:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-19 07:33 . 2009-09-19 07:33 -------- d-----w- c:\users\rashmi\AppData\Roaming\SUPERAntiSpyware.c om
2009-09-19 07:30 . 2009-09-19 07:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-19 04:12 . 2009-09-19 04:12 -------- d-----w- c:\program files\Trend Micro
2009-09-19 03:18 . 2009-09-20 07:18 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-09-18 14:31 . 2009-09-18 14:31 0 ----a-w- c:\windows\system32\wsbl.dat
2009-09-18 14:31 . 2009-09-18 14:31 0 ----a-w- c:\windows\system32\ph_white.dat
2009-09-18 14:31 . 2009-09-18 14:31 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-09-18 14:31 . 2009-09-18 14:31 0 ----a-w- c:\windows\system32\ph_black.dat
2009-09-18 14:31 . 2009-09-18 14:31 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-09-18 14:31 . 2009-09-18 14:31 0 ----a-w- c:\windows\system32\pcwords.dat
2009-09-18 13:35 . 2009-09-18 13:35 -------- d-----w- c:\users\rashmi\AppData\Roaming\BitDefender
2009-09-18 13:33 . 2009-09-18 13:43 -------- d-----w- c:\programdata\BitDefender
2009-09-18 13:33 . 2009-09-18 13:34 -------- d-----w- c:\program files\BitDefender
2009-09-18 13:22 . 2009-09-18 13:34 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-18 10:07 . 2009-09-18 10:07 -------- d-----w- c:\program files\VS Revo Group
2009-09-18 09:46 . 2009-09-18 11:20 -------- d-----w- c:\programdata\NortonInstaller
2009-09-18 05:44 . 2009-09-18 09:49 -------- d-----w- c:\users\rashmi\AppData\Roaming\BitTorrent
2009-09-18 05:43 . 2009-09-18 05:43 -------- d-----w- c:\program files\BitTorrent
2009-09-11 18:34 . 2009-09-11 18:34 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbEF.tmp.exe
2009-09-10 15:39 . 2009-07-11 19:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 15:39 . 2009-07-11 19:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 15:39 . 2009-07-11 19:32 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 15:39 . 2009-07-11 19:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-10 15:39 . 2009-07-11 19:32 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-10 15:39 . 2009-07-11 19:26 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 09:41 . 2009-06-10 12:07 2855424 ----a-w- c:\windows\system32\mf.dll
2009-09-10 09:41 . 2009-06-10 12:07 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-10 09:41 . 2009-06-10 10:14 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-10 09:41 . 2009-06-10 10:15 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-10 09:41 . 2009-06-10 08:50 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-10 08:59 . 2009-09-10 08:59 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3209.tmp.exe
2009-09-09 21:25 . 2009-09-09 21:25 -------- d-----w- c:\users\rashmi\AppData\Local\Symantec
2009-08-27 08:21 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 11:49 . 2009-08-26 11:49 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb564B.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-20 07:34 . 2009-02-02 15:36 152375328 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-20 07:18 . 2009-02-02 15:36 1786508 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-20 07:17 . 2007-11-18 08:07 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-18 14:52 . 2009-08-06 11:04 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-09-11 15:32 . 2007-06-28 08:05 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 17:16 . 2009-09-10 15:32 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-14 16:42 . 2009-09-10 15:32 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40 . 2009-09-10 15:32 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40 . 2009-09-10 15:32 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25 . 2009-09-10 15:32 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25 . 2009-09-10 15:32 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25 . 2009-09-10 15:32 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25 . 2009-09-10 15:32 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25 . 2009-09-10 15:32 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25 . 2009-09-10 15:32 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25 . 2009-09-10 15:32 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:24 . 2009-09-10 15:32 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 14:23 . 2009-09-10 15:32 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-08-14 10:43 . 2008-02-27 14:45 5648 ----a-w- c:\users\rashmi\AppData\Local\d3d9caps.dat
2009-08-09 13:40 . 2009-08-09 13:40 -------- d-----w- c:\users\rashmi\AppData\Roaming\AVG8
2009-07-24 06:56 . 2009-07-24 06:56 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-07-18 12:17 . 2009-08-06 07:47 827392 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 12:10 . 2009-08-06 07:47 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-07-18 12:10 . 2009-08-06 07:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 12:07 . 2009-08-06 07:47 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-18 10:00 . 2009-08-06 07:47 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 08:34 . 2009-08-06 07:47 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-17 14:52 . 2009-08-14 16:03 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:02 . 2009-08-14 16:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 13:01 . 2009-08-14 16:02 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 13:00 . 2009-08-14 16:02 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 11:11 . 2009-08-14 16:02 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-06-29 08:42 . 2009-06-29 08:42 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-06-29 08:42 . 2009-06-29 08:42 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2008-10-12 12:17 . 2008-10-12 12:17 3349 ----a-w- c:\program files\uninstal.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SifyBB"="c:\program files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-27 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-04-04 133912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-06-28 77824]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 185632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SO5 Integrator Pass Two"="c:\windows\SOINTGR.EXE" [2000-05-08 20480]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-08-05 64000]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-08-13 1096192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{CCCA837C-DE96-4B2E-AA68-FCECF1473C08}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EB693703-1735-471E-9C6C-504C27AD2547}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B26AEA2D-290A-43BF-849E-FD59EBC05BBD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{7590C7FE-D4A8-462B-B81F-D3412907E7BC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{B7A51944-C821-44B8-A580-B3464FD6FD97}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{4DE7EDB1-5715-42DA-A49C-FF5BDFD5447F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F4D61BF7-5008-49CD-8EF4-323ADC236C98}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F3B5149C-6766-4B40-96B3-9F081C1DC90B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7EFF7FD5-8A4C-4710-BBF0-E41106FC9621}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FC4B20CC-3AD4-4795-A730-63F90A1DDFB5}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{02F51C75-3462-49E9-8628-0E9B66B3DDD1}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{6D81B906-3F68-408A-AD23-42CE014DA721}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9684FE6C-E3A8-4E17-AE63-1AE9718902B5}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{DBFD29B9-80A7-47CE-B46C-A2A862FCAF02}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{C1111B33-1C28-48D3-B103-6B15A2CDBB8A}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A2A02FE3-AF8D-48C2-AEE7-835156E6324B}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{D502563C-6EBC-4D4A-84F5-56AF37581883}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{CC3D6F57-6FFB-45E5-AC25-3F48F097417C}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{DD7E86C6-7CC3-46A9-8882-E35CFCD95B7B}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{6C06262C-FBFA-4F73-84EA-01940BF366A5}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{E5EE6F99-6766-4A23-837B-989DA176B575}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{2F97434A-68BF-4875-8419-DBCBE85F7794}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-06-25 176128]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-15 7408]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2009-09-18 72200]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-15 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-15 74480]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2009-04-01 82696]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-03-23 185640]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2009-06-29 152328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{7342A401-97B2-4786-9989-88791A415456}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://in.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-e-motional Greeting Card Creator 1.01_is1 - c:\program files\e-motional Greetings\unins000.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-20 13:45
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\APSHook.dll

- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll
.
Completion time: 2009-09-20 13:54
ComboFix-quarantined-files.txt 2009-09-20 08:24

Pre-Run: 23,960,326,144 bytes free
Post-Run: 24,763,842,560 bytes free

277 --- E O F --- 2009-09-20 06:28


Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:49, on 20-09-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! India
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,Regi sterModule
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\Windows\SOINTGR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-2345447196-3982951443-1247423673-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-2345447196-3982951443-1247423673-1000\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe (User '?')
O4 - HKUS\S-1-5-21-2345447196-3982951443-1247423673-1000\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-2345447196-3982951443-1247423673-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" (User '?')
O4 - HKUS\S-1-5-21-2345447196-3982951443-1247423673-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11992 bytes

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\rezumatenoi.dat
c:\windows\system32\wsbl.dat
c:\windows\system32\ph_white.dat
c:\windows\system32\ph_summ.dat
c:\windows\system32\ph_black.dat
c:\windows\system32\pcwords2.dat
c:\windows\system32\pcwords.dat
c:\windows\system32\DRIVERS\klim6.sys


Folder::
c:\programdata\NortonInstaller
c:\users\rashmi\AppData\Local\Symantec
c:\users\rashmi\AppData\Roaming\AVG8


Driver::
KLIM6

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{D502563C-6EBC-4D4A-84F5-56AF37581883}"=-
"{CC3D6F57-6FFB-45E5-AC25-3F48F097417C}"=-
"{DD7E86C6-7CC3-46A9-8882-E35CFCD95B7B}"=-
"{6C06262C-FBFA-4F73-84EA-01940BF366A5}"=-
"{E5EE6F99-6766-4A23-837B-989DA176B575}"=-
"{2F97434A-68BF-4875-8419-DBCBE85F7794}"=-


RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

hey..there's someproblem

after the first combofix scan..evrythng had become normal.
task manager and media tray application were rnning properly

bt all the problems have retrned after the second scan with your code
and i cant connect to the net even after restarting many times

here's the new log

ComboFix 09-09-18.02 - rashmi 20-09-2009 23:53.2.2 - NTFSx86
Running from: c:\users\rashmi\Desktop\ComboFix.exe
Command switches used :: c:\users\rashmi\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\DRIVERS\klim6.sys"
"c:\windows\system32\pcwords.dat"
"c:\windows\system32\pcwords2.dat"
"c:\windows\system32\ph_black.dat"
"c:\windows\system32\ph_summ.dat"
"c:\windows\system32\ph_white.dat"
"c:\windows\system32\rezumatenoi.dat"
"c:\windows\system32\wsbl.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\2009-09-18-15h16m46s\Log.Lue
c:\programdata\NortonInstaller\Logs\2009-09-18-15h16m46s\NortonInstall-2009-09-18-15h16m46s.log
c:\programdata\NortonInstaller\Logs\2009-09-18-15h16m52s\SymNRT 9-18-2009 15h16m49s.log
c:\programdata\NortonInstaller\Logs\2009-09-18-15h17m00s\NortonInstall-2009-09-18-15h17m00s.log
c:\programdata\NortonInstaller\Logs\2009-09-18-16h50m36s\Log.Lue
c:\programdata\NortonInstaller\Logs\2009-09-18-16h50m36s\NortonInstall-2009-09-18-16h50m36s.log
c:\programdata\NortonInstaller\Logs\2009-09-18-16h50m43s\SymNRT 9-18-2009 16h50m39s.log
c:\programdata\NortonInstaller\Logs\2009-09-18-16h51m12s\NortonInstall-2009-09-18-16h51m12s.log
c:\programdata\NortonInstaller\Logs\Norton Internet Security.dat
c:\programdata\NortonInstaller\Logs\Url.txt
c:\users\rashmi\AppData\Local\Symantec
c:\users\rashmi\AppData\Local\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\09102009.Log
c:\users\rashmi\AppData\Local\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\09112009.Log
c:\users\rashmi\AppData\Local\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\09122009.Log
c:\users\rashmi\AppData\Roaming\AVG8
c:\windows\system32\pcwords.dat
c:\windows\system32\pcwords2.dat
c:\windows\system32\ph_black.dat
c:\windows\system32\ph_summ.dat
c:\windows\system32\ph_white.dat
c:\windows\system32\rezumatenoi.dat
c:\windows\system32\wsbl.dat
c:\windows\system32\DRIVERS\klim6.sys . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KLIM6
-------\Service_KLIM6


((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-20 18:49 . 2009-09-20 19:02 -------- d-----w- c:\users\rashmi\AppData\Local\temp
2009-09-20 18:49 . 2009-09-20 18:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-20 18:49 . 2009-09-20 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-19 18:40 . 2009-09-19 18:40 -------- d-----w- c:\users\rashmi\AppData\Roaming\Malwarebytes
2009-09-19 18:39 . 2009-09-10 09:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 18:39 . 2009-09-19 18:39 -------- d-----w- c:\programdata\Malwarebytes
2009-09-19 18:39 . 2009-09-10 09:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-19 18:39 . 2009-09-19 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 07:35 . 2009-09-19 07:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-09-19 07:33 . 2009-09-19 07:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-19 07:33 . 2009-09-19 07:33 -------- d-----w- c:\users\rashmi\AppData\Roaming\SUPERAntiSpyware.c om
2009-09-19 07:30 . 2009-09-19 07:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-19 04:12 . 2009-09-19 04:12 -------- d-----w- c:\program files\Trend Micro
2009-09-18 13:35 . 2009-09-18 13:35 -------- d-----w- c:\users\rashmi\AppData\Roaming\BitDefender
2009-09-18 13:33 . 2009-09-18 13:43 -------- d-----w- c:\programdata\BitDefender
2009-09-18 13:33 . 2009-09-18 13:34 -------- d-----w- c:\program files\BitDefender
2009-09-18 13:22 . 2009-09-18 13:34 -------- d-----w- c:\program files\Common Files\BitDefender
2009-09-18 10:07 . 2009-09-18 10:07 -------- d-----w- c:\program files\VS Revo Group
2009-09-18 05:44 . 2009-09-18 09:49 -------- d-----w- c:\users\rashmi\AppData\Roaming\BitTorrent
2009-09-18 05:43 . 2009-09-18 05:43 -------- d-----w- c:\program files\BitTorrent
2009-09-11 18:34 . 2009-09-11 18:34 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbEF.tmp.exe
2009-09-10 15:39 . 2009-07-11 19:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 15:39 . 2009-07-11 19:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 15:39 . 2009-07-11 19:32 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 15:39 . 2009-07-11 19:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-10 15:39 . 2009-07-11 19:32 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-10 15:39 . 2009-07-11 19:26 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 09:41 . 2009-06-10 12:07 2855424 ----a-w- c:\windows\system32\mf.dll
2009-09-10 09:41 . 2009-06-10 12:07 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-10 09:41 . 2009-06-10 10:14 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-10 09:41 . 2009-06-10 10:15 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-10 09:41 . 2009-06-10 08:50 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-10 08:59 . 2009-09-10 08:59 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3209.tmp.exe
2009-08-27 08:21 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 11:49 . 2009-08-26 11:49 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb564B.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-20 19:02 . 2009-02-02 15:36 156039200 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-20 19:01 . 2007-10-16 05:35 20496 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-09-20 18:53 . 2009-02-02 15:36 1830596 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-20 18:52 . 2007-11-18 08:07 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-18 14:52 . 2009-08-06 11:04 72200 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2009-09-11 15:32 . 2007-06-28 08:05 -------- d-----w- c:\programdata\Microsoft Help
2009-08-14 17:16 . 2009-09-10 15:32 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-14 16:42 . 2009-09-10 15:32 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-14 16:40 . 2009-09-10 15:32 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40 . 2009-09-10 15:32 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25 . 2009-09-10 15:32 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25 . 2009-09-10 15:32 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25 . 2009-09-10 15:32 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25 . 2009-09-10 15:32 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25 . 2009-09-10 15:32 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25 . 2009-09-10 15:32 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25 . 2009-09-10 15:32 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:24 . 2009-09-10 15:32 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 14:23 . 2009-09-10 15:32 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-08-14 10:43 . 2008-02-27 14:45 5648 ----a-w- c:\users\rashmi\AppData\Local\d3d9caps.dat
2009-07-24 06:56 . 2009-07-24 06:56 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-07-18 12:17 . 2009-08-06 07:47 827392 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 12:10 . 2009-08-06 07:47 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-07-18 12:10 . 2009-08-06 07:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 12:07 . 2009-08-06 07:47 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-18 10:00 . 2009-08-06 07:47 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 08:34 . 2009-08-06 07:47 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-17 14:52 . 2009-08-14 16:03 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:02 . 2009-08-14 16:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 13:01 . 2009-08-14 16:02 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 13:00 . 2009-08-14 16:02 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 11:11 . 2009-08-14 16:02 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-06-29 08:42 . 2009-06-29 08:42 152328 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-06-29 08:42 . 2009-06-29 08:42 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2008-10-12 12:17 . 2008-10-12 12:17 3349 ----a-w- c:\program files\uninstal.log
.

((((((((((((((((((((((((((((( SnapShot@2009-09-20_08.15.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-09-20 19:02 90948 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-02-24 13:56 . 2009-09-20 19:02 15808 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2345447196-3982951443-1247423673-1000_UserData.bin
+ 2008-02-24 10:02 . 2009-09-20 18:55 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-24 10:02 . 2009-09-20 07:19 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-02-24 10:02 . 2009-09-20 18:55 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-02-24 10:02 . 2009-09-20 07:19 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-24 10:02 . 2009-09-20 18:55 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-02-24 10:02 . 2009-09-20 07:19 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-09-20 18:54 . 2009-09-20 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-09-20 07:19 . 2009-09-20 07:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-09-20 18:54 . 2009-09-20 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-09-20 07:19 . 2009-09-20 07:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SifyBB"="c:\program files\Sify Broadband\BBImpSec.exe" [2006-04-21 127085]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-27 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-04-04 133912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-06-28 77824]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-26 185632]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SO5 Integrator Pass Two"="c:\windows\SOINTGR.EXE" [2000-05-08 20480]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-08-05 64000]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-08-13 1096192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{CCCA837C-DE96-4B2E-AA68-FCECF1473C08}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EB693703-1735-471E-9C6C-504C27AD2547}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B26AEA2D-290A-43BF-849E-FD59EBC05BBD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{7590C7FE-D4A8-462B-B81F-D3412907E7BC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{B7A51944-C821-44B8-A580-B3464FD6FD97}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{4DE7EDB1-5715-42DA-A49C-FF5BDFD5447F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F4D61BF7-5008-49CD-8EF4-323ADC236C98}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F3B5149C-6766-4B40-96B3-9F081C1DC90B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7EFF7FD5-8A4C-4710-BBF0-E41106FC9621}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FC4B20CC-3AD4-4795-A730-63F90A1DDFB5}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{02F51C75-3462-49E9-8628-0E9B66B3DDD1}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{6D81B906-3F68-408A-AD23-42CE014DA721}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9684FE6C-E3A8-4E17-AE63-1AE9718902B5}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{DBFD29B9-80A7-47CE-B46C-A2A862FCAF02}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{C1111B33-1C28-48D3-B103-6B15A2CDBB8A}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A2A02FE3-AF8D-48C2-AEE7-835156E6324B}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{D502563C-6EBC-4D4A-84F5-56AF37581883}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{CC3D6F57-6FFB-45E5-AC25-3F48F097417C}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{DD7E86C6-7CC3-46A9-8882-E35CFCD95B7B}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{6C06262C-FBFA-4F73-84EA-01940BF366A5}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{E5EE6F99-6766-4A23-837B-989DA176B575}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{2F97434A-68BF-4875-8419-DBCBE85F7794}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\System32\drivers\BdfNdisf6.sys [06-08-2009 16:34 72200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15-09-2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15-09-2009 11:42 74480]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [02-11-2006 14:05 22016]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [02-11-2006 14:05 22016]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [01-04-2009 11:25 82696]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [23-03-2009 15:05 185640]
R3 BDFM;BDFM;c:\windows\System32\drivers\bdfm.sys [29-06-2009 14:12 152328]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [25-06-2009 16:04 176128]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15-09-2009 11:42 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{7342A401-97B2-4786-9989-88791A415456}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://in.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-21 00:32
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(3116)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
.
------------------------ Other Running Processes ------------------------
.
SystemRoot\System32\smss.exe [508]
c:\windows\system32\csrss.exe [644]
c:\windows\system32\wininit.exe [684]
c:\windows\system32\csrss.exe [696]
c:\windows\system32\services.exe [728]
c:\windows\system32\lsass.exe [740]
c:\windows\system32\lsm.exe [748]
c:\windows\system32\winlogon.exe [800]
c:\windows\system32\svchost.exe [940]
c:\windows\System32\svchost.exe [980]
c:\windows\system32\svchost.exe [1024]
c:\windows\System32\svchost.exe [1056]
c:\windows\System32\svchost.exe [1300]
c:\windows\System32\svchost.exe [1324]
c:\windows\system32\svchost.exe [1340]
c:\windows\system32\svchost.exe [1440]
c:\windows\system32\SLsvc.exe [1472]
c:\windows\system32\svchost.exe [1508]
c:\windows\system32\svchost.exe [1700]
c:\windows\System32\spoolsv.exe [1900]
c:\windows\system32\svchost.exe [1924]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1640]
c:\windows\system32\svchost.exe [1668]
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [1724]
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [1204]
c:\program files\Common Files\LightScribe\LSSrvc.exe [936]
c:\windows\system32\svchost.exe [2068]
c:\program files\CyberLink\Shared Files\RichVideo.exe [2080]
c:\windows\system32\svchost.exe [2152]
c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2184]
c:\windows\System32\svchost.exe [2268]
c:\windows\system32\SearchIndexer.exe [2288]
c:\windows\system32\DRIVERS\xaudio.exe [2376]
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe [2396]
c:\program files\TeamViewer\Version4\TeamViewer.exe [2540]
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe [2752]
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe [2920]
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe [3880]
c:\windows\system32\taskeng.exe [916]
c:\windows\system32\Dwm.exe [2464]
c:\windows\system32\CF13124.exe [3672]
c:\windows\system32\wuauclt.exe [2576]
c:\windows\system32\taskeng.exe [584]
c:\windows\system32\taskeng.exe [3328]
c:\windows\Explorer.exe [3116]
c:\combofix\catchme.cfxxe [2060]
.
************************************************** ************************
.
Completion time: 2009-09-20 0:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-20 19:14
ComboFix2.txt 2009-09-20 08:24

Pre-Run: 24,335,634,432 bytes free
Post-Run: 23,959,248,896 bytes free

361 --- E O F --- 2009-09-20 06:28


hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:24:52, on 21-09-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\sointgr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! India
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,Regi sterModule
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\Windows\SOINTGR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\ Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. Antivirus software - BitDefender - The future of security now! - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11131 bytes

Still no connection?