1.

Solve : NO SOUND ON MY DELL VOSTRO 1520?

Answer»

Hi,
    I need your help. I read a few threads where you helped people resolve w32.sillyFDC virus.

    My laptop- windows 7- was working perfectly fine untill 2 days back. I was watching a show on VLC media player, the sound suddenly started scratching and then disappeared. Since then I have done the following:-
    1. Updated all drivers
    2. Cleaned up temporary files
    3. ran ad-aware, malware as well as norton anti virus protections. They all showed different problems and said they were fixed. the latest one is on norton which shows three HIGH risks- 1. w32.sillyFDC 2. w32.changeup.C 3. Trojanhorse. The norton log says it has been fixed and no action required.
    4. I also tried system restore to an earlier point, but it gives me an error "not successfull as an anti-virus program is running in the background" even when there is no spyware running.

    Please help me in fixing this.

i have read the manula and below are my logs from superantispyware, mbam and hijack this-

superantispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/10/2011 at 10:18 PM

Application Version : 4.50.1002

Core Rules Database Version : 6799
Trace Rules Database Version: 4611

Scan type       : Complete Scan
Total Scan Time : 01:43:04

Memory items scanned      : 753
Memory threats detected   : 0
Registry items scanned    : 10921
Registry threats detected : 0
File items scanned        : 155425
File threats detected     : 119

Adware.Tracking Cookie
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   s0.2mdn.net [ C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3ENSHXAY ]
   .chitika.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\piiaz0s2.default\cookies.sqlite ]
   .statcounter.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   statse.webtrendslive.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mm.chitika.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   wstat.wibiya.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vlc-media-player.en.softonic.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vlc-media-player.en.softonic.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vlc-media-player.en.softonic.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vlcmediaplayer.org [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vlcmediaplayer.org [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vlcmediaplayer.org [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   trekmedia.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.trekmedia.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.biz [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.trekmedia.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.biz [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .xiti.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   segment-pixel.invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ar.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .www.burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .statcounter.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .mm.chitika.net [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .2o7.net [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]

Adware.Agent/Gen-Zango
   C:\USERS\NAMRATA\DOWNLOADS\EMULESETUP.EXE



MBAM log:-

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6325

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10-04-2011 23:09:12
mbam-log-2011-04-10 (23-09-12).txt

Scan type: Quick scan
Objects scanned: 184349
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\supxwatraqwvcgdch.dll (Adware.AdRotator) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hfdfwjpsrmiowup (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kbgrecvqxkyyg (Adware.AdRotator) -> Value: kbgrecvqxkyyg -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\supxwatraqwvcgdch.dll (Adware.AdRotator) -> Delete on reboot.
c:\Users\Namrata\AppData\Local\Temp\browserhotfix1.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Namrata\local settings\temporary internet files\Content.IE5\3MMH8ISL\setup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.


hijackthislog:-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:20:25, on 10-04-2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\OEM13Mon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\SUPERAntiSpyware\6354c80e-8a16-4371-beda-9ff4579d8d9e.com
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\NOTEPAD.EXE
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\NOTEPAD.EXE
C:\Windows\System32\NOTEPAD.EXE
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,START Page = http://search.conduit.com?SearchSource=10&ctid=CT2405280
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java UPDATE\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [googletalk] C:\Users\Namrata\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Namrata\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TimeSheet] C:\Program Files\TimeSheet\TimeSheet.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TimeSheet] C:\Program Files\TimeSheet\TimeSheet.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IPOD Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9975 bytes
Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. First Warning!Ignore the above post.


Discussion

No Comment Found

Related InterviewSolutions