Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtumundo Virus


  • Please log in to reply
2 replies to this topic

#1 rohit876

rohit876

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 01 June 2008 - 10:36 AM

Hi ppl..my laptop got infected to virtumundo virus and it was not getting cleaned.. so really needed help on that...brief history...
had an older version of zonealarm updated it to zonealarm 7. something...however after downloading the updates and running it this virtumundo virus popped up..managed to rename three of them...rest is not getting cleaned...however because of renaming a error when i boot the system saying Error loading pljhnsmb.dll and mhhuuiwg.dll...tried runnning vundofix but it is not detecting the virus.. then tried virtumundobegone that is also not detecting however the zonealarm keeps popping it up....finally ran the dss software and following are the logs...would be great if someone could help...thanks a ton

Deckard's System Scanner v20071014.68
Run by Rohit Agarwal on 2008-06-01 20:33:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
23: 2008-06-01 14:05:55 UTC - RP293 - Deckard's System Scanner Restore Point
22: 2008-06-01 09:11:25 UTC - RP292 - System Checkpoint
21: 2008-05-29 19:18:40 UTC - RP291 - Uniblue RegistryBooster
20: 2008-05-29 19:00:23 UTC - RP290 - Uniblue RegistryBooster
19: 2008-05-29 18:41:26 UTC - RP289 - Uniblue RegistryBooster


-- First Restore Point --
1: 2008-05-11 11:21:37 UTC - RP271 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis (run as Rohit Agarwal.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:51 PM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Documents and Settings\Rohit Agarwal\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rohit Agarwal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <!--
O1 - Hosts: </script>
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
O1 - Hosts: .adcnt td {text-align:left;}
O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}
O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
O1 - Hosts: .ybadge img {margin-top:6px;}
O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div id="maincnt">
O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>
O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>
O1 - Hosts: </div></div>
O1 - Hosts: <div class="bodywrap">
O1 - Hosts: <div class="bodycnt">
O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>
O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>
O1 - Hosts: <p>Are you the site owner?
O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!
O1 - Hosts: <a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p>
O1 - Hosts: <p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>
O1 - Hosts: </div>
O1 - Hosts: <div class="adcnt">
O1 - Hosts: <a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain &amp; 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br>
O1 - Hosts: $25 Setup Waived</a></div>
O1 - Hosts: <div class="addescr" title="Reliable plans include domain &amp; 24x7 support.">Reliable plans include domain &amp; 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Reliable plans include domain &amp; 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain &amp; 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>
O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding &amp; virus scanning.</div>
O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>
O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ybadge">
O1 - Hosts: Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>
O1 - Hosts: <a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class=ftr>
O1 - Hosts: <hr size=1 width=100%>
O1 - Hosts: Copyright &copy;
O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>
O1 - Hosts: <a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>
O1 - Hosts: - <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>
O1 - Hosts: - <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>
O1 - Hosts: - <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>
O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1180582779&f=us-w77" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {e0bd174a-1e7e-38db-1ab4-06bc391bd7f1} - {1f7db193-cb60-4ba1-bd83-e7e1a471db0e} - C:\WINDOWS\system32\bodhljax.dll
O2 - BHO: (no name) - {6F3CE51D-3DEA-43AC-92B5-F091DC36191F} - C:\WINDOWS\system32\mlJCSmLF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [7c860e2b] rundll32.exe "C:\WINDOWS\system32\mhhuuiwg.dll",b
O4 - HKLM\..\Run: [BM7fb53db7] Rundll32.exe "C:\WINDOWS\system32\pljhnsmb.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BM7fb53db7] Rundll32.exe "C:\WINDOWS\system32\pljhnsmb.dll",s
O4 - HKCU\..\Run: [Tok-Cirrhatus-4104] "C:\Documents and Settings\Rohit Agarwal\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Rohit Agarwal\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/access/aslib...ntent/AcpIR.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/a.../AcpControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10A5FDD9-F483-47DC-BFD9-85EF3A19389A}: NameServer = 218.248.240.208 218.248.240.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{10A5FDD9-F483-47DC-BFD9-85EF3A19389A}: NameServer = 218.248.240.208 218.248.240.135
O20 - Winlogon Notify: winnmi32 - winnmi32.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 17040 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 autorun - c:\huadio.tmp (file missing)
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 hwcdcmdm0 (HUAWEI Mobile Connect - 3G Modem) - c:\windows\system32\drivers\ewusbmdm.sys <Not Verified; QUALCOMM Incorporated; QUALCOMM Incorporated USB Modem/Serial Device Driver>
S3 hwusbser (HUAWEI Mobile Connect - 3G Application Interface) - c:\windows\system32\drivers\ewusbser.sys <Not Verified; QUALCOMM Incorporated; QUALCOMM Incorporated USB Modem/Serial Device Driver>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; NetGroup - Politecnico di Torino; WinPcap Netgroup Packet Filter Driver>
S3 QCNDISIF - c:\windows\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe

S2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; NetGroup - Politecnico di Torino; Remote Packet Capture Daemon>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27128086&REV_05\4&39A85202&0&10F0
Manufacturer: Intel® Corporation
Name: Intel® PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27128086&REV_05\4&39A85202&0&10F0
Service: w29n51

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT


-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 17:08:00 416 --a------ C:\WINDOWS\Tasks\At1.job
2008-05-31 16:58:38 286 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-05-31 02:22:16 354 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-05-30 19:38:59 408 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2006-08-20 21:38:23 362 --a------ C:\WINDOWS\Tasks\BMMTask.job


-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-06-01 20:39:33 0 d-------- C:\Program Files\Trend Micro
2008-06-01 18:42:16 15 --a------ C:\WINDOWS\system32\7c861ca5
2008-06-01 17:14:14 0 d-------- C:\VundoFix Backups
2008-06-01 15:12:18 2560 --a------ C:\WINDOWS\system32\naxkkfxm.exe
2008-06-01 15:09:18 132096 --a------ C:\WINDOWS\system32\bodhljax.dll
2008-06-01 14:57:21 126464 --a------ C:\WINDOWS\system32\wauwkvmk.dll
2008-06-01 13:46:54 476704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-31 18:39:16 0 dr-h----- C:\Documents and Settings\Rohit Agarwal\Recent
2008-05-31 02:03:16 58880 --a------ C:\WINDOWS\system32\awtqrrOH.dll
2008-05-31 01:55:14 58880 --a------ C:\WINDOWS\system32\fccaAron.dll
2008-05-31 01:25:02 134144 --a------ C:\WINDOWS\system32\rdxlxokw.dll
2008-05-31 01:18:30 58880 --a------ C:\WINDOWS\system32\yayxvTNd.dll
2008-05-31 01:12:02 125440 --a------ C:\WINDOWS\system32\sdetfixx.dll
2008-05-31 01:10:00 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-05-31 01:05:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-31 00:51:52 58880 --a------ C:\WINDOWS\system32\pmnnNhgh.dll
2008-05-31 00:36:03 58880 --a------ C:\WINDOWS\system32\qoMeBtRj.dll
2008-05-31 00:14:59 58880 --a------ C:\WINDOWS\system32\awtqpNGW.dll
2008-05-30 19:33:05 134144 --a------ C:\WINDOWS\system32\ffpwpmsj.dll
2008-05-30 19:30:51 125440 --a------ C:\WINDOWS\system32\tfinpxkl.dll
2008-05-29 23:54:38 0 d-------- C:\Documents and Settings\Rohit Agarwal\Application Data\Uniblue
2008-05-29 23:54:06 0 d-------- C:\Program Files\Uniblue
2008-05-29 23:28:02 132608 --a------ C:\WINDOWS\system32\frfvsmee.dll
2008-05-29 23:25:02 126976 --a------ C:\WINDOWS\system32\ygmytubc.dll
2008-05-29 21:19:56 132608 --a------ C:\WINDOWS\system32\keqxwmnv.dll
2008-05-29 21:14:07 126976 --a------ C:\WINDOWS\system32\xsbmcvwx.dll
2008-05-29 09:22:52 58368 --a------ C:\WINDOWS\system32\khfDtULD.dll
2008-05-29 00:49:14 58368 --a------ C:\WINDOWS\system32\byXQKcba.dll
2008-05-28 23:45:03 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-28 22:13:39 58368 --a------ C:\WINDOWS\system32\jkkJyAQK.dll
2008-05-28 21:24:48 58368 --a------ C:\WINDOWS\system32\hgGawTkI.dll
2008-05-26 23:06:54 124928 --a------ C:\WINDOWS\system32\cpsxmcyp.dll
2008-05-25 20:35:55 136704 --a------ C:\WINDOWS\system32\ydhxifwf.dll
2008-05-25 20:29:55 125440 --a------ C:\WINDOWS\system32\rkvywvrn.dll
2008-05-25 19:30:11 136704 --a------ C:\WINDOWS\system32\cnaasvbi.dll
2008-05-23 23:08:28 125952 --a------ C:\WINDOWS\system32\tgowqbmd.dll
2008-05-23 22:39:01 125952 --a------ C:\WINDOWS\system32\wmfkyjna.dll
2008-05-23 22:37:02 125952 --a------ C:\WINDOWS\system32\nctbnvse.dll
2008-05-22 23:08:57 0 d-------- C:\Program Files\iTunes
2008-05-22 23:00:36 0 d-------- C:\Program Files\QuickTime
2008-05-22 22:40:02 134144 --a------ C:\WINDOWS\system32\hdijmgdr.dll
2008-05-22 22:36:15 125952 --a------ C:\WINDOWS\system32\tdyyruiu.dll
2008-05-22 00:49:03 135680 --a------ C:\WINDOWS\system32\irbemuhb.dll
2008-05-22 00:48:48 128000 --a------ C:\WINDOWS\system32\wujiywlk.dll
2008-05-22 00:27:50 135680 --a------ C:\WINDOWS\system32\dctjiejy.dll
2008-05-22 00:18:51 128000 --a------ C:\WINDOWS\system32\qbyphhkg.dll
2008-05-21 00:26:09 132608 --a------ C:\WINDOWS\system32\ptqdopyh.dll
2008-05-20 23:49:01 58880 --a------ C:\WINDOWS\system32\opnnlMFV.dll
2008-05-20 23:27:52 58880 --a------ C:\WINDOWS\system32\jkkHApnM.dll
2008-05-19 17:25:14 132608 --a------ C:\WINDOWS\system32\yrgcnhae.dll
2008-05-19 17:22:19 124928 --a------ C:\WINDOWS\system32\kylsdepg.dll
2008-05-18 23:09:48 133120 --a------ C:\WINDOWS\system32\uciumden.dll
2008-05-18 23:03:50 124928 --a------ C:\WINDOWS\system32\bqwrkpfr.dll
2008-05-18 12:56:13 125952 --a------ C:\WINDOWS\system32\hvorodcu.dll
2008-05-18 12:53:18 125952 --a------ C:\WINDOWS\system32\xgtydkue.dll
2008-05-16 20:53:59 125952 --a------ C:\WINDOWS\system32\qjecgetp.dll
2008-05-16 20:26:49 58880 --a------ C:\WINDOWS\system32\jkkLBrsQ.dll
2008-05-16 20:00:37 58880 --a------ C:\WINDOWS\system32\pmnlmjIc.dll
2008-05-15 22:36:30 133120 --a------ C:\WINDOWS\system32\jdrcmhmr.dll
2008-05-15 22:33:39 125952 --a------ C:\WINDOWS\system32\xkjxhjfl.dll
2008-05-15 09:37:00 133120 --a------ C:\WINDOWS\system32\txuktllb.dll
2008-05-15 09:31:23 126464 --a------ C:\WINDOWS\system32\xapbgfct.dll
2008-05-14 21:45:05 114688 --a------ C:\WINDOWS\system32\ynhesury.dll
2008-05-14 21:43:05 133120 --a------ C:\WINDOWS\system32\ntubeqxt.dll
2008-05-14 21:42:36 126464 --a------ C:\WINDOWS\system32\xxaqyaif.dll
2008-05-14 21:22:32 58368 --a------ C:\WINDOWS\system32\xxyvwULe.dll
2008-05-14 20:49:17 58368 --a------ C:\WINDOWS\system32\geBrpmnk.dll
2008-05-14 01:19:18 133632 --a------ C:\WINDOWS\system32\mmdwjahw.dll
2008-05-14 01:13:28 123392 --a------ C:\WINDOWS\system32\fgbmdkrm.dll
2008-05-14 00:18:46 58368 --a------ C:\WINDOWS\system32\cbXOFyWN.dll
2008-05-13 21:50:12 114688 --a------ C:\WINDOWS\system32\goxmkduf.dll
2008-05-13 21:47:54 131584 --a------ C:\WINDOWS\system32\rqmjjwlb.dll
2008-05-13 21:45:44 125952 --a------ C:\WINDOWS\system32\rticyirm.dll
2008-05-13 21:23:43 57344 --a------ C:\WINDOWS\system32\qoMcyWOe.dll
2008-05-13 20:54:24 57344 --a------ C:\WINDOWS\system32\hgGyvtRL.dll
2008-05-13 20:16:02 57344 --a------ C:\WINDOWS\system32\mlJCRhiH.dll
2008-05-13 20:11:12 57344 --a------ C:\WINDOWS\system32\iifefCtr.dll
2008-05-12 18:57:40 125952 --a------ C:\WINDOWS\system32\porgsoho.dll
2008-05-12 09:25:19 133120 --a------ C:\WINDOWS\system32\fvqebbnl.dll
2008-05-12 09:22:41 126976 --a------ C:\WINDOWS\system32\tubxwkdt.dll
2008-05-11 23:20:38 57344 --a------ C:\WINDOWS\system32\wvUkKefF.dll
2008-05-11 23:15:21 57344 --a------ C:\WINDOWS\system32\xxywTJBT.dll
2008-05-11 22:25:46 57344 --a------ C:\WINDOWS\system32\ljJBtuSk.dll
2008-05-11 16:51:23 252114 --ahs---- C:\WINDOWS\system32\FLmSCJlm.ini2
2008-05-11 16:50:33 371200 --a------ C:\WINDOWS\system32\mlJCSmLF.dll
2008-05-07 18:56:12 0 d-------- C:\Documents and Settings\Rohit Agarwal\Application Data\Nokia Multimedia Player
2008-05-04 19:24:49 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-05-01 12:50:57 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-01 12:50:56 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-01 12:49:58 0 d-------- C:\Program Files\PC Connectivity Solution
2008-05-01 12:48:50 0 d-------- C:\Program Files\Nokia


-- Find3M Report ---------------------------------------------------------------

2008-06-01 19:17:44 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-06-01 17:05:22 0 d-------- C:\Documents and Settings\Rohit Agarwal\Application Data\Ace Explorer
2008-06-01 16:24:03 0 d-------- C:\Documents and Settings\Rohit Agarwal\Application Data\LimeWire
2008-05-31 19:35:47 0 d-------- C:\Program Files\FCharts
2008-05-31 19:14:09 0 d-------- C:\Documents and Settings\Rohit Agarwal\Application Data\uTorrent
2008-05-31 01:42:27 0 d-------- C:\Documents and Settings\Rohit Agarwal\Application Data\Lavasoft
2008-05-28 23:47:59 0 d-------- C:\Program Files\Apple Software Update
2008-05-28 23:44:02 0 d-------- C:\Program Files\Common Files
2008-05-22 23:09:22 0 d-------- C:\Program Files\iPod
2008-05-14 23:03:00 0 d-------- C:\Program Files\Sytexis Software
2008-05-02 22:46:39 0 d-------- C:\Program Files\QuoteTracker
2008-05-02 20:36:17 0 d-------- C:\Documents and Settings\Rohit Agarwal\Application Data\PC Suite
2008-05-02 20:35:33 0 d-------- C:\Documents and Settings\Rohit Agarwal\Application Data\Nokia
2008-05-01 14:27:05 271887 --a------ C:\Documents and Settings\Rohit Agarwal\Application Data\NMM-MetaData.db
2008-05-01 12:36:15 751 --a------ C:\Documents and Settings\Rohit Agarwal\Application Data\com.kennettnet.PodUtil.plist
2008-04-28 20:20:13 0 d-------- C:\Program Files\Kundli
2008-04-14 22:55:35 0 d-------- C:\Program Files\Lenovo
2008-04-14 22:55:33 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f7db193-cb60-4ba1-bd83-e7e1a471db0e}]
06/01/2008 03:10 PM 132096 --a------ C:\WINDOWS\system32\bodhljax.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F3CE51D-3DEA-43AC-92B5-F091DC36191F}]
05/11/2008 04:51 PM 371200 --a------ C:\WINDOWS\system32\mlJCSmLF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 09:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/23/2004 12:41 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [11/02/2004 10:03 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [09/15/2005 01:57 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/15/2005 01:57 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [11/02/2004 09:59 AM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" []
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]
"7c860e2b"="C:\WINDOWS\system32\mhhuuiwg.dll" []
"BM7fb53db7"="C:\WINDOWS\system32\pljhnsmb.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"BM7fb53db7"="C:\WINDOWS\system32\pljhnsmb.dll,s" []
"Tok-Cirrhatus-4104"="C:\Documents and Settings\Rohit Agarwal\Local Settings\Application Data\smss.exe" []
"Tok-Cirrhatus"="C:\Documents and Settings\Rohit Agarwal\Local Settings\Application Data\smss.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [10/15/2004 2:26:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"=1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"Windows Printing Driver"=WinSpooler.exe
"WinUpdating"=WinUpdating.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 09/06/2005 03:08 AM 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/05/2005 11:45 PM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 06/16/2005 10:23 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnmi32]
winnmi32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJCSmLF

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IPMSG.EXE]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IPMSG.EXE
backup=C:\WINDOWS\pss\IPMSG.EXECommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
C:\WINDOWS\system32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a8b73c5-64b2-11da-b516-0010c6c0143e}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f4771e7-20c6-11db-b77b-0012f0e998c5}]
AutoRun\command- G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cf4baf6-c62f-11db-b87b-c1648cd10561}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff15a80-a98c-11db-b85f-0010c6c0143e}]
Auto\command- F:\infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff15a85-a98c-11db-b85f-0012f0e998c5}]
Auto\command- F:\infrom.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{916855f1-4f03-11db-b7c9-0010c6c0143e}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a69cf930-e3c3-11dc-ba33-0010c6c0143e}]
AutoRun\command- F:\kinza.exe
explore\Command- F:\kinza.exe
open\Command- F:\kinza.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1c9560-cdae-11db-b885-0010c6c0143e}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe322740-49c4-11dc-b977-101111111111}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe




-- Hosts -----------------------------------------------------------------------

"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<!--
</script>
<style type="text/css">
body{text-align:center;}
.geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
.geohead #geologo {width:270px;display:block; float:left; }
.geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}

80 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-01 20:41:04 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 246.42 MiB / 38.34 MiB
Pagefile Memory (total/avail): 605.42 MiB / 404.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.8 MiB

C: is Fixed (NTFS) - 18.56 GiB total, 6.33 GiB free.
D: is CDROM (No Media)
E: is Fixed (FAT32) - 18.69 GiB total, 6.21 GiB free.

\\.\PHYSICALDRIVE0 - FUJITSU MHT2040AT - 37.26 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 18.56 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 18.7 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

FW: ZoneAlarm Anti-virus Firewall v7.0.470.000 (Check Point, LTD.) Disabled
AV: ZoneAlarm Anti-virus Antivirus v7.0.470.000 (Check Point, LTD.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\IPMSG.EXE"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\IPMSG.EXE:*:Enabled:IPMsg English"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Rohit Agarwal\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Rohit Agarwal\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Rohit Agarwal\\Desktop\\Unused Desktop Shortcuts\\utorrent.exe"="C:\\Documents and Settings\\Rohit Agarwal\\Desktop\\Unused Desktop Shortcuts\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\TEMP\\win1577.exe"="C:\\WINDOWS\\TEMP\\win1577.exe:*:Enabled:win1577"
"C:\\WINDOWS\\TEMP\\win1A37.exe"="C:\\WINDOWS\\TEMP\\win1A37.exe:*:Enabled:win1A37"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rohit Agarwal\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ROHIT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOME=C:\Documents and Settings\Rohit Agarwal
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rohit Agarwal
LOGONSERVER=\\ROHIT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Program Files\ThinkPad\Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel˜˜˜˜eless\Bin\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SMA=C:\Program Files\IBM ThinkVantage\SMA\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ROHITA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ROHITA~1\LOCALS~1\Temp
TMPDIR=C:\DOCUME~1\ROHITA~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ROHIT
USERNAME=Rohit Agarwal
USERPROFILE=C:\Documents and Settings\Rohit Agarwal
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Rohit Agarwal (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ace Explorer (remove only) --> "C:\Program Files\Ace Explorer\uninst.exe"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
DialerClient --> MsiExec.exe /I{9B5FE330-0E0C-4CE2-BD96-303E4E9827CE}
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
E-Lock DeskSeal Reader --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4DD04076-9407-467C-ADD7-8AD17E792FBA}
EsignClient --> MsiExec.exe /I{81544BE1-D63B-4DDE-AF9B-29C60B46274C}
FCharts --> "C:\Program Files\FCharts\unins000.exe"
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HangARoo v2.052 --> "C:\Program Files\NCBuy\HangARoo\unins000.exe"
IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Unbmm.isu" -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{16906D21-0656-4F8B-9A01-C3D24B5401FC}
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Keat --> C:\WINDOWS\system32\msinfhlp.exe ;uninstall; ;C:\Keat\Keat.dat;
Kundli for Windows (Professional Edition) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Kundli\DeIsL1.isu" -c"C:\Program Files\Kundli\_ISREG32.DLL"
Lenovo Battery Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}\Setup.exe" -l0x9
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Medved QuoteTracker --> "C:\Program Files\QuoteTracker\unins000.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}\Setup.exe" -uninst
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_APAC.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PodUtil 2.7.1 --> "C:\Program Files\PodUtil\unins000.exe"
Post-it® Software Notes Lite --> "C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Scroll Lock Indicator Utility --> RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\System32\TpScrLk.inf
Skype 2.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Software Installer --> _tpiu000.exe /U
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
System Migration Assistant 5.0 --> MsiExec.exe /X{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}
ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x9 -AddRemove
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\setup.exe" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -ITkp0559k.inf -ISFG
ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\setup.exe" -l0x9 UNINSTALL
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\setup.exe" -l0x9 anything
TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\setup.exe"
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
VideoLAN VLC media player 0.8.1 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
WinPcap 3.1 beta3 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm Anti-virus --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3476 / Error
Event Submitted/Written: 06/01/2008 08:21:04 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The RegSrvc service failed to start due to the following error:
%%1053

Event Record #/Type3475 / Error
Event Submitted/Written: 06/01/2008 08:21:04 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the RegSrvc service to connect.

Event Record #/Type3474 / Error
Event Submitted/Written: 06/01/2008 08:21:04 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Spectrum24 Event Monitor service depends on the EvtEng service which failed to start because of the following error:
%%1053

Event Record #/Type3473 / Error
Event Submitted/Written: 06/01/2008 08:21:03 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The EvtEng service failed to start due to the following error:
%%1053

Event Record #/Type3472 / Error
Event Submitted/Written: 06/01/2008 08:21:03 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the EvtEng service to connect.



-- End of Deckard's System Scanner: finished at 2008-06-01 20:41:04 ------------

BC AdBot (Login to Remove)

 


#2 rohit876

rohit876
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 01 June 2008 - 01:34 PM

hey have been trying to solve this since the morning...not been successful...pls help

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:39 PM

Posted 02 June 2008 - 11:23 PM

Hello rohit876 and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users