Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Usb Malware - Hide Protected System Files Option Not Working In Tools-> Folder Options


  • This topic is locked This topic is locked
2 replies to this topic

#1 sdas57

sdas57

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi, India
  • Local time:01:44 AM

Posted 02 June 2008 - 02:00 AM

I had posted this in malware section here Usb Virus- Show Hidden Files Option Not Working, Tools-> Folder options-> View-> show/hide files not working and have followed the steps given there. Now I am told to run hijackthis.

As per advice on your pages, I am also running kaspersky online scanner and then I will run hijackthis and post both the logs here in next 3 hours or so, as my LAPTOP is 100 GB and I have also attached my two pen drives (kingston-4 gb and transcend- 1 gb) and also an USB western digitial external hdd of 250 GB to scan (if allowed).

Protections that I have running from before the attack happened:

1. spybot search & destroy free, windows defender free , AVG 7.5 free , Spywareblaster free , Superantispyware, a2 free version, I also have latest yahoo tool bar spyware scanning tool, and even clamwin.

2. Of course only spyware and AVG are real time. Windows defender too should be, I am not sure if it does!. The others I use to scan when in doubt.

Problem faced:-

1. I was infected by virus through a USB pen drive. Using Spybot S&D teatimer running, I denied changes to my registry and told it to remember my decision also as that message was repeatedly coming fast and even though once I told it to remember the box kept coming and vanishing near m system tray. It was disturbing me a lot. So i rebooted.. and maybe then in that rebooting time or some gap when spybot was not functioning it got installed.

2. Effect was only one:- My hidden foders got hidden and could not be shown by tools-> view options!

3. No amount of scanning and even online scan through panda and trendmicro and norton could find it.

4. Then I used a RRT. exe program from the internet. It just made my hidden files and folders visible permanently sort of!! And then I could not see any autorun.onf file on my PC or USBs! So i guess the inf file could not get installed..

5. I was now unable to hide the files again. It was as if what RRT promised was too true to its promise! The files kept being visible!

So after some research on the net I made the following settings in REGEDIT

HKEY_LOCAL_MACHINE-->SOFTWARE-->MICROSOFT-->WINDOWS-->CURRENT VERSION-->EXPLORER-->ADVANCED-->FOLDER-->HIDDEN--> NOHIDDEN --> checkedvalue and default value both =0 AND SHOWALL--> CHECKEVALUE= 1 AND DEFAULT=0

and
HKEY_CURRENT_USER-->SOFTWARE-->MICROSOFT-->WINDOWS-->EXPLORER-->ADVANCED-->HIDDEN value=1 (which means show I believe)

So then I could see the hidden files still. ok. So far so good.!!

And now I could also change the setting using tools-->folder options-->view --> hiddden folders and files --> by choosing "do not show" radio button

The hidden files can become hidden again. Good.

But now the problem!! Now I am not able to change to the radio button "show" and when I go to regedit and see the settings HAVE changed to

HKEY_CURRENT_USER-->SOFTWARE-->MICROSOFT-->WINDOWS-->EXPLORER-->ADVANCED-->HIDDEN value=2 (do not show i believe) or 0 (that too does not show i believe)

6. Next as said I came here and did what I was told in my other topic Usb Virus- Show Hidden Files Option Not Working, Tools-> Folder options-> View-> show/hide files not working and have done what was asked and posted some logs from sdfix and then I found that the TOOLS->FOLDER OPTIONS-> VIEW :: show hidden files/ Folders radio button working fine- i.e. I can now change from one to other.

BUT NOW (or maybe earlier too problem was there I do not remember if I checked this option!!0 HIDE PROTECTED SYSTEM FILES CHECK BOX is not working- Evertime I remove the tick mark and apply/ close and then go in I find it is back!

So now I am here to post hijackthis log.


Shortly I will post the hijackthis log.

Thanks
:)

Ok. Kaspersky online scanner did not work for me maybe because of the proxy since I am in office now. The downloading of the updated files locally did cont continue and aborted.

However here are two hijackthis reports.

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Shantanu Das on 2008-06-02 13:01:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Shantanu Das.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:45, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program Filesa-squared Freea2service.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:PROGRA~1GrisoftAVG7avgemc.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:WINDOWSsystem32DVDRAMSV.exe
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:Program FilesNorton Save and RestoreAgentVProSvc.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32tcpsvcs.exe
C:WINDOWSSystem32snmp.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesTOSHIBATOSHIBA AppletTAPPSRV.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTOSHIBAConfigFreeNDSTray.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:Program FilesTOSHIBATOSHIBA Zooming UtilitySmoothView.exe
C:Program FilesToshibaTvsTvsTray.exe
C:Program FilesToshibaToshiba Appletthotkey.exe
C:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exe
C:WINDOWSsystem32TDispVol.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesSynapticsSynTPToshiba.exe
C:WINDOWSsystem32TPSMain.exe
C:Program FilesProtector Suite QLpsqltray.exe
C:Program FilesNorton Save and RestoreAgentNSRTray.exe
C:Program FilesAdobeAcrobat 7.0DistillrAcrotray.exe
C:WINDOWSvVX3000.exe
C:WINDOWSsystem32TPSBattM.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesClamWinbinClamTray.exe
C:Program FilesTOSHIBAConfigFreeCFSServ.exe
C:PROGRA~1GrisoftAVG7avgcc.exe
C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe
C:Program FilesTOSHIBAConfigFreeCFBtSrch.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesTOSHIBAConfigFreeCFXFER.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
C:WINDOWSsystem32RAMASST.exe
C:Program FilesMicrosoft OfficeOFFICE11ONENOTEM.EXE
C:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32WISPTIS.EXE
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:Documents and SettingsShantanu DasMy DocumentsTOOLSdss -HIJACK REPORT TOOL.exe
C:HIJACK~1Shantanu Das.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 10.212.64.61:80
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = sro.indianoil.co.in;10*.*;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSSystem32DLADLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:Program FilesXiNetTransport 2NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:Program FileseSnipsSnipBar.dll
O4 - HKLM..Run: [Alcmtr] C:WINDOWSAlcmtr.exe
O4 - HKLM..Run: [NDSTray.exe] C:Program FilesTOSHIBAConfigFreeNDSTray.exe
O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE
O4 - HKLM..Run: [SmoothView] C:Program FilesTOSHIBATOSHIBA Zooming UtilitySmoothView.exe
O4 - HKLM..Run: [Tvs] C:Program FilesToshibaTvsTvsTray.exe
O4 - HKLM..Run: [THotkey] C:Program FilesToshibaToshiba Appletthotkey.exe
O4 - HKLM..Run: [TFncKy] C:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exe
O4 - HKLM..Run: [TDispVol] C:WINDOWSsystem32TDispVol.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [IntelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [PSQLLauncher] "C:Program FilesProtector Suite QLlauncher.exe" /startup
O4 - HKLM..Run: [TPSMain] C:WINDOWSsystem32TPSMain.exe
O4 - HKLM..Run: [Norton Save and Restore] "C:Program FilesNorton Save and RestoreAgentNSRTray.exe"
O4 - HKLM..Run: [Acrobat Assistant 7.0] "C:Program FilesAdobeAcrobat 7.0DistillrAcrotray.exe"
O4 - HKLM..Run: [VX3000] C:WINDOWSvVX3000.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [ClamWin] "C:Program FilesClamWinbinClamTray.exe" --logon
O4 - HKLM..Run: [CFSServ.exe] C:Program FilesTOSHIBAConfigFreeCFSServ.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [googletalk] C:Program FilesGoogleGoogle Talkgoogletalk.exe /autostart
O4 - HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:Program FilesMicrosoft OfficeOFFICE11ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exe
O8 - Extra context menu item: &WordWeb... - res://C:WINDOWSsystem32wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all by Net Transport - C:Program FilesXiNetTransport 2NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:Program FilesXiNetTransport 2NTAddLink.html
O8 - Extra context menu item: Download Flash with Flash Capture - C:Program FilesFlash Capturedl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:Program FileseSnipsresSnipIt.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:Program FilesYahoo!Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:Program FilesWinHTTrackWinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:Program FilesWinHTTrackWinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:Program FilesICQ6ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:Program FilesICQ6ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} - http://intranet/officescan/console/ClientI...ll/WinNTChk.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - http://intranet/officescan/console/ClientI...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - http://intranet/officescan/console/ClientInstall/setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper200711281.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://nro.indianoil.co.in/iNotes6W.cab
O16 - DPF: {3D03AEAF-38CC-4DB5-9FA1-1C3538B1CA85} (Crystal Reports Print Control 11.0) - http://10.51.25.7/epms/crystalreportviewer...rintControl.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - http://intranet/officescan/console/ClientI.../RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170299924609
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200943221921
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLMSystemCCSServicesTcpip..{93BC74B1-95D4-4648-9183-B407C8E31350}: NameServer = 202.54.6.60,202.54.29.5
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:Program Filesa-squared Freea2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:WINDOWSsystem32DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:Program FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:Program FilesNorton Save and RestoreAgentVProSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:Program FilesTOSHIBATOSHIBA AppletTAPPSRV.exe

--
End of file - 19614 bytes

-- File Associations -----------------------------------------------------------

.txt - IdaEdit.Document - DefaultIcon - unable to read value
.txt - IdaEdit.Document - shellopencommand - C:PROGRA~1WINIDA~1WinIDAMS.exe "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:windowssystem32driversmeiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:windowssystem32driverstosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:windowssystem32driversaegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 FdRedir - c:program filescommon filesprotector suite qldriversfdredir.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 FileDisk2 (FileDisk Protector Kernel Driver) - c:program filescommon filesprotector suite qldriversfiledisk.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:windowssystem32driversnetdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 PMEM - c:windowssystem32driverspmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 s24trans (WLAN Transport) - c:windowssystem32driverss24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smihlp (SMI helper driver) - c:program filesprotector suite qlsmihlp.sys <Not Verified; UPEK Inc.; Protector Suite QL>
R3 Iviaspi (IVI ASPI Shell) - c:windowssystem32driversiviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:windowssystem32driverspfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:windowssystem32driverstosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:windowssystem32driverstosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
R3 TVALD (Toshiba Mobile PC Service) - c:windowssystem32driversnbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:windowssystem32driverstvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 catchme - c:docume~1shanta~1locals~1tempcatchme.sys (file missing)
S3 CENIXFMC (Cenix Digicom Digital Voice Recorder Service) - c:windowssystem32driverscenixfmc.sys
S3 CO_Mon - c:windowssystem32driversco_mon.sys
S3 DCamUSBEMPIA (USB 2821 Video) - c:windowssystem32driversemdevice.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video>
S3 FiltUSBEMPIA (USB Device Lower Filter) - c:windowssystem32driversemfilter.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video>
S3 iscFlash - c:docume~1shanta~1locals~1tempisc46tmpiscflash.sys (file missing)
S3 MA-620 (Mobile Action MA-620 USB Infrared Adapter) - c:windowssystem32driversma-620.sys <Not Verified; Mobile Action Tech. Inc.; MA-620 Infrared Driver.>
S3 SASENUM - c:program filessuperantispywaresasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 ScanUSBEMPIA (USB Still Image Capture Device) - c:windowssystem32driversemscan.sys <Not Verified; eMPIA Technology, Inc.; USB 28xx Video>
S3 SVRPEDRV - c:docume~1shanta~1locals~1temprarsfx0s10vwfpedrv.sys (file missing)
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:windowssystem32driverstoshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:windowssystem32driverstosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:windowssystem32driverstosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:windowssystem32driverstosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:windowssystem32driverstosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:windowssystem32driverstosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:windowssystem32driverstosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft® Windows NT® Operating System>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:windowssystem32driversusbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:program filestoshibaconfigfreecfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 DVD-RAM_Service - c:windowssystem32dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 Nero BackItUp Scheduler 3 - c:program filesneronero8nero backitupnbservice.exe
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:program filesintelwirelessbinregsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 TAPPSRV (TOSHIBA Application Service) - "c:program filestoshibatoshiba applettappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCIVEN_8086&DEV_4222&SUBSYS_10408086&REV_024&2803E7C1&0&00E2
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCIVEN_8086&DEV_4222&SUBSYS_10408086&REV_024&2803E7C1&0&00E2
Service: w39n51


-- Scheduled Tasks -------------------------------------------------------------

2008-06-02 10:51:35 330 --ah----- C:WINDOWSTasksMP Scheduled Scan.job
2008-05-21 15:42:16 280 --a------ C:WINDOWSTasksLifeChatTask.job


-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 00:44:24 0 d-------- C:WINDOWSERUNT
2008-06-01 23:28:32 0 drahs---- C:autorun.inf
2008-05-25 02:49:36 0 d-------- C:HijackThis
2008-05-24 01:02:00 0 d-------- C:Program FilesCommon FilesScanner
2008-05-24 01:01:56 0 d-------- C:Program FilesCA Yahoo! Anti-Spy
2008-05-10 14:06:19 0 d-------- C:Documents and SettingsShantanu DasApplication DataDivX
2008-05-10 09:59:14 0 d-------- C:Program FilesDivX
2008-05-03 19:21:38 0 d-------- C:Documents and SettingsAll UsersApplication DataMicrosoft Help


-- Find3M Report ---------------------------------------------------------------

2008-06-01 13:32:17 0 d-------- C:Documents and SettingsShantanu DasApplication DataAVG7
2008-05-29 23:39:50 0 d-------- C:Documents and SettingsShantanu DasApplication DataEndNote
2008-05-27 23:44:04 0 d-------- C:Documents and SettingsShantanu DasApplication DataCmapTools
2008-05-27 21:57:15 0 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-05-25 00:16:27 0 d-------- C:Documents and SettingsShantanu DasApplication DataShareaza
2008-05-24 11:08:25 0 d-------- C:Program FilesEndNote Demo
2008-05-24 04:22:16 0 d-------- C:Program Filesa-squared Free
2008-05-24 01:37:00 0 d-------- C:Program FilesSUPERAntiSpyware
2008-05-24 01:02:00 0 d-------- C:Program FilesCommon Files
2008-05-24 00:58:07 0 d--h----- C:Documents and SettingsShantanu DasApplication Datayahoo!
2008-05-24 00:56:25 0 d-------- C:Program FilesSpywareBlaster
2008-05-22 20:57:32 0 d-------- C:Documents and SettingsShantanu DasApplication DatauTorrent
2008-05-05 18:57:21 0 d-------- C:Program FilesGoogle
2008-04-30 11:55:21 0 d-------- C:Program FilesAskTBar
2008-04-30 07:55:13 0 d-------- C:Documents and SettingsShantanu DasApplication DataNero
2008-04-30 07:51:01 0 d-------- C:Program FilesCommon FilesNero
2008-04-30 07:48:25 0 d-------- C:Program FilesNero
2008-04-30 01:11:09 0 d-------- C:Program FilesAhead
2008-04-27 13:11:03 0 d-------- C:Program FilesSimNet MIS
2008-04-27 08:53:30 0 d-------- C:Program FilesTriad Interactive
2008-04-25 23:30:44 0 d-------- C:Documents and SettingsShantanu DasApplication DataReal
2008-04-22 14:09:37 0 d-------- C:Program FilesClamWin
2008-04-21 14:38:28 0 d-------- C:Program FilesFrontline Systems
2008-04-19 00:39:15 0 d-------- C:Program FilesSupport Tools
2008-04-15 03:18:51 0 d-------- C:Documents and SettingsShantanu DasApplication DataAzureus
2008-04-09 19:57:06 0 d-------- C:Program FilesCommon FilesRisxtd
2008-04-08 13:02:30 0 d-------- C:Program FilesAzureus
2008-04-08 11:31:46 0 d-------- C:Program FilesuTorrent
2008-04-01 02:55:48 823296 --a------ C:WINDOWSsystem32divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 02:55:48 823296 --a------ C:WINDOWSsystem32divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 02:55:46 802816 --a------ C:WINDOWSsystem32divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-04-01 02:55:46 831488 --a------ C:WINDOWSsystem32divx_xx0a.dll
2008-04-01 02:55:46 682496 --a------ C:WINDOWSsystem32DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-22 02:00:08 3596288 --a------ C:WINDOWSsystem32qt-dx331.dll
2008-03-22 01:58:54 196608 --a------ C:WINDOWSsystem32dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-22 01:58:54 81920 --a------ C:WINDOWSsystem32dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-22 01:58:20 12288 --a------ C:WINDOWSsystem32DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Alcmtr"="C:WINDOWSAlcmtr.exe" [03/05/2005 16:13]
"NDSTray.exe"="C:Program FilesTOSHIBAConfigFreeNDSTray.exe" [02/11/2005 14:11]
"DLA"="C:WINDOWSSystem32DLADLACTRLW.EXE" [06/10/2005 18:50]
"SmoothView"="C:Program FilesTOSHIBATOSHIBA Zooming UtilitySmoothView.exe" [27/04/2005 05:43]
"Tvs"="C:Program FilesToshibaTvsTvsTray.exe" [01/12/2005 01:55]
"THotkey"="C:Program FilesToshibaToshiba Appletthotkey.exe" [06/01/2006 03:32]
"TFncKy"="C:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exe" [17/08/2005 00:53]
"TDispVol"="C:WINDOWSsystem32TDispVol.exe" [12/03/2005 04:33]
"SynTPEnh"="C:Program FilesSynapticsSynTPSynTPEnh.exe" [02/03/2006 13:32]
"IntelZeroConfig"="C:Program FilesIntelWirelessbinZCfgSvc.exe" [05/12/2005 12:37]
"IntelWireless"="C:Program FilesIntelWirelessBinifrmewrk.exe" [28/11/2005 11:41]
"ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" [02/01/2006 18:41]
"PSQLLauncher"="C:Program FilesProtector Suite QLlauncher.exe" [05/05/2006 17:36]
"TPSMain"="C:WINDOWSsystem32TPSMain.exe" [31/05/2005 21:00]
"Norton Save and Restore"="C:Program FilesNorton Save and RestoreAgentNSRTray.exe" [11/04/2006 20:36]
"Acrobat Assistant 7.0"="C:Program FilesAdobeAcrobat 7.0DistillrAcrotray.exe" [14/12/2004 02:12]
"VX3000"="C:WINDOWSvVX3000.exe" [13/10/2006 17:04]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_03binjusched.exe" [25/09/2007 01:11]
"ClamWin"="C:Program FilesClamWinbinClamTray.exe" [19/04/2008 16:35]
"CFSServ.exe"="C:Program FilesTOSHIBAConfigFreeCFSServ.exe" [17/11/2005 13:14]
"AVG7_CC"="C:PROGRA~1GrisoftAVG7avgcc.exe" [19/04/2008 08:33]
"NeroFilterCheck"="C:Program FilesCommon FilesNeroLibNeroCheck.exe" [01/03/2007 14:57]
"NBKeyScan"="C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe" [20/09/2007 08:51]
"googletalk"="C:Program FilesGoogleGoogle Talkgoogletalk.exe" [02/01/2007 02:52]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"TOSCDSPD"="C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe" [30/12/2004 14:02]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [04/08/2004 17:30]
"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [22/06/2007 23:56]
"SpybotSD TeaTimer"="C:Program FilesSpybot - Search & DestroyTeaTimer.exe" [28/01/2008 11:43]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:Program FilesCommon FilesNeroLibNMBgMonitor.exe" [23/10/2007 14:18]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"DWQueuedReporting"="C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t

C:Documents and SettingsShantanu DasStart MenuProgramsStartup
Adobe Gamma.lnk - C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe [03/02/2007 01:59:48]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:Program FilesMicrosoft OfficeOFFICE11ONENOTEM.EXE [19/04/2007 13:49:52]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Acrobat Speed Launcher.lnk - C:WINDOWSInstaller{AC76BA86-1033-0000-7760-000000000002}SC_Acrobat.exe [17/06/2007 14:35:02]
Bluetooth Manager.lnk - C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe [03/02/2006 11:49:10]
RAMASST.lnk - C:WINDOWSsystem32RAMASST.exe [21/02/2006 20:59:18]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:Program FilesSUPERAntiSpywareSASSEH.DLL [24/05/2008 01:37 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll 19/04/2007 13:41 294912 C:Program FilesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifypsfus]
psqlpwd.dll 05/05/2006 17:48 40448 C:WINDOWSsystem32psqlpwd.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"nxpclient"=C:Program FilesAirtelNetXpert Agentbinsprtcmd.exe /P nxpclient
"emMON"=emMON.exe
"RRT-Auto"=C:Documents and SettingsShantanu DasDesktopRRT.exe auto

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0b6e4565-2374-11dd-b8ff-00a0d14d6abc}]
Autocommand- setup.exe
AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{123cbf37-1a2d-11dc-91f7-00a0d14d6abc}]
1Command- .RECYCLERRECYCLERautorun.exe
2Command- .RECYCLERRECYCLERautorun.exe
AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .RECYCLERRECYCLERautorun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{4aa8d7a2-0865-11dd-9415-00a0d14d6abc}]
Autocommand- setup.exe
AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{6a8870b9-f9b2-11dc-93ee-00a0d14d6abc}]
AutoRuncommand- E:
exploreCommand- RECYCLERautorun.exe -ExploreCurDir
openCommand- RECYCLERautorun.exe -OpenCurDir

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a86ef2ae-f4b4-11dc-93db-00a0d14d6abc}]
AutoRuncommand- cfdflx.com
exploreCommand- cfdflx.com
openCommand- cfdflx.com

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c1cc613c-fe15-11dc-93f7-00a0d14d6abc}]
AutoRuncommand- E:
exploreCommand- E:RECYCLERautorun.exe -ExploreCurDir
openCommand- E:RECYCLERautorun.exe -OpenCurDir

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ec3302f2-2faf-11dd-b91a-00a0d14d6abc}]
Autocommand- MicrosoftPowerPoint.exe
AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f2c40f2d-cfc2-11dc-938d-001302c78a6c}]
AutoRuncommand- E:
exploreCommand- RECYCLERautorun.exe -ExploreCurDir
openCommand- RECYCLERautorun.exe -OpenCurDir

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{f92734fb-e380-11dc-93b3-001302c78a6c}]




-- Hosts -----------------------------------------------------------------------

10.212.64.51 sromail sro.indianoil.co.in


-- End of Deckard's System Scanner: finished at 2008-06-02 13:07:45 ------------

EXTRA.TXT


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2500 @ 2.00GHz
CPU 1: Genuine Intel® CPU T2500 @ 2.00GHz
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 509.98 MiB / 222.01 MiB
Pagefile Memory (total/avail): 1247.51 MiB / 595.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.55 MiB

C: is Fixed (NTFS) - 92.91 GiB total, 57.51 GiB free.
D: is Removable (FAT32)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 232.88 GiB total, 101.58 GiB free.
G: is Removable (FAT)

.PHYSICALDRIVE0 - HTS541010G9SA00 - 93.16 GiB - 2 partitions
PARTITION0 (bootable) - Installable File System - 92.91 GiB - C:
PARTITION1 - Unknown - 251.02 MiB

.PHYSICALDRIVE3 - JetFlash TS1GJFV30 USB Device - 964.84 MiB - 1 partition
PARTITION0 - MS-DOS V4 Huge - 969.98 MiB - G:

.PHYSICALDRIVE2 - Kingston DataTraveler 2.0 USB Device - 3.84 GiB - 1 partition
PARTITION0 - 16-bit FAT - 3.84 GiB - D:

.PHYSICALDRIVE1 - WD 2500BEA External USB Device - 232.88 GiB - 1 partition
PARTITION0 - Installable File System - 232.88 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesTOSHIBAConfigFreeCFXFER.exe"="C:Program FilesTOSHIBAConfigFreeCFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine"
"C:Program FilesYahoo!MessengerYahooMessenger.exe"="C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:Program FilesYahoo!MessengerYServer.exe"="C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server"
"C:Program FilesInternet ExplorerIEXPLORE.EXE"="C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:Program FilesICQ6ICQ.exe"="C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ Library"
"C:Program FilesMSN Messengermsnmsgr.exe"="C:Program FilesMSN Messengermsnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:Program FilesMSN Messengerlivecall.exe"="C:Program FilesMSN Messengerlivecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:Program FilesMicrosoft LifeCamLifeExp.exe"="C:Program FilesMicrosoft LifeCamLifeExp.exe:*:Enabled:LifeExp.exe"
"C:Program FilesMicrosoft LifeCamLifeCam.exe"="C:Program FilesMicrosoft LifeCamLifeCam.exe:*:Enabled:LifeCam.exe"
"C:Program FilesPalmHOTSYNC.EXE"="C:Program FilesPalmHOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:Program FilesGrisoftAVG7avginet.exe"="C:Program FilesGrisoftAVG7avginet.exe:*:Enabled:avginet.exe"
"C:Program FilesGrisoftAVG7avgamsvr.exe"="C:Program FilesGrisoftAVG7avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:Program FilesGrisoftAVG7avgcc.exe"="C:Program FilesGrisoftAVG7avgcc.exe:*:Enabled:avgcc.exe"
"C:Program FilesGrisoftAVG7avgemc.exe"="C:Program FilesGrisoftAVG7avgemc.exe:*:Enabled:avgemc.exe"
"C:Program FilesuTorrentuTorrent.exe"="C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent"
"C:Program FilesGoogleGoogle Talkgoogletalk.exe"="C:Program FilesGoogleGoogle Talkgoogletalk.exe:*:Enabled:Google Talk"
"C:Program FilesShareazaShareaza.exe"="C:Program FilesShareazaShareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsShantanu DasApplication Data
CLASSPATH=.;C:Program FilesJavajre1.5.0_04libextQTJava.zip
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=WHO
ComSpec=C:WINDOWSsystem32cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and SettingsShantanu Das
LOGONSERVER=WHO
LSERVRC=C:Program FilesFrontline SystemsPremium Solver PlatformSolver.lic
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesATI TechnologiesATI.ACE;C:Program FilesCommon FilesUlead SystemsMPEG;C:Program FilesCommon FilesTeleca Shared;C:Program FilesQuickTimeQTSystem;C:Program FilesCommon FilesAdobeAGL;C:Program FilesSupport Tools;C:Program FilesCommon FilesNeroLib;C:Program FilesCommon FilesNeroLib
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.5.0_04libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1SHANTA~1LOCALS~1Temp
TMP=C:DOCUME~1SHANTA~1LOCALS~1Temp
USERDOMAIN=WHO
USERNAME=Shantanu Das
USERPROFILE=C:Documents and SettingsShantanu Das
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

Shantanu Das (admin)
Family
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:PROGRA~1Yahoo!CommonUNYT_W~1.EXE
--> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
--> C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
--> C:Program FilesNeroNero8nerouninstallUNNERO.exe /UNINSTALL
--> C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
--> C:WINDOWSsystem32MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:WINDOWSsystem32MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:WINDOWSUNINST.EXE -f"C:Program FilesAdobePhotoshop 5.0DeIsL1.isu" -c"C:Program FilesAdobePhotoshop 5.0Uninst.dll"
--> C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
--> C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
--> C:WINDOWSUNNeroShowTime.exe /UNINSTALL
--> C:WINDOWSUNNeroVision.exe /UNINSTALL
--> C:WINDOWSUNRecode.exe /UNINSTALL
µTorrent --> "C:Program FilesuTorrentuTorrent.exe" /UNINSTALL
3200 Handset Manager --> C:WINDOWS3200phmgunin.exe C:Program Files3200 Handset ManagerFileList.ini
a-squared Free 3.1 --> "C:Program Filesa-squared Freeunins000.exe"
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Airtel NetXpert Agent --> "C:Program FilesAirtelNetXpert Agentunins000.exe"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{4A81B632-07AB-4CAC-BB04-DF20DFFBFFA0}setup.exe" -l0x9
ArcSoft Software Suite --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{C82E9E85-00A2-4320-8ED3-B6CEF207A850}Setup.exe" -l0x9
Ask Toolbar --> rundll32 C:PROGRA~1AskTBarbar1.binAskTBar.dll,O
ATI Catalyst Control Center --> MsiExec.exe /I{72F93785-FC70-4D03-B09D-2133F6E82F5B}
ATI Display Driver --> rundll32 C:WINDOWSsystem32atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:Program FilesAudacityunins000.exe"
AV Music Morpher --> C:Program FilesAV Music Morpheruninstall.exe
Avanquest update --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}Setup.exe" -l0x9
AVG 7.5 --> C:Program FilesGrisoftAVG7setup.exe /UNINSTALL
Azureus Vuze --> C:Program FilesAzureusuninstall.exe
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
BookReader 4.6 --> "C:Program FilesBR4unins000.exe"
CA Yahoo! Anti-Spy (remove only) --> "C:Program FilesCA Yahoo! Anti-Spyuninstall.exe"
Canon Camera Support Core Library --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{5662C158-CA24-4228-BF6C-596FADA08682} /l1033
Canon Camera Window DS for ZoomBrowser EX --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}
Canon Camera Window DVC for ZoomBrowser EX --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{A70D14C6-FF2C-4B8E-A643-7E74EC607614}
Canon Camera Window for ZoomBrowser EX --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{E73534D5-CC93-4C63-9072-5A9734255C74}
Canon EOS Kiss_N REBEL_XT 350D WIA Driver --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}
Canon PhotoRecord --> MsiExec.exe /X{862983D7-FA08-493E-A9ED-6B7859E069D3}
Canon RAW Image Task for ZoomBrowser EX --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}
Canon RemoteCapture Task for ZoomBrowser EX --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities Digital Photo Professional 1.6.1 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{789CF5F1-3326-4B7B-9D01-31047E0F5651}
Canon Utilities EOS Capture 1.3 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{16480125-0428-4097-9A2A-74464004D169}
Canon Utilities PhotoStitch 3.1 --> C:Program FilesCommon FilesInstallShieldDriver8Intel 32IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}Setup.exe" -l0x9
ClamWin Free Antivirus 0.93 --> "C:Program FilesClamWinunins000.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Confidence Online™ for Web Applications --> C:Documents and SettingsShantanu DasApplication DataWholeSecurityCATWSUIEE.exe
DebugMode Wax 2.0 --> "C:Program FilesDebugModeWax 2.0uninst.exe"
Digital Locker Assistant --> MsiExec.exe /I{D01653EF-9F9F-41D6-B879-654A6BF5892C}
dirhtml 4.5 --> "C:Program Filesdirhtmlunins000.exe"
DivX Codec --> C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Converter --> C:Program FilesDivXDivXConverterUninstall.exe /CONVERTER
DivX Player --> C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
DV Studio3 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5DF68560-292A-11D5-99D1-00010256D40E}setup.exe"
DVD-RAM Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}setup.exe" -l0x9 DVD-RAM Driver
DVD Shrink 3.2 --> "C:Program FilesDVD Shrinkunins000.exe"
Easy CHM v3.50 Build 460 --> "C:Program FilesEasyCHMunins000.exe"
EasyCleaner --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F5346614-B7C4-4E94-826A-E2363155233D}setup.exe" -l0x9 -removeonly
EndNote Demo --> C:PROGRA~1ENDNOT~1UNWISE.EXE C:PROGRA~1ENDNOT~1INSTALL.LOG
EndNote for Palm OS® --> MsiExec.exe /I{151103B7-EA33-49DC-AEBD-9509C172E685}
eSnips --> MsiExec.exe /X{3D4504EF-5B46-483E-BE1E-CC17C4A0BFFA}
Flash Capture 1.20 --> "C:Program FilesFlash Captureunins000.exe"
Free Video to iPod Converter version 2.1 --> "C:Program FilesDVDVIDEOSOFTFree Video to iPod Converterunins000.exe"
FruityLoops Studio Producer Edition v4.01 --> C:PROGRA~1FLSTUD~1UNWISE.EXE C:PROGRA~1FLSTUD~1INSTALL.LOG
GetRight --> C:PROGRA~1GetRightGETRIGHT.EXE /UNINSTALL
Glary Undelete 1.1 --> "C:Program FilesGlary Undeleteunins000.exe"
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Talk (remove only) --> "C:Program FilesGoogleGoogle Talkuninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:program filesgooglegoogletoolbar1.dll"
Grab & Burn, Version 5.0.2 Free( Build 2006-08-23, Win32, CSS ) --> "C:Program FilesRocket Division SoftwareGrabBurnunins000.exe"
GTOneCare --> MsiExec.exe /X{72690A58-4C2A-4CDE-928C-DF925B125F43}
Hard Disk Low Level Format Tool 2.36 build 1181 --> "C:Program FilesHDDGURU LLF Toolunins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe"
HouseCall 6.6 --> "C:Documents and SettingsShantanu DasApplication DataHouseCall 6.6uninstaller.exe"
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.1 - Scanjet 2400 Series --> MsiExec.exe /I{6F7ECD56-E224-4263-9B7E-158E5CECC43B}
HumanEdj --> C:Program FilesHumanEdjuninstall.exe
ICQ6 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe" -l0x9 -removeonly
IHMC CmapTools v4.15 --> "C:Program FilesIHMC CmapToolsUninstallerDataUninstall CmapTools.exe"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:WINDOWSInstalleriProInst.exe
InterVideo WinDVD Creator 2 --> "C:Program FilesInstallShield Installation Information{2FCE4FC5-6930-40E7-A4F1-F862207424EF}setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:Program FilesInstallShield Installation Information{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}setup.exe" REMOVEALL
ISI ResearchSoft - Export Helper --> C:PROGRA~1COMMON~1Risxtd_UNINST.EXE
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:WINDOWSsystem32Kaspersky LabKaspersky Online Scannerkavuninstall.exe
Lotus Notes 6.5.4 --> MsiExec.exe /I{6B2764B1-F062-4481-94FD-58B1C211C448}
Lotus SmartSuite - English --> MsiExec.exe /I{536D6172-7453-7569-7465-392E37300409}
Macromedia Flash 5 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{4C93C363-414E-11D4-9756-00C04F8EEB39}Setup.exe" UNINSTALL
Macromedia Flash MX 2004 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{2F353D44-73BB-4971-B31D-F7642E9E9531}Setup.exe" -l0x9 UNINSTALL
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe"
Microsoft LifeCam --> MsiExec.exe /X{8CFC7570-DD90-486E-A239-E31D455BDE93}
Microsoft LifeChat --> MsiExec.exe /X{C4C4F736-B75C-4908-A606-A6F4B65F58CC}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{B6F7DBE7-2FE2-458F-A738-B10832746036}Setup.exe" -L0x9
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:WINDOWS$NtUninstallWudf01000$spuninstspuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Moto EzX Video Producer --> MsiExec.exe /X{A5070AA6-2100-45C2-941B-D19526B018EC}
Motorola Phone Tools --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.7) --> C:Program FilesMozilla Firefoxuninstallhelper.exe
MP3 To Ringtone Gold 3.50 --> "C:Program FilesAnMingunins000.exe"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 8 --> MsiExec.exe /X{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Net Transport 1.87.258 --> "C:Program FilesXiNetTransport 2unins000.exe"
Norton Save and Restore --> MsiExec.exe /X{B0255743-165B-4BD5-8DA8-37DFB993B101}
Norton Spyware Scan provided by Yahoo! --> C:PROGRA~1Yahoo!Commonunynss.exe
Palm Desktop --> MsiExec.exe /X{870842F7-18BB-479D-A7B1-FE17E81AFF1A}
Panda ActiveScan --> C:WINDOWSsystem32ASUninst.exe Panda ActiveScan
PC Inspector File Recovery --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{0DD140D3-9563-481E-AA75-BA457CBDAEF2}Setup.exe" -l0x9
Photo2VCD Professional --> "C:Program FilesPhoto2VCD Professionalunins000.exe"
Pinnacle Hollywood FX 4.6 --> C:WINDOWSunvise32.exe C:Program FilesPinnacleHollywood FX 4.6uninstal.log
Power Voice II --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3748D2FC-83CB-445A-87D8-DE88080FBB4F}Setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1100Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe" -l0x9 -removeonly
Recover Files 2.0 --> "C:Program FilesRecover Filesunins000.exe"
Registry Mechanic 7.0 --> "C:Program FilesRegistry Mechanicunins000.exe"
SD Secure Module --> MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:WINDOWS$NtUninstallKB898458$spuninstspuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe"
Shareaza 2.3.1.0 --> "C:Program FilesShareazaUninstallunins000.exe"
SimNet MIS 2.0 --> C:Program FilesSimNet MIS/uninstall.exe
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Sothink SWF Decompiler --> "C:Program FilesSourceTecSothink SWF Decompilerunins000.exe"
Spybot - Search & Destroy --> "C:Program FilesSpybot - Search & Destroyunins000.exe"
SpywareBlaster 4.0 --> "C:Program FilesSpywareBlasterunins000.exe"
Studio 8 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{53EF6570-21A4-47ED-A40A-E6470A5677A3}Setup.exe" -l0x9 UNINSTALL
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Synaptics Pointing Device Driver --> rundll32.exe "C:Program FilesSynapticsSynTPSynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{12B3A009-A080-4619-9A2A-C6DB151D8D67}Setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}Setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{64DD71BC-3109-4C88-9AD3-D5422644B722}Setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool --> C:WINDOWSIsUninst.exe -f"C:Program FilesTOSHIBAPCDiagUninst.isu"
TOSHIBA Power Saver --> C:WINDOWSIsUninst.exe -f"C:Program FilesTOSHIBAPower SaverUninst.isu" -c"C:WINDOWSsystem32TPSDel.dll"
TOSHIBA SD Memory Card Format --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}Setup.exe"
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Speech System Applications --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{EE033C1F-443E-41EC-A0E2-559B539A4E4D}Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{008D69EB-70FF-46AB-9C75-924620DF191A}Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3FBF6F99-8EC6-41B4-8527-0A32241B5496}Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{69BE47C2-36FE-4397-8199-85D8EAE69982}Setup.exe" -l0x9
TOSHIBA Utilities --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0901Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}Setup.exe" -l0x9
TOSHIBA Virtual Sound --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{8B12BA86-ADAC-4BA6-B441-FFC591087252}Setup.exe" /uninstall
TOSHIBA Zooming Utility --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{64212898-097F-4F3F-AECA-6D34A7EF82DF}Setup.exe"
TV Plus 3.0 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{40A4C9A3-1E27-43DC-9624-EE5C2E1DCA72}setup.exe" -l0x9
TZ Connection Booster 2.6 --> "C:Program FilesTZ Connection Boosterunins000.exe"
Ulead Photo Express 4.0 SE --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}Setup.exe"
Ulead VideoStudio 7 SE DVD --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime0701Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}setup.exe" -l0x9
USB Driver for Panasonic DVC --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{6304CCF6-3343-4DA5-96B6-84B3A644B93B} /l1033
USB Video/Audio Device Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{2758691A-2CDE-4942-A4AC-0E8F61FE2067}Setup.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WebCam Driver for Panasonic DVC --> C:PROGRA~1COMMON~1INSTAL~1Driver7INTEL3~1IDriver.exe /M{EBE171CC-C465-43FE-AA82-F0B4333764DD} /l1033
Whisper 32 --> MsiExec.exe /I{9F0E4EC2-2398-4BB8-9FBB-B4E7C4E128E6}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live OneCare safety scanner --> RunDll32.exe "C:Program FilesWindows Live Safety CenterwlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe"
Windows Support Tools --> MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
WinHTTrack Website Copier 3.40 --> "C:Program FilesWinHTTrackunins000.exe"
WinIDAMS Release 1.2a, English version, November 2005 --> "C:Program FilesWinIDAMS12A-ENunins000.exe"
WinMorph™ 3.01 --> "C:Program FilesDebugmodeWinMorphunins000.exe"
WinRAR archiver --> C:Program FilesWinRARuninstall.exe
WordWeb --> C:Program FilesWordWebuninst.exe
XML Marker version 1.1 --> "C:Program FilesXML Markerunins000.exe"
Yahoo! Browser Services --> C:PROGRA~1Yahoo!Commonunyext.exe
Yahoo! Install Manager --> C:WINDOWSsystem32regsvr32 /u C:PROGRA~1Yahoo!CommonYINSTH~2.DLL
Yahoo! Internet Mail --> C:WINDOWSsystem32regsvr32 /u /s C:PROGRA~1Yahoo!Commonymmapi.dll
Yahoo! Messenger --> C:PROGRA~1Yahoo!MESSEN~1UNWISE.EXE /U C:PROGRA~1Yahoo!MESSEN~1INSTALL.LOG
Yahoo! Toolbar --> C:PROGRA~1Yahoo!CommonUNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type27754 / Warning
Event Submitted/Written: 06/02/2008 10:49:09 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type27753 / Warning
Event Submitted/Written: 06/02/2008 10:49:09 AM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type27739 / Warning
Event Submitted/Written: 06/02/2008 08:17:12 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type27734 / Warning
Event Submitted/Written: 06/02/2008 00:57:38 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type27733 / Warning
Event Submitted/Written: 06/02/2008 00:57:38 AM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4221435 / Warning
Event Submitted/Written: 06/02/2008 01:03:55 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type4221434 / Warning
Event Submitted/Written: 06/02/2008 01:03:55 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type4221433 / Warning
Event Submitted/Written: 06/02/2008 01:03:55 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type4221432 / Warning
Event Submitted/Written: 06/02/2008 01:03:55 PM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type4221427 / Warning
Event Submitted/Written: 06/02/2008 10:59:04 AM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 10.212.66.67 for the Network Card
with network address 00A0D14D6ABC is already in use on the network.
Your computer will automatically attempt to obtain a different address.



-- End of Deckard's System Scanner: finished at 2008-06-02 13:07:45 ------------

Ok. I will try to scanby kaspersky in the night. :)

BTW What was that under running processes?? --> C:HIJACK~1Shantanu Das.exe ???? at the beginning!!!
& Why did i say system restore turned off and could not be done at the beginning ? It is not turned off as I can see now. Or did this turn it on?!!

Also adding from the 3rd file [moved.txt]. I hope my required files have not got removed?

Directories/Files moved to C:DeckardSystem Scannerbackup

2008-06-02 12:15:30 59964 --a------ C:DOCUME~1SHANTA~1LOCALS~1TempAdobelm_Cleanup.0001 <Not Verified; Macrovision Europe Ltd.; Macrovision Europe Ltd. Cleanup>
2008-06-02 12:29:14 0 d-------- C:DOCUME~1SHANTA~1LOCALS~1TempAdobelm_Cleanup.0001.dir.0001
2008-06-02 01:11:17 0 d-------- C:DOCUME~1SHANTA~1LOCALS~1TempCFXFER_CASH
2008-06-02 02:08:16 595 --a------ C:DOCUME~1SHANTA~1LOCALS~1TempClamWin2.log
2008-06-02 02:08:14 12 --a------ C:DOCUME~1SHANTA~1LOCALS~1TempClamWin_CheckVer_Info
2008-06-02 02:08:14 12 --a------ C:DOCUME~1SHANTA~1LOCALS~1TempClamWin_CheckVer_Time
2008-06-02 01:19:51 0 d-------- C:DOCUME~1SHANTA~1LOCALS~1TempGoogle Toolbar
2008-06-02 10:55:17 342 --a------ C:DOCUME~1SHANTA~1LOCALS~1Tempjusched.log
2008-06-02 12:11:05 0 d-------- C:DOCUME~1SHANTA~1LOCALS~1TempKAV Updater update files
2006-07-24 01:38:26 26112 --a------ C:DOCUME~1SHANTA~1LOCALS~1Tempnircmd.exe <Not Verified; NirSoft; NirCmd>
2008-06-02 11:54:28 0 d-------- C:DOCUME~1SHANTA~1LOCALS~1Tempnotes6030C8
2008-06-02 12:07:27 239 --a------ C:DOCUME~1SHANTA~1LOCALS~1TempTMP15.tmp
2008-06-02 10:49:48 0 d-------- C:DOCUME~1SHANTA~1LOCALS~1TempWPDNSE
2008-06-01 09:22:21 682266 -----n--- C:DOCUME~1SHANTA~1LOCALS~1Temp_iu14D2N.tmp <Not Verified; ; Inno Setup>
2008-06-02 01:20:05 32768 --a------ C:DOCUME~1SHANTA~1LOCALS~1Temp~DF5573.tmp
2007-11-05 23:05:37 0 d-------- C:WINDOWStempASHeuristic
2008-06-02 11:08:40 2870 --a------ C:WINDOWStempMpCmdRun.log
2008-05-29 01:45:11 0 d-------- C:WINDOWStempMPTelemetrySubmit
2008-06-02 00:57:25 16384 --a-----t C:WINDOWStempPerflib_Perfdata_2c4.dat
2008-06-02 00:57:38 16384 --a-----t C:WINDOWStempPerflib_Perfdata_570.dat
2008-06-02 00:57:42 0 --a------ C:WINDOWStempT30DebugLogFile.txt
2007-02-11 20:54:44 0 d-------- C:WINDOWStempWebshotsTemp
2008-06-02 10:48:58 255 --a------ C:WINDOWStempWGAErrLog.txt
2008-06-02 10:49:32 409 --a------ C:WINDOWStempWGANotify.settings
2006-08-24 08:28:54 141424 --a------ C:WINDOWSDownloaded Program Filesasinst.dll <Verified; Panda Software; ActiveScan>
2006-05-17 14:32:30 231072 --a------ C:WINDOWSDownloaded Program Filesavsniff.dll <Verified; Symantec Corporation; Symantec Security Check>
2006-05-17 14:32:32 198304 --a------ C:WINDOWSDownloaded Program Filesavsniffdlgs.dll <Verified; TODO: <Company name>; TODO: <Product name>>
2006-05-17 14:26:10 537704 --a------ C:WINDOWSDownloaded Program FilesAXXPEE.dll <Verified; WholeSecurity,Inc.; WholeSecurity Confidence Online™ for Web Applications>
2007-10-25 10:26:48 32 --a------ C:WINDOWSDownloaded Program Filesbdcore.dll
2007-10-25 10:26:48 118784 --a------ C:WINDOWSDownloaded Program Filesbdupd.dll
2006-05-17 14:26:12 42112 --a------ C:WINDOWSDownloaded Program Filesecmldr32.dll <Verified; Symantec Corp.; ECOM Loader>
2008-03-05 01:00:00 284016 --a------ C:WINDOWSDownloaded Program Filesecmsvr32.dll <Verified; Symantec Corporation; ECOM Server>
2005-02-02 13:18:40 262144 --a------ C:WINDOWSDownloaded Program Filesinotes6W.dll <Not Verified; IBM Corporation; Domino Web Access>
2007-10-25 10:26:48 53248 --a------ C:WINDOWSDownloaded Program Filesipsupd.dll
2007-10-25 10:26:48 32 --a------ C:WINDOWSDownloaded Program Fileslibfn.dll
2006-05-17 14:28:00 201896 --a------ C:WINDOWSDownloaded Program Filesnavapi32.dll <Verified; Symantec Corp.; NAVAPI>
2008-03-05 01:00:00 128368 --a------ C:WINDOWSDownloaded Program Filesnaveng32.dll <Verified; Symantec Corporation; Symantec Antivirus Engine>
2008-03-05 01:00:00 943472 --a------ C:WINDOWSDownloaded Program Filesnavex32a.dll <Verified; Symantec Corporation; Symantec Antivirus Engine>
2005-08-04 02:38:58 446464 --a------ C:WINDOWSDownloaded Program FilesPrintControl.dll <Not Verified; Business Objects; Crystal Reports>
2006-05-17 14:32:42 161480 --a------ C:WINDOWSDownloaded Program Filesrufsi.dll <Verified; Symantec Corporation; Symantec Security Check>
2008-01-09 13:16:20 927224 --a------ C:WINDOWSDownloaded Program FilesUploaderX.dll <Verified; Google, Inc.; Photo Uploader>
2008-01-21 21:34:22 465472 --a------ C:WINDOWSDownloaded Program FileswlscBase.dll <Verified; Microsoft Corporation; Microsoft® Windows Live OneCare>
2007-07-02 15:44:26 941688 --a------ C:WINDOWSDownloaded Program Filesasquared.ocx <Not Verified; Emsi Software GmbH; a-squared Active-X Scan Control>
2006-05-05 19:46:56 2039808 --a------ C:WINDOWSDownloaded Program FilesImageUploader3.ocx <Not Verified; Slide, Inc.; Slide Image Uploader>
2007-10-25 16:54:18 471040 --a------ C:WINDOWSDownloaded Program Filesoscan8.ocx <Not Verified; SOFTWIN; bdscanonline>

-*- End of Logfile -*-

:thumbsup:
Ok.. Now i got the kaspersky online scan done also. I attached my two pen drives and the 250 GB usb drive. It took me 9 hours. Here it is. But please note that I have found some virus which I will remove manually - by deleting the files. However they are not the troublemakers in my current case, as they are mostly either in some file I have not installed or in quarantine folder already or if I have installed then it is doing something else like a backdoor.. so my current issue is different. Okay. Now I have done all that was asked. I will wait.

btw-- i find some files skipped.. if you can explain those i will learn. Thanks!! and also please note that the flash_disinfector folders were installed because of my running it as per the other post here (the link of which I have given in my first message)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 03, 2008 7:51:25 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/06/2008
Kaspersky Anti-Virus database records: 821940
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:
B:
C:
D:
F:

Scan Statistics:
Total number of scanned objects: 473062
Number of viruses found: 7
Number of infected objects: 29
Number of suspicious objects: 0
Duration of the scan process: 09:58:58

Infected Object Name / Virus Name / Last Action
A:autorun.inflpt3.This folder was created by Flash_Disinfector Object is locked skipped
B:autorun.inflpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:autorun.inflpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:Documents and SettingsAll UsersApplication Dataavg7Logemc.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataGrisoftAvg7Dataavg7log.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataGrisoftAvg7Dataavg7log.log.lck Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftWindows DefenderSupportMPLog-11052007-000744.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataNeroNero8Nero BackItUpCacheNeroBackItUpScheduler3.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon Clientsettings.dat Object is locked skipped
C:Documents and SettingsLocalServiceCookiesindex.dat Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat.LOG Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsHistoryHistory.IE5index.dat Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat Object is locked skipped
C:Documents and SettingsLocalServiceNTUSER.DAT Object is locked skipped
C:Documents and SettingsLocalServicentuser.dat.LOG Object is locked skipped
C:Documents and SettingsNetworkServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat Object is locked skipped
C:Documents and SettingsNetworkServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat.LOG Object is locked skipped
C:Documents and SettingsNetworkServiceNTUSER.DAT Object is locked skipped
C:Documents and SettingsNetworkServicentuser.dat.LOG Object is locked skipped
C:Documents and SettingsShantanu DasApplication DataSony EricssonTelecaTelecalibLoggingApplication logsFM_log.txt Object is locked skipped
C:Documents and SettingsShantanu DasCookiesindex.dat Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsApplication DataAheadNero Homebl.db Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsApplication DataAheadNero Homeis2.db Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsApplication DataApplicationHistorycli.exe.c88dbd71.ini.inuse Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat.LOG Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsHistoryHistory.IE5index.dat Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsTempClamWin1.log Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsTempPerflib_Perfdata_94c.dat Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsTempPerflib_Perfdata_ae8.dat Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsTempPerflib_Perfdata_e94.dat Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsTempPerflib_Perfdata_fbc.dat Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsTempPerflib_Perfdata_fe0.dat Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsTemp~DF20EF.tmp Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsTemp~DF9F31.tmp Object is locked skipped
C:Documents and SettingsShantanu DasLocal SettingsTemporary Internet FilesContent.IE5index.dat Object is locked skipped
C:Documents and SettingsShantanu Dasntuser.dat Object is locked skipped
C:Documents and SettingsShantanu Dasntuser.dat.LOG Object is locked skipped
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcrst.dll Object is locked skipped
C:Program FilesNeroNero8Nero BackItUpBIU1.txt Object is locked skipped
C:Program FilesRegistry MechanicRMTray.exe Infected: Backdoor.Win32.Rbot.kmj skipped
C:System Volume InformationMountPointManagerRemoteDatabase Object is locked skipped
C:System Volume Information_restore{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}RP1change.log Object is locked skipped
C:WINDOWSDebugPASSWD.LOG Object is locked skipped
C:WINDOWSSchedLgU.Txt Object is locked skipped
C:WINDOWSSoftwareDistributionReportingEvents.log Object is locked skipped
C:WINDOWSSti_Trace.log Object is locked skipped
C:WINDOWSsystem32CatRoot2edb.log Object is locked skipped
C:WINDOWSsystem32CatRoot2tmp.edb Object is locked skipped
C:WINDOWSsystem32configACEEvent.evt Object is locked skipped
C:WINDOWSsystem32configAppEvent.Evt Object is locked skipped
C:WINDOWSsystem32configdefault Object is locked skipped
C:WINDOWSsystem32configdefault.LOG Object is locked skipped
C:WINDOWSsystem32configSAM Object is locked skipped
C:WINDOWSsystem32configSAM.LOG Object is locked skipped
C:WINDOWSsystem32configSecEvent.Evt Object is locked skipped
C:WINDOWSsystem32configSECURITY Object is locked skipped
C:WINDOWSsystem32configSECURITY.LOG Object is locked skipped
C:WINDOWSsystem32configsoftware Object is locked skipped
C:WINDOWSsystem32configsoftware.LOG Object is locked skipped
C:WINDOWSsystem32configSysEvent.Evt Object is locked skipped
C:WINDOWSsystem32configsystem Object is locked skipped
C:WINDOWSsystem32configsystem.LOG Object is locked skipped
C:WINDOWSsystem32h323log.txt Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSINDEX.BTR Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSINDEX.MAP Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSMAPPING.VER Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSMAPPING1.MAP Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSMAPPING2.MAP Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSOBJECTS.DATA Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSOBJECTS.MAP Object is locked skipped
C:WINDOWSTempPerflib_Perfdata_32c.dat Object is locked skipped
C:WINDOWSTempPerflib_Perfdata_5d0.dat Object is locked skipped
C:WINDOWSwiadebug.log Object is locked skipped
C:WINDOWSwiaservc.log Object is locked skipped
C:WINDOWSWindowsUpdate.log Object is locked skipped
F:ALL FilesLALPTOP ERASEAll Users.clamwinquarantineinfected.ipscan221.exe.000.000 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
F:ALL FilesLALPTOP ERASEAll Users.clamwinquarantineinfected.Nw IP Scan - ipscan.exe.000.000 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
F:ALL FilesLALPTOP ERASESHNProgram FilesRegistry MechanicRMTray.exe Infected: Backdoor.Win32.Rbot.kmj skipped
F:ALL FilesLALPTOP ERASESHNShantanu DasMy Documentsdownloadsrmretail-7.0.0.1010k.exe/file19 Infected: Backdoor.Win32.Rbot.kmj skipped
F:ALL FilesLALPTOP ERASESHNShantanu DasMy Documentsdownloadsrmretail-7.0.0.1010k.exe Inno: infected - 1 skipped
F:ALL FilesLAPTOP ALL FILESBluetoothSharedFolderipscan.zip/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
F:ALL FilesLAPTOP ALL FILESBluetoothSharedFolderipscan.zip ZIP: infected - 1 skipped
F:ALL FilesOLD USB drivesoftwareCorelDRAW_12_Suite_Trial_to_Full_patch_by_T2-Wrs_(WWW[1].CRACK-LOCATOR.ORG).zip/keygen.exe Infected: Trojan-Downloader.Win32.INService.bl skipped
F:ALL FilesOLD USB drivesoftwareCorelDRAW_12_Suite_Trial_to_Full_patch_by_T2-Wrs_(WWW[1].CRACK-LOCATOR.ORG).zip ZIP: infected - 1 skipped
F:ALL FilesOLD USB drivesoftwareCorelDRAW_12_Suite_Trial_to_Full_patch_by_T2-Wrs_(WWW[1].CRACK-LOCATOR.ORG).zip CryptFF.b: infected - 1 skipped
F:ALL FilesOLD USB drivesoftwareCorelDRAW_Graphics_Suite_v12_by_SSG_(WWW[1].CRACK-LOCATOR.ORG).zip/file_id.exe Infected: Trojan-Downloader.Win32.INService.bl skipped
F:ALL FilesOLD USB drivesoftwareCorelDRAW_Graphics_Suite_v12_by_SSG_(WWW[1].CRACK-LOCATOR.ORG).zip ZIP: infected - 1 skipped
F:ALL FilesOLD USB drivesoftwareCorelDRAW_Graphics_Suite_v12_by_SSG_(WWW[1].CRACK-LOCATOR.ORG).zip CryptFF.b: infected - 1 skipped
F:ALL FilesOLD USB drivesoftwareWEB CREATOR JAVA ETC - acehtmlfreeware.exe/data0108 Infected: not-a-virus:AdWare.Win32.BHO.ajt skipped
F:ALL FilesOLD USB drivesoftwareWEB CREATOR JAVA ETC - acehtmlfreeware.exe NSIS: infected - 1 skipped
F:ALL FilesPortable softwareInstalled herewpp_1gb_3.3.exe/file02253 Infected: not-a-virus:Server-FTP.Win32.SFH.k skipped
F:ALL FilesPortable softwareInstalled herewpp_1gb_3.3.exe/file02697 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
F:ALL FilesPortable softwareInstalled herewpp_1gb_3.3.exe Inno: infected - 2 skipped
F:ALL Filesrmretail-7.0.0.1010k.exe/file19 Infected: Backdoor.Win32.Rbot.kmj skipped
F:ALL Filesrmretail-7.0.0.1010k.exe Inno: infected - 1 skipped
F:ALL Filestoshiba backupDESKTOP FILES TO BE SORTED-10-01-05das{5BCB2B23-2347-11D6-BB0C-0080C7B6B976}MicrosoftOutlook ExpressSENT ITEMS (1).DBX/[From "sdas" <sdas1@vsnl.com>][Date Thu, 19 Jul 2001 15:43:18 +0530]/UNNAMED/Miracle1.exe Infected: not-virus:BadJoke.Win32.Anywork skipped
F:ALL Filestoshiba backupDESKTOP FILES TO BE SORTED-10-01-05das{5BCB2B23-2347-11D6-BB0C-0080C7B6B976}MicrosoftOutlook ExpressSENT ITEMS (1).DBX/[From "sdas" <sdas1@vsnl.com>][Date Thu, 19 Jul 2001 15:43:18 +0530]/UNNAMED Infected: not-virus:BadJoke.Win32.Anywork skipped
F:ALL Filestoshiba backupDESKTOP FILES TO BE SORTED-10-01-05das{5BCB2B23-2347-11D6-BB0C-0080C7B6B976}MicrosoftOutlook ExpressSENT ITEMS (1).DBX MailMSOutlook5: infected - 2 skipped
F:ALL Filestoshiba backupno need to chk and copy bak to usb later or deleteIBMHOME BACKUP- ibm PROG DATA FILESRRU301BUSrrpcsuperinstall.exe/IGWSE2SAS2.1WM2.1.EXE/HOTVIEW.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
F:ALL Filestoshiba backupno need to chk and copy bak to usb later or deleteIBMHOME BACKUP- ibm PROG DATA FILESRRU301BUSrrpcsuperinstall.exe/IGWSE2SAS2.1WM2.1.EXE/VNCHOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
F:ALL Filestoshiba backupno need to chk and copy bak to usb later or deleteIBMHOME BACKUP- ibm PROG DATA FILESRRU301BUSrrpcsuperinstall.exe/IGWSE2SAS2.1WM2.1.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
F:ALL Filestoshiba backupno need to chk and copy bak to usb later or deleteIBMHOME BACKUP- ibm PROG DATA FILESRRU301BUSrrpcsuperinstall.exe ZIP: infected - 3 skipped
F:autorun.inflpt3.This folder was created by Flash_Disinfector Object is locked skipped
F:System Volume InformationMountPointManagerRemoteDatabase Object is locked skipped
F:System Volume Information_restore{EA10BEA4-2D2C-494D-9EF3-5EC8A5B65143}RP1change.log Object is locked skipped
F:winPenPackBinhfshfs.exe Infected: not-a-virus:Server-FTP.Win32.SFH.k skipped

Scan process completed.

Merged posts. ~ OB

Edited by Orange Blossom, 03 June 2008 - 04:54 PM.


BC AdBot (Login to Remove)

 


#2 sdas57

sdas57
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi, India
  • Local time:01:44 AM

Posted 28 June 2008 - 02:58 AM

Ok Good!! Sorrry that nobody helped. Then this is a free site so cannot complain either.
Guys.. thanks all the same.

I had to format my disk anyway because the stupid service centre people told me it WAS OS problem THAT MY LAN ICON was missing.. when I told them it was Hardware problem. And now that i have reinstalled OS.. they agree it is h/w problem and so are going to replace my motherboard itself.. because the ethernet card/ lan port is inbuilt!!!

TOSHIBA?? Like this?!!

Anyway that solved this problem at least.

So msg closed now

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:14 PM

Posted 28 June 2008 - 01:42 PM

Thanks for informing us that you were able to diagnose the problem.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users