Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

failed to delete cfgbken.dll


  • This topic is locked This topic is locked
34 replies to this topic

#1 JC81

JC81

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 24 November 2008 - 02:38 PM

recently i got cfgbken.dll trojan in my laptop.to delete this i ran the hijak this log and combofix to fix the virus but still i am getting the same message"failed to delete cfgbken.dll". i had gone through all the postings related to cfgbken.dll but i am unable to delete the dll in my system.
please find the hijack log , the combo fix code and the log file.

any help would be highly appreciated.

HIJACK LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:33 AM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60287
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60287
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {47404406-B497-48A9-8C2D-65790455D010} - C:\WINDOWS\system32\cfgbken.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC84EA2-E31D-4267-8258-41320B01E0E7}: NameServer = 202.54.29.5,202.54.12.164
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TIBCO Administrator 5.4 (jeevan) (TIBCOAdmin-jeevan) - Unknown owner - C:/tibco/administrator/domain/jeevan/bin/tibcoadmin_jeevan.exe
O23 - Service: TIBCO Administrator 5.4 (kasarla) (TIBCOAdmin-kasarla) - Unknown owner - C:/tibco/administrator/domain/kasarla/bin/tibcoadmin_kasarla.exe
O23 - Service: TIBCO EMS Server (PID: 1864) (tibemsd) - Unknown owner - C:\tibco\ems\bin\emsntsct.exe
O23 - Service: TIBCO Hawk Agent (TIBHawkAgent) - Unknown owner - C:\tibco\hawk\bin\tibhawkagentnt.exe
O23 - Service: TIBCO Hawk Agent (jeevan) (TIBHawkAgent-jeevan-JeevanChandra) - Unknown owner - C:/tibco/tra/domain/jeevan/hawkagent_jeevan.exe
O23 - Service: TIBCO Hawk Agent (kasarla) (TIBHawkAgent-kasarla-JeevanChandra) - Unknown owner - C:/tibco/tra/domain/kasarla/hawkagent_kasarla.exe
O23 - Service: TIBCO Hawk Event (TIBHawkEvent) - Unknown owner - C:\tibco\hawk\bin\tibhawkeventnt.exe
O23 - Service: TIBCO Hawk HMA (TIBHawkHMA) - Unknown owner - C:\tibco\hawk\bin\tibhawkhma.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 11056 bytes


CODE used to delete the cfgbken.dll:

File::
c:\windows\system32\cfgbken.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47404406-B497-48A9-8C2D-65790455D010}]


After running the combofix , log file:

ComboFix 08-11-19.08 - Jeevan 2008-11-25 0:41:33.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1434 [GMT 5.5:30]
Running from: c:\documents and settings\Jeevan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeevan\Desktop\CFscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\cfgbken.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cfgbken.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-24 10:51 . 2008-11-24 10:51 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-11-24 10:48 . 2008-11-24 10:48 <DIR> d-------- c:\windows\ERUNT
2008-11-21 04:38 . 2008-11-21 04:38 <DIR> d-------- c:\program files\Trend Micro
2008-11-21 04:37 . 2008-11-21 14:20 <DIR> d-------- c:\program files\Unlocker
2008-11-19 05:12 . 2008-11-19 05:18 6,410 --a------ c:\windows\system32\tmp.reg
2008-11-19 04:57 . 2008-11-19 04:57 <DIR> d-------- c:\program files\InCode Solutions
2008-11-19 04:44 . 2008-11-19 05:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-11-19 01:41 . 2008-11-19 01:41 <DIR> d-------- c:\documents and settings\Jeevan\Application Data\TrojanHunter
2008-11-19 01:06 . 2008-11-19 04:24 <DIR> d-------- c:\program files\TrojanHunter 5.0
2008-11-17 01:40 . 2008-11-17 01:41 <DIR> d--h----- c:\program files\Zero G Registry
2008-11-17 01:39 . 2008-11-17 01:39 <DIR> d--h----- c:\documents and settings\Jeevan\InstallAnywhere
2008-11-17 01:31 . 2008-11-17 01:40 <DIR> d-------- c:\program files\Oracle
2008-11-16 17:49 . 2008-04-14 05:41 94,720 --a------ c:\windows\system32\cfgbken.dll
2008-11-15 01:08 . 2008-11-15 03:14 <DIR> d-------- C:\fun
2008-11-12 17:15 . 2008-09-04 22:45 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:54 . 2008-10-24 16:51 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-29 01:35 . 2008-11-16 17:50 102,172 --a------ c:\windows\system32\cont_offersfortoday-remove.exe
2008-10-28 11:04 . 2008-10-15 22:04 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 04:13 --------- d-----w c:\program files\SUPERAntiSpyware
2008-11-24 04:13 --------- d-----w c:\documents and settings\Jeevan\Application Data\SUPERAntiSpyware.com
2008-11-24 03:25 --------- d-----w c:\documents and settings\Jeevan\Application Data\AVG7
2008-11-12 16:08 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 11:13 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-05 18:00 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-05 17:59 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 08:24 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47404406-B497-48A9-8C2D-65790455D010}]
2008-04-14 05:41 94720 --a------ c:\windows\system32\cfgbken.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-20 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-20 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-13 185896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-06 219136]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-05-09 73728]

c:\documents and settings\Jeevan\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [2006-05-09 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-07-17 6144]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\tibco\\designer\\5.5\\bin\\designer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 vrafhvad;vrafhvad;c:\windows\system32\drivers\vrafhvad.sys [2004-08-05 23424]
S3 TIBCOAdmin-jeevan;TIBCO Administrator 5.4 (jeevan);C:/tibco/administrator/domain/jeevan/bin/tibcoadmin_jeevan.exe --ntservice "TIBCOAdmin-jeevan" []
S3 TIBCOAdmin-kasarla;TIBCO Administrator 5.4 (kasarla);C:/tibco/administrator/domain/kasarla/bin/tibcoadmin_kasarla.exe --ntservice "TIBCOAdmin-kasarla" []
S3 tibemsd;TIBCO EMS Server (PID: 1864);c:\tibco\ems\bin\emsntsct.exe "tibemsd" []
S3 TIBHawkAgent-jeevan-JeevanChandra;TIBCO Hawk Agent (jeevan);C:/tibco/tra/domain/jeevan/hawkagent_jeevan.exe --ntservice "TIBHawkAgent-jeevan-JeevanChandra" []
S3 TIBHawkAgent-kasarla-JeevanChandra;TIBCO Hawk Agent (kasarla);C:/tibco/tra/domain/kasarla/hawkagent_kasarla.exe --ntservice "TIBHawkAgent-kasarla-JeevanChandra" []
S3 TIBHawkAgent;TIBCO Hawk Agent;c:\tibco\hawk\bin\tibhawkagentnt.exe [2008-08-06 57344]
S3 TIBHawkEvent;TIBCO Hawk Event;c:\tibco\hawk\bin\tibhawkeventnt.exe [2008-08-06 57344]
S3 TIBHawkHMA;TIBCO Hawk HMA;c:\tibco\hawk\bin\tibhawkhma.exe --service TIBHawkHMA []
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);c:\windows\system32\DRIVERS\W700bus.sys [2008-03-07 61536]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;c:\windows\system32\DRIVERS\W700mdfl.sys [2008-03-07 9264]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;c:\windows\system32\DRIVERS\W700mdm.sys [2008-03-07 97056]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\W700mgmt.sys [2008-03-07 88560]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\W700obex.sys [2008-03-07 86368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2072dcfe-6e96-11dd-9f10-005056c00008}]
\Shell\AutoRun\command - F:\w0o.com
\Shell\explore\Command - F:\w0o.com
\Shell\open\Command - F:\w0o.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4122f4ec-fa68-11dc-9dd5-001b779cf83e}]
\Shell\AutoRun\command - 2ifetri.cmd
\Shell\explore\Command - 2ifetri.cmd
\Shell\open\Command - 2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e633a6a-56ef-11dd-9ec5-005056c00008}]
\Shell\AutoRun\command - w0o.com
\Shell\explore\Command - w0o.com
\Shell\open\Command - w0o.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e31562-7d6d-11dd-9f35-005056c00008}]
\Shell\AutoRun\command - f:\system\DriveGuard\DriveProtect.exe -run 
\Shell\Explore\Command - f:\system\DriveGuard\DriveProtect.exe -run  
\Shell\Open\Command - f:\system\DriveGuard\DriveProtect.exe -run 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab61ec0-39e6-11dd-9e81-001b779cf83e}]
\Shell\Auto\command - F:\servet.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL servet.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d3079da-1c35-11dd-9e3d-001b779cf83e}]
\Shell\AutoRun\command - mvxm.cmd
\Shell\explore\Command - mvxm.cmd
\Shell\open\Command - mvxm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b40fbeb3-da28-11dc-9d7c-001b779cf83e}]
\Shell\AutoRun\command - F:\x.com
\Shell\explore\Command - F:\x.com
\Shell\open\Command - F:\x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b40fbeb4-da28-11dc-9d7c-001b779cf83e}]
\Shell\AutoRun\command - G:\x.com
\Shell\explore\Command - G:\x.com
\Shell\open\Command - G:\x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcdeaa66-5ada-11dd-9ed2-005056c00008}]
\Shell\AutoRun\command - f:\autorun\AutoStart.exe
\Shell\Explore\Command - f:\autorun\AutoStart.exe
\Shell\Open\Command - f:\autorun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef36815a-5331-11dd-9eb5-005056c00008}]
\Shell\AutoRun\command - F:\2ifetri.cmd
\Shell\explore\Command - F:\2ifetri.cmd
\Shell\open\Command - F:\2ifetri.cmd
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 00:45:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???`g??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBCOAdmin-jeevan]
"ImagePath"="C:/tibco/administrator/domain/jeevan/bin/tibcoadmin_jeevan.exe --ntservice \"TIBCOAdmin-jeevan\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBCOAdmin-kasarla]
"ImagePath"="C:/tibco/administrator/domain/kasarla/bin/tibcoadmin_kasarla.exe --ntservice \"TIBCOAdmin-kasarla\""
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBHawkAgent-jeevan-JeevanChandra]
"ImagePath"="C:/tibco/tra/domain/jeevan/hawkagent_jeevan.exe --ntservice \"TIBHawkAgent-jeevan-JeevanChandra\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBHawkAgent-kasarla-JeevanChandra]
"ImagePath"="C:/tibco/tra/domain/kasarla/hawkagent_kasarla.exe --ntservice \"TIBHawkAgent-kasarla-JeevanChandra\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBCOAdmin-jeevan]
"ImagePath"="C:/tibco/administrator/domain/jeevan/bin/tibcoadmin_jeevan.exe --ntservice \"TIBCOAdmin-jeevan\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBCOAdmin-kasarla]
"ImagePath"="C:/tibco/administrator/domain/kasarla/bin/tibcoadmin_kasarla.exe --ntservice \"TIBCOAdmin-kasarla\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBHawkAgent-jeevan-JeevanChandra]
"ImagePath"="C:/tibco/tra/domain/jeevan/hawkagent_jeevan.exe --ntservice \"TIBHawkAgent-jeevan-JeevanChandra\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TIBHawkAgent-kasarla-JeevanChandra]
"ImagePath"="C:/tibco/tra/domain/kasarla/hawkagent_kasarla.exe --ntservice \"TIBHawkAgent-kasarla-JeevanChandra\""
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Vongo\VongoService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-11-25 0:57:57 - machine was rebooted [Jeevan]
ComboFix-quarantined-files.txt 2008-11-24 19:27:52

Pre-Run: 18,136,326,144 bytes free
Post-Run: 18,119,577,600 bytes free

237 --- E O F --- 2008-11-14 04:13:00


i am not sure where it went wrong.

Please help me .

Edited by JC81, 24 November 2008 - 03:22 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:09 PM

Posted 24 November 2008 - 04:13 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.


Well, the first place you went wrong was when you decided to use Combofix without having an experienced helper.

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Let's remove Combofix first and then we'll go from there.


Follow this process to uninstall Combofix. It will also restore a few settings and remove quarantined items.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image


=====================


Please download random's system information tool (RSIT) and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 JC81

JC81
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 25 November 2008 - 12:58 PM

Hi Sam,

Thanks for helping me. i un installed ComboFix and i ran RSIT.
Please find both the logs.


log file from info.txt:


info.txt logfile of random's system information tool 1.04 2008-11-25 23:17:49

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Dora's Carnival Adventure\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tinos Fruit Stand\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
Disk Heal-->C:\Program Files\Disk Heal\Uninstall Disk Heal.exe
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0035-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE247E71-C143-40BB-ADF2-A465DF062BAB}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Development Kit 5.0-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150000}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java 2 Runtime Environment Standard Edition v1.3-->C:\WINDOWS\IsUninst.exe -fC:\Hyperion\Essbase\java\jre13\Uninst.isu
Java Runtime Environment 1.5.0-->C:\tibco\jre\1.5.0\_uninst\Tibuninstall.exe
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Nero 7 Premium-->MsiExec.exe /I{38E0C491-5230-4373-B62E-F1A6E94B1033}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
PDF Editor 2-->C:\WINDOWS\cadkasdeinst01e.exe "C:\Program Files\PDF Editor 2\"
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealProducer Basic 8.5-->C:\Program Files\Real\RealProducer\rnuninst.exe RealNetworks|RealProducer|8.5
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TextPad 4.7-->MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
Third Party Core Libraries 5.5.0-->C:\tibco\tpcl\5.5\_uninst\Tibuninstall.exe
TIBCO Adapter for ActiveDatabase 5.4.0-->C:\tibco\adapter\adadb\5.4\_uninst\Tibuninstall.exe
TIBCO Adapter For Files 5.5.0-->C:\tibco\adapter\adfiles\5.5\_uninst\Tibuninstall.exe
TIBCO Administrator Enterprise Edition 5.4.0-->C:\tibco\administrator\5.4\_uninst\Tibuninstall.exe
TIBCO BusinessEvents Enterprise Edition 2.0.0-->C:\tibco\be\2.0\_uninst\Tibuninstall.exe
TIBCO BusinessWorks 5.4.0-->C:\tibco\bw\5.4\_uninst\Tibuninstall.exe
TIBCO Designer 5.5.0-->C:\tibco\designer\5.5\_uninst\Tibuninstall.exe
TIBCO EMS 4.4.1-->C:\tibco\ems\_uninst\Tibuninstall.exe
TIBCO Hawk 4.7.0-->C:\tibco\hawk\_uninst\Tibuninstall.exe
TIBCO Runtime Agent 5.5.1-->C:\tibco\tra\5.5\_uninst\Tibuninstall.exe
TIBCO SDK 5.5.0-->C:\tibco\adapter\sdk\5.5\_uninst\Tibuninstall.exe
TIB-Rendezvous Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7E666AB-9DEA-11D3-AF76-00A02481F87F}\setup.exe" -l0x9 -removeonly
TourSetup-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Vongo-->MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Home Network Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O2 - BHO: (no name) - {47404406-B497-48A9-8C2D-65790455D010} - C:\WINDOWS\system32\cfgbken.dll
O2 - BHO: (no name) - {47404406-B497-48A9-8C2D-65790455D010} - C:\WINDOWS\system32\cfgbken.dll

======Security center information======

AV: AVG 7.5.549

======Environment variables======

"CLASSPATH"=.;C:\tibco\tibrv\LIB\tibrvj.jar;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_05\lib;.;C:\Program Files\Java\jre1.6.0_05\lib\rt.jar;.;C:\Program Files\Java\jdk1.5.0\lib;.;C:\Program Files\Java\jdk1.5.0\jre\lib;.;
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEFAULT_CA_NR"=CA6
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\tibco\tibrv\BIN;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Java\jre1.6.0_05\bin;.;C:\Program Files\Java\jdk1.5.0\bin;C:\Program Files\Java\jdk1.5.0\jre\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PCTYPE"=PRESARIO
"PLATFORM"=MCD
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e0c
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------


Log file from the log.txt


Logfile of random's system information tool 1.04 (written by random/random)
Run by Jeevan at 2008-11-25 23:17:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (17%) free of 104 GB
Total RAM: 2038 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:42 PM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Vongo\Tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Documents and Settings\Jeevan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jeevan.exe
C:\WINDOWS\system32\igfxsrvc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60287
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60287
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {47404406-B497-48A9-8C2D-65790455D010} - C:\WINDOWS\system32\cfgbken.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC84EA2-E31D-4267-8258-41320B01E0E7}: NameServer = 202.54.29.5,202.54.12.164
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TIBCO Administrator 5.4 (jeevan) (TIBCOAdmin-jeevan) - Unknown owner - C:/tibco/administrator/domain/jeevan/bin/tibcoadmin_jeevan.exe
O23 - Service: TIBCO Administrator 5.4 (kasarla) (TIBCOAdmin-kasarla) - Unknown owner - C:/tibco/administrator/domain/kasarla/bin/tibcoadmin_kasarla.exe
O23 - Service: TIBCO EMS Server (PID: 1864) (tibemsd) - Unknown owner - C:\tibco\ems\bin\emsntsct.exe
O23 - Service: TIBCO Hawk Agent (TIBHawkAgent) - Unknown owner - C:\tibco\hawk\bin\tibhawkagentnt.exe
O23 - Service: TIBCO Hawk Agent (jeevan) (TIBHawkAgent-jeevan-JeevanChandra) - Unknown owner - C:/tibco/tra/domain/jeevan/hawkagent_jeevan.exe
O23 - Service: TIBCO Hawk Agent (kasarla) (TIBHawkAgent-kasarla-JeevanChandra) - Unknown owner - C:/tibco/tra/domain/kasarla/hawkagent_kasarla.exe
O23 - Service: TIBCO Hawk Event (TIBHawkEvent) - Unknown owner - C:\tibco\hawk\bin\tibhawkeventnt.exe
O23 - Service: TIBCO Hawk HMA (TIBHawkHMA) - Unknown owner - C:\tibco\hawk\bin\tibhawkhma.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 11447 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-13 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47404406-B497-48A9-8C2D-65790455D010}]
C:\WINDOWS\system32\cfgbken.dll [2008-04-14 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-20 102400]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-12 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-12 81920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-20 163840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-13 185896]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-17 590848]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-08-22 94208]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico

C:\Documents and Settings\Jeevan\Start Menu\Programs\StartUp
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2008-05-14 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\tibco\designer\5.5\bin\designer.exe"="C:\tibco\designer\5.5\bin\designer.exe:*:Enabled:designer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
""=""
"C:\Program Files\Vongo\VongoService.exe"="C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2072dcfe-6e96-11dd-9f10-005056c00008}]
shell\AutoRun\command - F:\w0o.com
shell\explore\command - F:\w0o.com
shell\open\command - F:\w0o.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4122f4ec-fa68-11dc-9dd5-001b779cf83e}]
shell\AutoRun\command - 2ifetri.cmd
shell\explore\command - 2ifetri.cmd
shell\open\command - 2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e633a6a-56ef-11dd-9ec5-005056c00008}]
shell\AutoRun\command - w0o.com
shell\explore\command - w0o.com
shell\open\command - w0o.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e31562-7d6d-11dd-9f35-005056c00008}]
shell\AutoRun\command - F:\System\DriveGuard\DriveProtect.exe -run 
shell\Explore\command - F:\System\DriveGuard\DriveProtect.exe -run  
shell\Open\command - F:\System\DriveGuard\DriveProtect.exe -run 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab61ec0-39e6-11dd-9e81-001b779cf83e}]
shell\Auto\command - F:\servet.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL servet.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d3079da-1c35-11dd-9e3d-001b779cf83e}]
shell\AutoRun\command - mvxm.cmd
shell\explore\command - mvxm.cmd
shell\open\command - mvxm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b40fbeb3-da28-11dc-9d7c-001b779cf83e}]
shell\AutoRun\command - F:\x.com
shell\explore\command - F:\x.com
shell\open\command - F:\x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b40fbeb4-da28-11dc-9d7c-001b779cf83e}]
shell\AutoRun\command - G:\x.com
shell\explore\command - G:\x.com
shell\open\command - G:\x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcdeaa66-5ada-11dd-9ed2-005056c00008}]
shell\AutoRun\command - F:\AutoRun\AutoStart.exe
shell\Explore\command - F:\AutoRun\AutoStart.exe
shell\Open\command - F:\AutoRun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef36815a-5331-11dd-9eb5-005056c00008}]
shell\AutoRun\command - F:\2ifetri.cmd
shell\explore\command - F:\2ifetri.cmd
shell\open\command - F:\2ifetri.cmd


======List of files/folders created in the last 3 months======

2008-11-25 23:17:15 ----D---- C:\rsit
2008-11-25 10:24:00 ----D---- C:\ComboFix
2008-11-25 02:15:04 ----D---- C:\WINDOWS\temp
2008-11-24 10:48:53 ----D---- C:\WINDOWS\ERUNT
2008-11-24 09:43:19 ----SHD---- C:\Config.Msi
2008-11-21 04:38:05 ----D---- C:\Program Files\Trend Micro
2008-11-21 04:37:53 ----D---- C:\Program Files\Unlocker
2008-11-19 05:50:12 ----D---- C:\WINDOWS\ERDNT
2008-11-19 05:12:22 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-19 04:57:16 ----D---- C:\Program Files\InCode Solutions
2008-11-19 04:44:17 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-11-19 01:55:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-19 01:41:38 ----D---- C:\Documents and Settings\Jeevan\Application Data\TrojanHunter
2008-11-19 01:06:49 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-11-19 01:06:49 ----D---- C:\Program Files\TrojanHunter 5.0
2008-11-17 01:40:17 ----HD---- C:\Program Files\Zero G Registry
2008-11-17 01:31:25 ----D---- C:\Program Files\Oracle
2008-11-16 17:49:56 ----A---- C:\WINDOWS\system32\cfgbken.dll
2008-11-15 01:08:39 ----D---- C:\fun
2008-11-14 09:38:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-14 09:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-14 09:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 21:38:37 ----D---- C:\Program Files\Adobe
2008-10-29 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-29 01:35:11 ----A---- C:\WINDOWS\system32\cont_offersfortoday-remove.exe
2008-10-21 02:32:21 ----D---- C:\BEvents
2008-10-16 13:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 13:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 13:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 13:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 13:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-12 22:29:52 ----D---- C:\egate-stuff
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-22 17:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-22 02:02:22 ----A---- C:\YServer.txt
2008-09-21 21:36:02 ----D---- C:\Program Files\iPod
2008-09-21 21:35:54 ----D---- C:\Program Files\iTunes
2008-09-21 19:19:33 ----D---- C:\General-Docs
2008-09-21 19:15:13 ----D---- C:\Tib_Docs
2008-09-20 16:51:41 ----D---- C:\WINDOWS\Prefetch
2008-09-20 16:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-20 16:49:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-20 16:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-20 16:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-20 16:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-20 16:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-20 16:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-20 16:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-20 16:48:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-20 16:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-20 16:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-20 16:42:31 ----D---- C:\WINDOWS\system32\scripting
2008-09-20 16:42:31 ----D---- C:\WINDOWS\l2schemas
2008-09-20 16:42:30 ----D---- C:\WINDOWS\system32\en
2008-09-20 16:42:30 ----D---- C:\WINDOWS\system32\bits
2008-09-20 16:38:26 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-20 16:30:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-20 02:49:51 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-20 02:49:47 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-20 02:49:47 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-20 02:49:43 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-20 02:49:43 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-20 02:49:41 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-20 02:49:41 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-20 02:49:41 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-20 02:49:41 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-20 02:49:41 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-20 02:49:41 ----N---- C:\WINDOWS\slrundll.exe
2008-09-20 02:49:39 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-20 02:49:39 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-20 02:49:38 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-20 02:49:38 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-20 02:49:37 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-20 02:49:37 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-20 02:49:37 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-20 02:49:37 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-20 02:49:36 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-20 02:49:35 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-20 02:49:31 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-20 02:49:31 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-20 02:49:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-20 02:49:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-20 02:49:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-20 02:49:25 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-20 02:49:20 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-20 02:49:20 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-20 02:49:19 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-20 02:49:19 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-20 02:49:19 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-20 02:49:19 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-20 02:49:14 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-20 02:49:14 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-20 02:49:12 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-20 02:49:11 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-20 02:49:09 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-20 02:49:09 ----A---- C:\WINDOWS\003097_.tmp
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-20 02:49:06 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-20 02:49:06 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-20 02:49:06 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-20 02:49:05 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-20 02:49:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-20 02:49:02 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-20 02:49:02 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-20 02:49:02 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-20 02:49:01 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-20 02:49:01 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-20 02:49:01 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-20 02:49:01 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-20 02:49:01 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-20 02:48:59 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-19 04:20:35 ----D---- C:\WINDOWS\Logs
2008-09-16 22:21:29 ----D---- C:\Program Files\Apple Software Update
2008-09-14 00:38:57 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-14 00:38:57 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-14 00:38:57 ----A---- C:\WINDOWS\system32\java.exe
2008-09-12 01:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-12 01:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-05 23:30:42 ----N---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe

======List of files/folders modified in the last 3 months======

2008-11-25 23:06:27 ----A---- C:\hpqp.ini
2008-11-25 18:36:54 ----D---- C:\WINDOWS
2008-11-25 18:36:15 ----A---- C:\XP_TV.ini
2008-11-25 18:35:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-25 18:13:15 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-25 15:24:35 ----SHD---- C:\System Volume Information
2008-11-25 15:24:35 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 10:24:06 ----D---- C:\WINDOWS\system32
2008-11-25 10:09:59 ----D---- C:\Documents and Settings\Jeevan\Application Data\AVG7
2008-11-25 02:29:14 ----D---- C:\WINDOWS\system32\drivers
2008-11-25 02:16:29 ----A---- C:\WINDOWS\system.ini
2008-11-25 02:13:57 ----D---- C:\WINDOWS\AppPatch
2008-11-25 02:13:57 ----D---- C:\Program Files\Common Files
2008-11-24 23:56:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-24 10:51:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-24 09:43:22 ----D---- C:\Documents and Settings\Jeevan\Application Data\SUPERAntiSpyware.com
2008-11-24 09:43:21 ----SHD---- C:\WINDOWS\Installer
2008-11-24 09:43:21 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-21 04:39:16 ----D---- C:\Program Files
2008-11-21 01:00:44 ----RHD---- C:\$VAULT$.AVG
2008-11-17 00:25:46 ----D---- C:\Project_SourceCode
2008-11-16 01:52:14 ----D---- C:\Jeevan
2008-11-14 09:38:41 ----HD---- C:\WINDOWS\inf
2008-11-14 09:38:27 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 09:37:39 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 09:35:52 ----D---- C:\WINDOWS\WinSxS
2008-11-12 21:38:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-12 21:38:03 ----D---- C:\Program Files\Common Files\Adobe
2008-11-10 11:06:32 ----D---- C:\NReddy
2008-11-04 05:40:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-20 12:56:25 ----D---- C:\Songs_Telugu
2008-10-16 14:00:40 ----D---- C:\Program Files\Internet Explorer
2008-10-16 13:09:14 ----D---- C:\WINDOWS\ie7updates
2008-10-16 13:08:16 ----A---- C:\WINDOWS\win.ini
2008-10-15 22:04:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 00:24:01 ----D---- C:\tibco
2008-10-11 02:51:54 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-10-03 23:11:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-21 22:59:26 ----D---- C:\software dumps
2008-09-21 21:30:25 ----D---- C:\Program Files\WinRAR
2008-09-21 15:11:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-20 18:24:02 ----D---- C:\Roommates_Temp
2008-09-20 18:11:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-20 18:11:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-20 18:09:51 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-09-20 16:53:08 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-20 16:51:49 ----A---- C:\WINDOWS\setuplog.txt
2008-09-20 16:51:05 ----D---- C:\WINDOWS\system32\wbem
2008-09-20 16:51:05 ----D---- C:\WINDOWS\system32\Setup
2008-09-20 16:51:04 ----RSD---- C:\WINDOWS\Fonts
2008-09-20 16:49:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 16:48:10 ----D---- C:\Program Files\Messenger
2008-09-20 16:47:44 ----D---- C:\WINDOWS\security
2008-09-20 16:42:44 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-20 16:42:44 ----D---- C:\WINDOWS\network diagnostic
2008-09-20 16:42:44 ----D---- C:\WINDOWS\ime
2008-09-20 16:42:43 ----D---- C:\WINDOWS\Help
2008-09-20 16:42:31 ----D---- C:\WINDOWS\system32\usmt
2008-09-20 16:42:31 ----D---- C:\WINDOWS\system32\en-US
2008-09-20 16:42:30 ----D---- C:\WINDOWS\PeerNet
2008-09-20 16:42:30 ----D---- C:\Program Files\Movie Maker
2008-09-20 16:38:14 ----D---- C:\WINDOWS\system32\npp
2008-09-20 16:38:14 ----D---- C:\WINDOWS\mui
2008-09-20 16:38:13 ----D---- C:\WINDOWS\msagent
2008-09-20 16:38:10 ----D---- C:\WINDOWS\srchasst
2008-09-20 16:38:08 ----D---- C:\Program Files\NetMeeting
2008-09-20 16:38:04 ----D---- C:\WINDOWS\system32\Com
2008-09-20 16:38:01 ----D---- C:\Program Files\Windows Media Player
2008-09-20 16:38:00 ----D---- C:\Program Files\Windows NT
2008-09-20 16:38:00 ----D---- C:\Program Files\Outlook Express
2008-09-20 16:37:50 ----D---- C:\Program Files\Common Files\System
2008-09-20 16:37:35 ----D---- C:\WINDOWS\system32\oobe
2008-09-20 16:37:30 ----D---- C:\WINDOWS\system
2008-09-20 16:32:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-20 16:30:07 ----D---- C:\WINDOWS\ehome
2008-09-20 00:57:48 ----D---- C:\WINDOWS\Debug
2008-09-19 04:20:55 ----RD---- C:\WINDOWS\Web
2008-09-19 04:20:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-16 22:21:30 ----SD---- C:\WINDOWS\Tasks
2008-09-14 00:38:57 ----D---- C:\Program Files\Java
2008-09-05 23:30:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-04 22:45:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-31 15:06:37 ----D---- C:\Program Files\DNA
2008-08-30 12:03:30 ----D---- C:\Documents and Settings\Jeevan\Application Data\DNA
2008-08-27 13:54:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 13:20:19 ----D---- C:\WINDOWS\SHELLNEW
2008-08-26 12:54:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 12:54:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 12:54:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 12:54:30 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-26 12:54:30 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-26 12:54:30 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-26 12:54:30 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 12:54:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 12:54:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 12:54:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 12:54:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 12:54:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 12:54:29 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 12:54:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 12:54:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 12:54:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 12:54:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 12:54:28 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 12:54:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 12:54:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 12:54:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 12:54:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 12:54:28 ----A---- C:\WINDOWS\system32\advpack.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-03-06 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-03-06 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-03-06 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-03-06 10760]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-20 7808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-03-06 4960]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-04-11 163328]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-20 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-20 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-20 208000]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-21 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-20 727296]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-13 57320]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-20 5760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 W700bus;Sony Ericsson W700 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\W700bus.sys [2008-03-07 61536]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2008-03-07 9264]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2008-03-07 97056]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2008-03-07 88560]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\W700obex.sys [2008-03-07 86368]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-09-07 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-09-07 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-09-07 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-09-07 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-09-07 85664]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2005-10-07 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2005-10-07 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2005-10-07 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2005-10-07 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2005-10-07 83344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-03-06 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-03-06 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-03-06 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-19 49152]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 Vongo Service;Vongo Service; C:\Program Files\Vongo\VongoService.exe [2006-05-09 176128]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-13 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TIBCOAdmin-jeevan;TIBCO Administrator 5.4 (jeevan); C:/tibco/administrator/domain/jeevan/bin/tibcoadmin_jeevan.exe --ntservice TIBCOAdmin-jeevan []
S3 TIBCOAdmin-kasarla;TIBCO Administrator 5.4 (kasarla); C:/tibco/administrator/domain/kasarla/bin/tibcoadmin_kasarla.exe --ntservice TIBCOAdmin-kasarla []
S3 tibemsd;TIBCO EMS Server (PID: 1864); C:\tibco\ems\bin\emsntsct.exe [2007-03-03 49152]
S3 TIBHawkAgent;TIBCO Hawk Agent; C:\tibco\hawk\bin\tibhawkagentnt.exe [2006-10-06 57344]
S3 TIBHawkAgent-jeevan-JeevanChandra;TIBCO Hawk Agent (jeevan); C:/tibco/tra/domain/jeevan/hawkagent_jeevan.exe --ntservice TIBHawkAgent-jeevan-JeevanChandra []
S3 TIBHawkAgent-kasarla-JeevanChandra;TIBCO Hawk Agent (kasarla); C:/tibco/tra/domain/kasarla/hawkagent_kasarla.exe --ntservice TIBHawkAgent-kasarla-JeevanChandra []
S3 TIBHawkEvent;TIBCO Hawk Event; C:\tibco\hawk\bin\tibhawkeventnt.exe [2006-10-06 57344]
S3 TIBHawkHMA;TIBCO Hawk HMA; C:\tibco\hawk\bin\tibhawkhma.exe [2006-10-06 462848]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


Sorry for the late reply.
i am looking for your response.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:09 PM

Posted 25 November 2008 - 01:35 PM

Let's see what we can do about this.
Make sure that your secondary drives G: and F: are connected and on.


Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\system32\cfgbken.dll
    C:\ComboFix
    F:\2ifetri.cmd
    F:\AutoRun\AutoStart.exe
    G:\x.com
    F:\x.com
    F:\servet.exe
    F:\System\DriveGuard\DriveProtect.exe
    F:\w0o.com
    
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2072dcfe-6e96-11dd-9f10-005056c00008}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4122f4ec-fa68-11dc-9dd5-001b779cf83e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e633a6a-56ef-11dd-9ec5-005056c00008}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e31562-7d6d-11dd-9f35-005056c00008}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab61ec0-39e6-11dd-9e81-001b779cf83e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d3079da-1c35-11dd-9e3d-001b779cf83e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b40fbeb3-da28-11dc-9d7c-001b779cf83e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b40fbeb4-da28-11dc-9d7c-001b779cf83e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcdeaa66-5ada-11dd-9ed2-005056c00008}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef36815a-5331-11dd-9eb5-005056c00008}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47404406-B497-48A9-8C2D-65790455D010}]
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


===================



Download and save Java Runtime Environment (JRE) 6 Update 10 to your Desktop here.

Please download JavaRa and unzip it to your Desktop.

***Please close any instances of Internet Explorer or Firefox before continuing!***


* Double-click on JavaRa.exe to start the program.
* From the drop-down menu, choose English and click on Select.
* JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
* Click Yes when prompted.
* When JavaRa is finished, a notice will appear that a logfile has been produced. Click OK.
* A logfile will pop up. Please post this log in your next reply.

Finally, reboot the computer, then install the Java you downloaded earlier.


Please post a new log from RSIT also.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 JC81

JC81
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 25 November 2008 - 02:34 PM

Hi SAm

Please find the below logs.

OTMOVEitlog:

========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\cfgbken.dll
C:\WINDOWS\system32\cfgbken.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cfgbken.dll scheduled to be moved on reboot.
C:\ComboFix moved successfully.
File/Folder F:\2ifetri.cmd not found.
File/Folder F:\AutoRun\AutoStart.exe not found.
File/Folder G:\x.com not found.
File/Folder F:\x.com not found.
File/Folder F:\servet.exe not found.
File/Folder F:\System\DriveGuard\DriveProtect.exe not found.
File/Folder F:\w0o.com not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2072dcfe-6e96-11dd-9f10-005056c00008}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4122f4ec-fa68-11dc-9dd5-001b779cf83e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e633a6a-56ef-11dd-9ec5-005056c00008}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e31562-7d6d-11dd-9f35-005056c00008}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab61ec0-39e6-11dd-9e81-001b779cf83e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d3079da-1c35-11dd-9e3d-001b779cf83e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b40fbeb3-da28-11dc-9d7c-001b779cf83e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b40fbeb4-da28-11dc-9d7c-001b779cf83e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcdeaa66-5ada-11dd-9ed2-005056c00008}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef36815a-5331-11dd-9eb5-005056c00008}\\ deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47404406-B497-48A9-8C2D-65790455D010}\\ .
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Jeevan\LOCALS~1\Temp\Perflib_Perfdata_7d8.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jeevan\LOCALS~1\Temp\Perflib_Perfdata_d28.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jeevan\LOCALS~1\Temp\sqlite_3D77tZjisKQ3FwN scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jeevan\LOCALS~1\Temp\syvbeiai.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Jeevan\LOCALS~1\Temp\~DF7DA6.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\sqlite_FGjbman16Xhg58p scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11262008_004354

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\cfgbken.dll
C:\WINDOWS\system32\cfgbken.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cfgbken.dll scheduled to be moved on reboot.
File C:\DOCUME~1\Jeevan\LOCALS~1\Temp\Perflib_Perfdata_7d8.dat not found!
File C:\DOCUME~1\Jeevan\LOCALS~1\Temp\Perflib_Perfdata_d28.dat not found!
File C:\DOCUME~1\Jeevan\LOCALS~1\Temp\sqlite_3D77tZjisKQ3FwN not found!
File C:\DOCUME~1\Jeevan\LOCALS~1\Temp\syvbeiai.dat not found!
File C:\DOCUME~1\Jeevan\LOCALS~1\Temp\~DF7DA6.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\sqlite_FGjbman16Xhg58p moved successfully.


JavaRa.log:

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Nov 26 00:52:11 2008

Found and removed: C:\Program Files\Java\jre1.5.0

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64

Found and removed: C:\Documents and Settings\All Users\Start Menu\Programs\Java 2 Runtime Environment

Found and removed: SOFTWARE\Classes\JavaSoft.JavaBeansBridge

Found and removed: SOFTWARE\Classes\JavaSoft.JavaBeansBridge.1

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.Exe

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JRE 1.3

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\JavaPlugin.150

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150000}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

RSIT log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jeevan at 2008-11-26 00:57:37
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (17%) free of 104 GB
Total RAM: 2038 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:52 AM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Vongo\Tray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Jeevan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jeevan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60287
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60287
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {47404406-B497-48A9-8C2D-65790455D010} - C:\WINDOWS\system32\cfgbken.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CC84EA2-E31D-4267-8258-41320B01E0E7}: NameServer = 202.54.29.5,202.54.12.164
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TIBCO Administrator 5.4 (jeevan) (TIBCOAdmin-jeevan) - Unknown owner - C:/tibco/administrator/domain/jeevan/bin/tibcoadmin_jeevan.exe
O23 - Service: TIBCO Administrator 5.4 (kasarla) (TIBCOAdmin-kasarla) - Unknown owner - C:/tibco/administrator/domain/kasarla/bin/tibcoadmin_kasarla.exe
O23 - Service: TIBCO EMS Server (PID: 1864) (tibemsd) - Unknown owner - C:\tibco\ems\bin\emsntsct.exe
O23 - Service: TIBCO Hawk Agent (TIBHawkAgent) - Unknown owner - C:\tibco\hawk\bin\tibhawkagentnt.exe
O23 - Service: TIBCO Hawk Agent (jeevan) (TIBHawkAgent-jeevan-JeevanChandra) - Unknown owner - C:/tibco/tra/domain/jeevan/hawkagent_jeevan.exe
O23 - Service: TIBCO Hawk Agent (kasarla) (TIBHawkAgent-kasarla-JeevanChandra) - Unknown owner - C:/tibco/tra/domain/kasarla/hawkagent_kasarla.exe
O23 - Service: TIBCO Hawk Event (TIBHawkEvent) - Unknown owner - C:\tibco\hawk\bin\tibhawkeventnt.exe
O23 - Service: TIBCO Hawk HMA (TIBHawkHMA) - Unknown owner - C:\tibco\hawk\bin\tibhawkhma.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 11546 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-13 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47404406-B497-48A9-8C2D-65790455D010}]
C:\WINDOWS\system32\cfgbken.dll [2008-04-14 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-20 102400]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-12 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-12 81920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-20 163840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-13 185896]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-17 590848]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-08-22 94208]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico

C:\Documents and Settings\Jeevan\Start Menu\Programs\StartUp
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2008-05-14 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\tibco\designer\5.5\bin\designer.exe"="C:\tibco\designer\5.5\bin\designer.exe:*:Enabled:designer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
""=""
"C:\Program Files\Vongo\VongoService.exe"="C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-11-26 00:57:00 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-26 00:57:00 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-26 00:57:00 ----A---- C:\WINDOWS\system32\java.exe
2008-11-26 00:57:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-26 00:44:22 ----SHD---- C:\RECYCLER
2008-11-26 00:43:54 ----D---- C:\_OTMoveIt
2008-11-25 23:17:15 ----D---- C:\rsit
2008-11-25 02:15:04 ----D---- C:\WINDOWS\temp
2008-11-24 10:48:53 ----D---- C:\WINDOWS\ERUNT
2008-11-21 04:38:05 ----D---- C:\Program Files\Trend Micro
2008-11-21 04:37:53 ----D---- C:\Program Files\Unlocker
2008-11-19 05:50:12 ----D---- C:\WINDOWS\ERDNT
2008-11-19 05:12:22 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-19 04:57:16 ----D---- C:\Program Files\InCode Solutions
2008-11-19 04:44:17 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-11-19 01:55:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-19 01:41:38 ----D---- C:\Documents and Settings\Jeevan\Application Data\TrojanHunter
2008-11-19 01:06:49 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-11-19 01:06:49 ----D---- C:\Program Files\TrojanHunter 5.0
2008-11-17 01:40:17 ----HD---- C:\Program Files\Zero G Registry
2008-11-17 01:31:25 ----D---- C:\Program Files\Oracle
2008-11-16 17:49:56 ----A---- C:\WINDOWS\system32\cfgbken.dll
2008-11-15 01:08:39 ----D---- C:\fun
2008-11-14 09:38:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-14 09:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-14 09:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 21:38:37 ----D---- C:\Program Files\Adobe
2008-10-29 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-29 01:35:11 ----A---- C:\WINDOWS\system32\cont_offersfortoday-remove.exe
2008-10-21 02:32:21 ----D---- C:\BEvents
2008-10-16 13:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 13:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 13:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 13:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 13:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-12 22:29:52 ----D---- C:\egate-stuff
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-22 17:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-22 02:02:22 ----A---- C:\YServer.txt
2008-09-21 21:36:02 ----D---- C:\Program Files\iPod
2008-09-21 21:35:54 ----D---- C:\Program Files\iTunes
2008-09-21 19:19:33 ----D---- C:\General-Docs
2008-09-21 19:15:13 ----D---- C:\Tib_Docs
2008-09-20 16:51:41 ----D---- C:\WINDOWS\Prefetch
2008-09-20 16:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-20 16:49:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-20 16:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-20 16:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-20 16:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-20 16:48:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-20 16:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-20 16:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-20 16:48:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-20 16:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-20 16:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-20 16:42:31 ----D---- C:\WINDOWS\system32\scripting
2008-09-20 16:42:31 ----D---- C:\WINDOWS\l2schemas
2008-09-20 16:42:30 ----D---- C:\WINDOWS\system32\en
2008-09-20 16:42:30 ----D---- C:\WINDOWS\system32\bits
2008-09-20 16:38:26 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-20 16:30:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-20 02:49:51 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-20 02:49:47 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-20 02:49:47 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-20 02:49:43 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-20 02:49:43 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-20 02:49:41 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-20 02:49:41 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-20 02:49:41 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-20 02:49:41 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-20 02:49:41 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-20 02:49:41 ----N---- C:\WINDOWS\slrundll.exe
2008-09-20 02:49:39 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-20 02:49:39 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-20 02:49:38 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-20 02:49:38 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-20 02:49:37 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-20 02:49:37 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-20 02:49:37 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-20 02:49:37 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-20 02:49:36 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-20 02:49:35 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-20 02:49:32 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-20 02:49:31 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-20 02:49:31 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-20 02:49:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-20 02:49:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-20 02:49:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-20 02:49:25 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-20 02:49:20 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-20 02:49:20 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-20 02:49:19 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-20 02:49:19 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-20 02:49:19 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-20 02:49:19 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-20 02:49:14 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-20 02:49:14 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-20 02:49:12 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-20 02:49:11 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-20 02:49:09 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-20 02:49:09 ----A---- C:\WINDOWS\003097_.tmp
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-20 02:49:08 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-20 02:49:07 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-20 02:49:06 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-20 02:49:06 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-20 02:49:06 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-20 02:49:05 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-20 02:49:02 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-20 02:49:02 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-20 02:49:02 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-20 02:49:02 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-20 02:49:01 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-20 02:49:01 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-20 02:49:01 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-20 02:49:01 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-20 02:49:01 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-20 02:48:59 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-19 04:20:35 ----D---- C:\WINDOWS\Logs
2008-09-16 22:21:29 ----D---- C:\Program Files\Apple Software Update
2008-09-12 01:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-12 01:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-05 23:30:42 ----N---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe

======List of files/folders modified in the last 3 months======

2008-11-26 00:57:03 ----SHD---- C:\WINDOWS\Installer
2008-11-26 00:57:00 ----D---- C:\WINDOWS\system32
2008-11-26 00:56:42 ----D---- C:\Program Files\Java
2008-11-26 00:55:31 ----A---- C:\hpqp.ini
2008-11-26 00:55:23 ----D---- C:\WINDOWS
2008-11-26 00:54:59 ----A---- C:\XP_TV.ini
2008-11-26 00:53:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-25 18:13:15 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-25 15:24:35 ----SHD---- C:\System Volume Information
2008-11-25 15:24:35 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 10:09:59 ----D---- C:\Documents and Settings\Jeevan\Application Data\AVG7
2008-11-25 02:29:14 ----D---- C:\WINDOWS\system32\drivers
2008-11-25 02:16:29 ----A---- C:\WINDOWS\system.ini
2008-11-25 02:13:57 ----D---- C:\WINDOWS\AppPatch
2008-11-25 02:13:57 ----D---- C:\Program Files\Common Files
2008-11-24 23:56:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-24 10:51:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-24 09:43:22 ----D---- C:\Documents and Settings\Jeevan\Application Data\SUPERAntiSpyware.com
2008-11-24 09:43:21 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-21 04:39:16 ----D---- C:\Program Files
2008-11-21 01:00:44 ----RHD---- C:\$VAULT$.AVG
2008-11-17 00:25:46 ----D---- C:\Project_SourceCode
2008-11-16 01:52:14 ----D---- C:\Jeevan
2008-11-14 09:38:41 ----HD---- C:\WINDOWS\inf
2008-11-14 09:38:27 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 09:37:39 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 09:35:52 ----D---- C:\WINDOWS\WinSxS
2008-11-12 21:38:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-12 21:38:03 ----D---- C:\Program Files\Common Files\Adobe
2008-11-10 11:06:32 ----D---- C:\NReddy
2008-11-04 05:40:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-20 12:56:25 ----D---- C:\Songs_Telugu
2008-10-16 14:00:40 ----D---- C:\Program Files\Internet Explorer
2008-10-16 13:09:14 ----D---- C:\WINDOWS\ie7updates
2008-10-16 13:08:16 ----A---- C:\WINDOWS\win.ini
2008-10-15 22:04:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 00:24:01 ----D---- C:\tibco
2008-10-11 02:51:54 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-10-03 23:11:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-21 22:59:26 ----D---- C:\software dumps
2008-09-21 21:30:25 ----D---- C:\Program Files\WinRAR
2008-09-21 15:11:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-20 18:24:02 ----D---- C:\Roommates_Temp
2008-09-20 18:11:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-20 18:11:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-20 18:09:51 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-09-20 16:53:08 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-20 16:51:49 ----A---- C:\WINDOWS\setuplog.txt
2008-09-20 16:51:05 ----D---- C:\WINDOWS\system32\wbem
2008-09-20 16:51:05 ----D---- C:\WINDOWS\system32\Setup
2008-09-20 16:51:04 ----RSD---- C:\WINDOWS\Fonts
2008-09-20 16:49:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 16:48:10 ----D---- C:\Program Files\Messenger
2008-09-20 16:47:44 ----D---- C:\WINDOWS\security
2008-09-20 16:42:44 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-20 16:42:44 ----D---- C:\WINDOWS\network diagnostic
2008-09-20 16:42:44 ----D---- C:\WINDOWS\ime
2008-09-20 16:42:43 ----D---- C:\WINDOWS\Help
2008-09-20 16:42:31 ----D---- C:\WINDOWS\system32\usmt
2008-09-20 16:42:31 ----D---- C:\WINDOWS\system32\en-US
2008-09-20 16:42:30 ----D---- C:\WINDOWS\PeerNet
2008-09-20 16:42:30 ----D---- C:\Program Files\Movie Maker
2008-09-20 16:38:14 ----D---- C:\WINDOWS\system32\npp
2008-09-20 16:38:14 ----D---- C:\WINDOWS\mui
2008-09-20 16:38:13 ----D---- C:\WINDOWS\msagent
2008-09-20 16:38:10 ----D---- C:\WINDOWS\srchasst
2008-09-20 16:38:08 ----D---- C:\Program Files\NetMeeting
2008-09-20 16:38:04 ----D---- C:\WINDOWS\system32\Com
2008-09-20 16:38:01 ----D---- C:\Program Files\Windows Media Player
2008-09-20 16:38:00 ----D---- C:\Program Files\Windows NT
2008-09-20 16:38:00 ----D---- C:\Program Files\Outlook Express
2008-09-20 16:37:50 ----D---- C:\Program Files\Common Files\System
2008-09-20 16:37:35 ----D---- C:\WINDOWS\system32\oobe
2008-09-20 16:37:30 ----D---- C:\WINDOWS\system
2008-09-20 16:32:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-20 16:30:07 ----D---- C:\WINDOWS\ehome
2008-09-20 00:57:48 ----D---- C:\WINDOWS\Debug
2008-09-19 04:20:55 ----RD---- C:\WINDOWS\Web
2008-09-19 04:20:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-16 22:21:30 ----SD---- C:\WINDOWS\Tasks
2008-09-05 23:30:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-04 22:45:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-08-31 15:06:37 ----D---- C:\Program Files\DNA
2008-08-30 12:03:30 ----D---- C:\Documents and Settings\Jeevan\Application Data\DNA
2008-08-27 13:54:32 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-03-06 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-03-06 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-03-06 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-03-06 10760]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-20 7808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-03-06 4960]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-04-11 163328]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-20 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-04-20 995712]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-04-20 208000]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-17 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-21 1429632]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-04-20 727296]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-13 57320]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-20 5760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 W700bus;Sony Ericsson W700 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\W700bus.sys [2008-03-07 61536]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2008-03-07 9264]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2008-03-07 97056]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2008-03-07 88560]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\W700obex.sys [2008-03-07 86368]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINDOWS\system32\DRIVERS\w800bus.sys [2005-09-07 60768]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w800mdfl.sys [2005-09-07 9264]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\w800mdm.sys [2005-09-07 96224]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\w800mgmt.sys [2005-09-07 87792]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\w800obex.sys [2005-09-07 85664]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2005-10-07 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2005-10-07 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2005-10-07 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2005-10-07 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2005-10-07 83344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-03-06 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-03-06 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-03-06 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-19 49152]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 Vongo Service;Vongo Service; C:\Program Files\Vongo\VongoService.exe [2006-05-09 176128]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-13 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TIBCOAdmin-jeevan;TIBCO Administrator 5.4 (jeevan); C:/tibco/administrator/domain/jeevan/bin/tibcoadmin_jeevan.exe --ntservice TIBCOAdmin-jeevan []
S3 TIBCOAdmin-kasarla;TIBCO Administrator 5.4 (kasarla); C:/tibco/administrator/domain/kasarla/bin/tibcoadmin_kasarla.exe --ntservice TIBCOAdmin-kasarla []
S3 tibemsd;TIBCO EMS Server (PID: 1864); C:\tibco\ems\bin\emsntsct.exe [2007-03-03 49152]
S3 TIBHawkAgent;TIBCO Hawk Agent; C:\tibco\hawk\bin\tibhawkagentnt.exe [2006-10-06 57344]
S3 TIBHawkAgent-jeevan-JeevanChandra;TIBCO Hawk Agent (jeevan); C:/tibco/tra/domain/jeevan/hawkagent_jeevan.exe --ntservice TIBHawkAgent-jeevan-JeevanChandra []
S3 TIBHawkAgent-kasarla-JeevanChandra;TIBCO Hawk Agent (kasarla); C:/tibco/tra/domain/kasarla/hawkagent_kasarla.exe --ntservice TIBHawkAgent-kasarla-JeevanChandra []
S3 TIBHawkEvent;TIBCO Hawk Event; C:\tibco\hawk\bin\tibhawkeventnt.exe [2006-10-06 57344]
S3 TIBHawkHMA;TIBCO Hawk HMA; C:\tibco\hawk\bin\tibhawkhma.exe [2006-10-06 462848]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

still we are unable to delete the files.

please help me.

JC81

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:09 PM

Posted 25 November 2008 - 02:39 PM

Yes, I see it still there. We need to find out what's protecting it and then we'll be able to remove it.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 JC81

JC81
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 25 November 2008 - 03:28 PM

SDFix log:


SDFix: Version 1.240
Run by Jeevan on Wed 11/26/2008 at 01:18 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 01:46:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\tibco\\designer\\5.5\\bin\\designer.exe"="C:\\tibco\\designer\\5.5\\bin\\designer.exe:*:Enabled:designer"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
@=""
"C:\\Program Files\\Vongo\\VongoService.exe"="C:\\Program Files\\Vongo\\VongoService.exe:*:enabled:VongoService"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Wed 4 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1.tmp"
Mon 18 Feb 2008 224,678 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"

Finished!

#8 JC81

JC81
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 25 November 2008 - 05:02 PM

hi sam,

here are my findings...may help in removing the virus.

MalwareBytesantiMalware log:

Malwarebytes' Anti-Malware 1.30
Database version: 1423
Windows 5.1.2600 Service Pack 3

11/26/2008 3:30:15 AM
mbam-log-2008-11-26 (03-30-11).txt

Scan type: Quick Scan
Objects scanned: 56431
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47404406-b497-48a9-8c2d-65790455d010} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{47404406-b497-48a9-8c2d-65790455d010} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{47404406-b497-48a9-8c2d-65790455d010} (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cfgbken.dll (Trojan.BHO.H) -> No action taken.

--------------------------------------------------------------------------------------------

looking for your reply.

#9 JC81

JC81
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 26 November 2008 - 01:21 PM

Any suggestions on this...

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:09 PM

Posted 26 November 2008 - 01:39 PM

I'm puzzled by this.

C:\WINDOWS\system32\cfgbken.dll (Trojan.BHO.H) -> No action taken.

Didn't you have Malwarebytes remove the infections that it found?
I need to see the log that shows if removal was successful or not.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 JC81

JC81
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 26 November 2008 - 01:57 PM

this is the log from malware bytes.

Malwarebytes' Anti-Malware 1.30
Database version: 1423
Windows 5.1.2600 Service Pack 3

11/26/2008 3:16:00 AM
mbam-log-2008-11-26 (03-16-00).txt

Scan type: Quick Scan
Objects scanned: 56426
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47404406-b497-48a9-8c2d-65790455d010} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{47404406-b497-48a9-8c2d-65790455d010} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\xbtb00001.ietoolbar (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb00001.ietoolbar.1 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf5c6a80-c938-478c-bc8b-8d7b00788154} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{47404406-b497-48a9-8c2d-65790455d010} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cfgbken.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\cont_offersfortoday-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.


But after rebooting also it didnt delete the cfgbken.dll file

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:09 PM

Posted 26 November 2008 - 02:00 PM

Ok, let's try this.

1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\cfgbken.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


================


Then let's see a more detailed log.

  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 JC81

JC81
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 26 November 2008 - 02:11 PM

avaenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "C:\WINDOWS\system32\cfgbken.dll"
Deletion of file "C:\WINDOWS\system32\cfgbken.dll" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.


OTView log:

OTViewIt logfile created on: 11/27/2008 12:39:19 AM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Jeevan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.27% Memory free
3.84 Gb Paging File | 3.41 Gb Available in Paging File | 88.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.08 Gb Total Space | 16.83 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
Drive D: | 9.68 Gb Total Space | 1.50 Gb Free Space | 15.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEEVANCHANDRA
Current User Name: Jeevan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2006/05/04 11:28:26 | 00,458,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[2008/11/26 00:56:46 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/05/30 18:01:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[2006/06/17 10:52:46 | 00,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2006/07/20 03:44:20 | 00,102,400 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
[2005/02/17 11:41:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/03/06 17:03:07 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe
[2005/08/12 05:00:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/06/20 00:03:12 | 00,163,840 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[2008/03/06 17:03:07 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe
[2008/02/13 17:33:27 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/08/12 05:00:30 | 00,618,496 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
[2008/10/17 17:11:06 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe
[2005/10/26 16:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[2008/03/06 17:03:07 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgemc.exe
[2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2008/06/02 11:13:26 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/08/22 09:52:02 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2007/04/03 16:18:08 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2005/06/08 16:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
[2006/05/09 15:09:32 | 00,073,728 | ---- | M] (Starz) -- C:\Program Files\Vongo\Tray.exe
[2008/11/26 00:56:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/05/19 05:22:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[2005/09/24 21:12:32 | 00,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
[2006/05/09 15:11:10 | 00,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe
[2008/04/14 05:42:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2006/05/03 04:11:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
[2008/04/14 05:42:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
[2008/04/14 05:42:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/04/14 05:42:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/08/23 11:26:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2005/08/10 07:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
[2006/02/24 11:58:14 | 00,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
[2008/11/27 00:34:51 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeevan\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/06/13 01:57:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr [On_Demand | Stopped])
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 22:19:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/05/30 18:01:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
[2008/03/06 17:03:07 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])
[2008/03/06 17:03:07 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])
[2008/03/06 17:03:07 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS [Auto | Running])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (CLTNetCnService [Auto | Stopped])
[2007/04/03 16:18:08 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2006/05/03 04:11:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
[2005/04/04 13:11:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/11/26 00:56:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/05/19 05:22:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped])
[2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
[2008/04/14 05:42:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ [Auto | Running])
[2008/04/14 05:42:27 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers [Auto | Running])
[2006/08/08 21:15:50 | 00,208,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (TIBCOAdmin-jeevan [On_Demand | Stopped])
File not found -- -- (TIBCOAdmin-kasarla [On_Demand | Stopped])
[2007/03/03 00:33:00 | 00,049,152 | ---- | M] () -- C:\tibco\ems\bin\emsntsct.exe -- (tibemsd [On_Demand | Stopped])
[2006/10/06 04:37:18 | 00,057,344 | ---- | M] () -- C:\tibco\hawk\bin\tibhawkagentnt.exe -- (TIBHawkAgent [On_Demand | Stopped])
File not found -- -- (TIBHawkAgent-jeevan-JeevanChandra [On_Demand | Stopped])
File not found -- -- (TIBHawkAgent-kasarla-JeevanChandra [On_Demand | Stopped])
[2006/10/06 04:37:21 | 00,057,344 | ---- | M] () -- C:\tibco\hawk\bin\tibhawkeventnt.exe -- (TIBHawkEvent [On_Demand | Stopped])
[2006/10/06 04:37:17 | 00,462,848 | ---- | M] () -- C:\tibco\hawk\bin\tibhawkhma.exe -- (TIBHawkHMA [On_Demand | Stopped])
[2006/05/09 15:11:10 | 00,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2001/08/18 10:21:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Stopped])
[2008/04/14 00:06:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/18 10:22:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/18 10:21:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2008/03/06 17:03:10 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [System | Running])
[2008/03/06 17:03:13 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
[2008/03/06 17:03:13 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [System | Running])
[2008/03/06 17:03:13 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [System | Running])
[2008/03/06 17:03:13 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
[2006/05/13 01:35:02 | 00,057,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2001/08/18 10:21:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2007/01/18 14:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2007/04/03 16:17:08 | 00,306,295 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2001/08/18 10:22:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2006/04/11 16:05:18 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2005/09/20 02:53:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2005/09/20 02:54:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])
[2008/02/13 14:30:00 | 00,385,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/09/20 02:54:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey [On_Demand | Running])
[2006/06/02 20:32:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService [On_Demand | Running])
[2008/04/13 22:06:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/04/20 21:32:40 | 00,208,000 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2006/04/20 21:33:20 | 00,995,712 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2006/03/23 02:17:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2005/10/13 14:37:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2008/04/14 00:09:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2006/02/15 17:27:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/04/14 00:09:44 | 00,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC [On_Demand | Running])
[2001/08/18 10:22:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/05 02:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2006/09/28 03:23:22 | 00,036,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/18 10:22:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/18 10:22:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/18 10:22:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2005/11/17 01:58:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
[2005/12/22 22:32:22 | 00,051,840 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
[2005/11/01 23:38:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [On_Demand | Running])
[2008/05/08 19:32:52 | 00,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST [On_Demand | Running])
[2004/08/04 12:01:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2008/04/14 00:06:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 15:55:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 00:06:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/18 10:37:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2001/08/18 10:37:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/18 10:37:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/18 10:37:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/18 10:37:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/06/17 10:10:56 | 00,193,120 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2001/08/18 10:22:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/08/05 02:30:00 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vrafhvad.sys -- (vrafhvad [Boot | Running])
[2005/01/26 08:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2006/04/21 22:36:24 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Running])
[2008/03/07 13:00:39 | 00,061,536 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\W700bus.sys -- (W700bus [On_Demand | Stopped])
[2008/03/07 13:00:40 | 00,009,264 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\W700mdfl.sys -- (W700mdfl [On_Demand | Stopped])
[2008/03/07 13:00:41 | 00,097,056 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\W700mdm.sys -- (W700mdm [On_Demand | Stopped])
[2008/03/07 13:00:42 | 00,088,560 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\W700mgmt.sys -- (W700mgmt [On_Demand | Stopped])
[2008/03/07 13:00:43 | 00,086,368 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\W700obex.sys -- (W700obex [On_Demand | Stopped])
[2005/09/07 16:42:44 | 00,060,768 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus [On_Demand | Stopped])
[2005/09/07 16:42:46 | 00,009,264 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl [On_Demand | Stopped])
[2005/09/07 16:42:48 | 00,096,224 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm [On_Demand | Stopped])
[2005/09/07 16:42:50 | 00,087,792 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt [On_Demand | Stopped])
[2005/09/07 16:42:50 | 00,085,664 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex [On_Demand | Stopped])
[2005/10/07 12:25:34 | 00,058,288 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus [On_Demand | Stopped])
[2005/10/07 12:26:28 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl [On_Demand | Stopped])
[2005/10/07 12:26:32 | 00,094,064 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm [On_Demand | Stopped])
[2005/10/07 12:27:26 | 00,085,408 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt [On_Demand | Stopped])
[2005/10/07 12:28:18 | 00,083,344 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex [On_Demand | Stopped])
[2006/04/20 21:32:36 | 00,727,296 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/14 00:06:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{47404406-B497-48A9-8C2D-65790455D010} (HKLM) -- C:\WINDOWS\system32\cfgbken.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
"High Definition Audio Property Page Shortcut"=CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RecGuard"=C:\Windows\SMINST\RecGuard.exe ()
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions (Sony Ericsson Mobile Communications AB)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/09/24 22:09:30 | 00,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
[2008/07/17 00:43:24 | 00,006,144 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico
[2006/05/09 15:09:32 | 00,073,728 | ---- | M] (Starz) -- C:\Documents and Settings\Jeevan\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://downloads.ewido.net/ewidoOnlineScan.cab -- ewidoOnlineScan Control
{474F00F5-3853-492C-AC3A-476512BBC336}: http://img2.orkut.com/activex/10035/photouploader.cab -- UploadListView Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

========== (O17) DNS Name Servers ==========

{092CBAA7-682B-4A20-A17C-C92DB1CF90B4} (Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection)
{133DC509-AE2E-43FE-A81D-1054B71DA41F} (Servers: | Description: 1394 Net Adapter)
{6317E2E4-9679-441A-9B14-6176BF8C506D} (Servers: | Description: )
{9CC84EA2-E31D-4267-8258-41320B01E0E7} (Servers: 202.54.29.5,202.54.12.164 | Description: Intel® PRO/100 VE Network Connection)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/11/27 00:36:17 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/11/27 00:34:45 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeevan\Desktop\OTViewIt.exe
[2008/11/27 00:33:12 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\avenger.exe
[2008/11/27 00:32:39 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\avenger.zip
[2008/11/26 03:08:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeevan\Application Data\Malwarebytes
[2008/11/26 03:08:10 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/26 03:08:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/26 03:08:07 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/26 03:08:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/26 03:08:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/11/26 01:34:31 | 21,370,51136 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/26 01:11:31 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/26 00:44:22 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/11/26 00:43:54 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/11/26 00:27:37 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeevan\Desktop\OTMoveIt3.exe
[2008/11/25 23:17:15 | 00,000,000 | ---D | C] -- C:\rsit
[2008/11/25 10:24:31 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\RSIT.exe
[2008/11/25 02:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2008/11/24 19:28:52 | 00,016,943 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\OM2765_Payslip_September.pdf
[2008/11/24 19:28:46 | 00,016,947 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\OM2765_Payslip_October.pdf
[2008/11/24 17:48:29 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\offerLetter.doc
[2008/11/24 17:48:20 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\Relieving_&to_whom_so_ever_it_concern.doc
[2008/11/24 12:25:12 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\HijackThis.lnk
[2008/11/24 10:51:17 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/24 10:48:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/21 04:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/21 04:37:53 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2008/11/21 02:50:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeevan\Desktop\VirusAnalysis
[2008/11/19 05:50:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/11/19 05:12:22 | 00,006,410 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/19 04:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\InCode Solutions
[2008/11/19 04:44:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008/11/19 01:41:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeevan\Application Data\TrojanHunter
[2008/11/19 01:06:49 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/11/19 01:06:49 | 00,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.0
[2008/11/18 10:13:03 | 00,795,721 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\tib_bc_concepts.pdf
[2008/11/17 21:17:32 | 00,057,344 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\Ranjith msg.doc
[2008/11/17 21:12:07 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\TELSTRA.doc
[2008/11/17 01:40:17 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2008/11/17 01:31:25 | 00,000,000 | ---D | C] -- C:\Program Files\Oracle
[2008/11/16 17:49:56 | 00,094,720 | ---- | C] () -- C:\WINDOWS\System32\cfgbken.dll
[2008/11/15 01:08:39 | 00,000,000 | ---D | C] -- C:\fun
[2008/11/12 21:39:04 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/11/12 21:38:37 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/11/12 17:15:17 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/12 16:54:24 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/05 02:03:18 | 00,412,672 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\Successful H1 Stamping.doc
[2008/11/05 00:37:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeevan\Desktop\H1-pages
[2008/10/30 03:26:50 | 33,153,8173 | ---- | C] () -- C:\Documents and Settings\Jeevan\Desktop\TIB_BStudioCom7695_3.0.1_w32.zip
[2008/10/29 12:46:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeevan\Desktop\Docs-Tib
[2008/10/28 11:04:29 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/11/27 00:37:28 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/27 00:37:03 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2008/11/27 00:37:02 | 00,000,040 | ---- | M] () -- C:\XP_TV.ini
[2008/11/27 00:36:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/27 00:36:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/27 00:36:45 | 21,370,51136 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/27 00:34:51 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeevan\Desktop\OTViewIt.exe
[2008/11/27 00:32:39 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\avenger.zip
[2008/11/27 00:16:16 | 00,001,852 | -H-- | M] () -- C:\Documents and Settings\Jeevan\My Documents\Default.rdp
[2008/11/27 00:07:53 | 00,002,433 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\VPN Client.lnk
[2008/11/26 23:39:15 | 00,412,672 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\Successful H1 Stamping.doc
[2008/11/26 03:08:10 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/11/26 01:18:19 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/11/26 00:54:43 | 00,308,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/26 00:27:42 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeevan\Desktop\OTMoveIt3.exe
[2008/11/25 18:13:15 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/25 11:18:16 | 00,148,480 | ---- | M] () -- C:\Documents and Settings\Jeevan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 10:49:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/25 10:24:31 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\RSIT.exe
[2008/11/25 02:16:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/24 19:28:53 | 00,016,943 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\OM2765_Payslip_September.pdf
[2008/11/24 19:28:47 | 00,016,947 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\OM2765_Payslip_October.pdf
[2008/11/24 17:48:29 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\offerLetter.doc
[2008/11/24 17:48:20 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\Relieving_&to_whom_so_ever_it_concern.doc
[2008/11/24 12:25:12 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\HijackThis.lnk
[2008/11/24 10:51:17 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/19 05:18:51 | 00,006,410 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/11/19 01:06:53 | 00,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/11/18 15:06:03 | 00,057,344 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\Ranjith msg.doc
[2008/11/18 12:26:28 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\TELSTRA.doc
[2008/11/18 10:13:03 | 00,795,721 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\tib_bc_concepts.pdf
[2008/11/14 09:37:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/12 21:39:04 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2008/11/04 05:40:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/30 03:27:01 | 33,153,8173 | ---- | M] () -- C:\Documents and Settings\Jeevan\Desktop\TIB_BStudioCom7695_3.0.1_w32.zip
[2008/10/28 11:35:57 | 00,027,136 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
< End of report >


Extras.txt

OTViewIt Extras logfile created on: 11/27/2008 12:39:19 AM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Jeevan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.27% Memory free
3.84 Gb Paging File | 3.41 Gb Available in Paging File | 88.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.08 Gb Total Space | 16.83 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
Drive D: | 9.68 Gb Total Space | 1.50 Gb Free Space | 15.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEEVANCHANDRA
Current User Name: Jeevan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = NetscapeHTML] -- C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 05:42:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
""=
[2006/05/09 15:11:10 | 00,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService
[2008/04/14 00:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 05:42:27 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/04/14 00:23:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/02 02:52:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2008/10/17 17:11:07 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
[2008/03/06 17:03:07 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2008/10/17 17:11:06 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2008/03/06 17:03:07 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/08/04 17:54:04 | 03,772,416 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime
[2008/04/14 05:42:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/11/08 04:09:27 | 00,143,360 | ---- | M] () -- C:\tibco\designer\5.5\bin\designer.exe:*:Enabled:designer
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/06/02 11:13:18 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2001/06/21 05:56:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic Data Module
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{09D8492A-C8E2-421E-927D-46800FB327A3}"=Wireless Home Network Setup
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}"=CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk"=Google Talk (remove only)
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}"=Rhapsody Player Engine
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}"=CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}"=Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}"=Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}"=SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0150000}"=J2SE Development Kit 5.0
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}"=Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}"=OptionalContentQFolder
"{38E0C491-5230-4373-B62E-F1A6E94B1033}"=Nero 7 Premium
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}"=RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}"=BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}"=HP Wireless Assistant 2.00 G2
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}"=HP QuickPlay 2.3
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{47D2103B-FD51-4017-9C20-DD408B17D726}"=Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}"=CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}"=cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}"=CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}"=FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}"=cp_PosterPrintConfig
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}"=Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}"=LightScribe 1.4.97.1
"{6E65247F-58F9-41CA-BE69-0316F7907170}"=Disc2Phone
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}"=CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}"=Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}"=cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}"=Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}"=PhotoGallery
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}"=CueTour
"{9F70BF98-003C-491D-81FC-FF9792206AF0}"=iTunes
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}"=TourSetup
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}"=CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic Copy Module
"{B510A987-487E-4C66-9F4F-D386AC275715}"=TextPad 4.7
"{B57F2FF0-5A25-4332-B503-4592B370C02F}"=CP_Package_Variety3
"{B7E666AB-9DEA-11D3-AF76-00A02481F87F}"=TIB-Rendezvous Software
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}"=HP Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}"=cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}"=HP User Guides 0035
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}"=Sony Ericsson PC Suite 1.20.173
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}"=Cisco Systems VPN Client 5.0.00.0340
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}"=Vongo
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}"=muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}"=InstantShareDevices
"adadb 5.4"=TIBCO Adapter for ActiveDatabase 5.4.0
"adfiles 5.5"=TIBCO Adapter For Files 5.5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AVG7Uninstall"=AVG 7.5
"AVGAntiSpyware75"=AVG Anti-Spyware 7.5
"be 2.0"=TIBCO BusinessEvents Enterprise Edition 2.0.0
"BW 5.4"=TIBCO BusinessWorks 5.4.0
"CNXT_HDAUDIO"=Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m"=Soft Data Fax Modem with SmartCP
"Designer 5.5"=TIBCO Designer 5.5.0
"Disk Heal"=Disk Heal
"ems 4.4"=TIBCO EMS 4.4.1
"hawk"=TIBCO Hawk 4.7.0
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 6.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.0
"HP Rhapsody"=HP Rhapsody
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}"=Easy Internet Sign-up
"jre 1.5"=Java Runtime Environment 1.5.0
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Money2006b"=Microsoft Money 2006
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PDF Editor 2"=PDF Editor 2
"PROSet"=Intel® PRO Network Connections Drivers
"RealPlayer 6.0"=RealPlayer
"RealProducer 8.5"=RealProducer Basic 8.5
"sdk 5.5"=TIBCO SDK 5.5.0
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"TIBCOAdmin 5.4"=TIBCO Administrator Enterprise Edition 5.4.0
"tpcl 5.5"=Third Party Core Libraries 5.5.0
"TRA 5.5"=TIBCO Runtime Agent 5.5.1
"WGA"=Windows Genuine Advantage Validation Tool
"WIC"=Windows Imaging Component
"WildTangent hplaptop Master Uninstall"=My HP Games
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger"=Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2008 4:19:04 PM | Computer Name = JEEVANCHANDRA | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module clvsd.ax, version 6.0.0.2717, fault address 0x0000cfa0.

Error - 11/24/2008 5:37:44 AM | Computer Name = JEEVANCHANDRA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module urlmon.dll, version 7.0.6000.16735, fault address 0x0009fb30.

Error - 11/25/2008 1:25:14 AM | Computer Name = JEEVANCHANDRA | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2008 1:25:25 AM | Computer Name = JEEVANCHANDRA | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2008 1:25:46 AM | Computer Name = JEEVANCHANDRA | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2008 1:44:43 AM | Computer Name = JEEVANCHANDRA | Source = Application Hang | ID = 1002
Description = Hanging application ShowTime.exe, version 3.0.1.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2008 8:52:14 AM | Computer Name = JEEVANCHANDRA | Source = Application Hang | ID = 1002
Description = Hanging application ShowTime.exe, version 3.0.1.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2008 8:52:16 AM | Computer Name = JEEVANCHANDRA | Source = Application Hang | ID = 1002
Description = Hanging application ShowTime.exe, version 3.0.1.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2008 9:25:21 AM | Computer Name = JEEVANCHANDRA | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2008 9:47:58 AM | Computer Name = JEEVANCHANDRA | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/25/2008 10:17:54 AM | Computer Name = JEEVANCHANDRA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/25/2008 10:18:05 AM | Computer Name = JEEVANCHANDRA | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/25/2008 10:18:15 AM | Computer Name = JEEVANCHANDRA | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/25/2008 10:18:24 AM | Computer Name = JEEVANCHANDRA | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/25/2008 10:18:34 AM | Computer Name = JEEVANCHANDRA | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/25/2008 10:18:44 AM | Computer Name = JEEVANCHANDRA | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/25/2008 10:18:53 AM | Computer Name = JEEVANCHANDRA | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 11/25/2008 10:19:03 AM | Computer Name = JEEVANCHANDRA | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 11/25/2008 5:48:14 PM | Computer Name = JEEVANCHANDRA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde PCIIde Pcmcia ViaIde

Error - 11/26/2008 3:07:25 PM | Computer Name = JEEVANCHANDRA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde PCIIde Pcmcia ViaIde


< End of report >

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:09 PM

Posted 26 November 2008 - 02:35 PM

Please visit the online Jotti Virus Scanner
  • Click on Posted Image button.
  • Copy and paste the following filepath in the box:


    C:\WINDOWS\system32\drivers\vrafhvad.sys


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 JC81

JC81
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 26 November 2008 - 02:48 PM

Scanner results
Scan taken on 26 Nov 2008 19:44:30 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

found nothing for the driver but i got some info on cfgbken.dll

Scan taken on 26 Nov 2008 19:46:40 (GMT)
A-Squared Found Trojan.Trash!IK
AntiVir Found TR/Trash.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found Trojan.Trash
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users