Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with iexplore.exe


  • This topic is locked This topic is locked
3 replies to this topic

#1 extintion1980

extintion1980

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 06 December 2008 - 12:06 AM

Hello,

PLEASE HELP!!

I can see winlogon and iexplore.exe (Owner is SYSTEM) running in my taskbar. Everytime I kill iexplore.exe. it appears back in task manager in few seconds. I have tried many tools to remove it but I was unsuccessful. I am sure that "iesplore.exe" process is not internet explorer process. While checking DLL / Modules associated with "iexplore.exe" using tasklist (D:\>tasklist /M /NH /FI "IMAGENAME eq iexplore.exe") i got following:


iexplore.exe 38440 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, msvcrt.dll, SHLWAPI.dll,
SHELL32.dll, ole32.dll, urlmon.dll,
OLEAUT32.dll, iertutil.dll, VERSION.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
IEFRAME.dll, PSAPI.DLL, UxTheme.dll,
xpsp2res.dll, IEUI.dll, MSIMG32.dll,
gdiplus.dll, xmllite.dll, apphelp.dll,
CLBCATQ.DLL, COMRes.dll, msimtf.dll,
MSCTF.dll, GrooveShellExtensions.dll,
GrooveUtil.DLL, WININET.dll, Normaliz.dll,
CRYPT32.dll, MSASN1.dll, MSVCR80.dll,
GrooveNew.DLL, ATL80.DLL, rsaenh.dll,
cscui.dll, CSCDLL.dll, SETUPAPI.dll,
msohevi.dll, ieproxy.dll, MLANG.dll,
ws2_32.dll, WS2HELP.dll, mcieplg.dll,
mcbrwctl.dll, asycfilt.dll, yt.dll,
WSOCK32.dll, imagehlp.dll, WINMM.dll,
iphlpapi.dll, NETAPI32.dll, MCSACO~1.DLL,
msi.dll, SXS.DLL, yiesrvc.dll, WINTRUST.DLL,
userenv.dll, cryptnet.dll, SensApi.dll,
WINHTTP.dll, WLDAP32.dll, YIeTagBm.dll,
ssv.dll, MSVCR71.dll, swg.dll, YTBM.dll,
YCAPlugin.dll, actxprxy.dll, mswsock.dll,
hnetcfg.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, rtutils.dll, wshtcpip.dll,
msv1_0.dll, rasadhlp.dll, mshtml.dll,
msls31.dll, msctfime.ime, schannel.dll,
DNSAPI.dll, scriptsn.dll, JScript.dll,
VBScript.dll, mytilus3.dll,
mytilus3_worker.dll, SHFOLDER.dll,
McShield.dll, dssenh.dll, NTMARTA.DLL,
SAMLIB.dll

Here are the logs from RSIT:

info.txt logfile of random's system information tool 1.04 2008-12-05 23:55:34

======Uninstall list======

-->D:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->D:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->D:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->D:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->D:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->D:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->D:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advertisement Service-->D:\WINDOWS\system32\prunnet.exe Uninstall
Citrix Presentation Server Client-->MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
CutePDF Writer 2.7-->D:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DivX Codec-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Talk Plugin-->MsiExec.exe /I{DFB48451-4F78-33DC-BC42-8C403C74939F}
Google Updater-->"D:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GRE POWERPREP-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\ETS\PPGRE.ISU"
High Definition Audio Driver Package - KB835221-->D:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"D:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0-->D:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3-->D:\Program Files\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 10.0-->D:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->D:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->D:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Intel® Graphics Media Accelerator Driver-->D:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software-->D:\WINDOWS\Installer\iProInst.exe
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->D:\Program Files\McAfee\MSC\mcuninst.exe
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"D:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Miro-->D:\Program Files\Participatory Culture Foundation\Miro\uninstall.exe
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.4)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Nonoh-->"D:\Program Files\Nonoh.net\Nonoh\unins000.exe"
Picasa 2-->"D:\Program Files\Picasa2\Uninstall.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB938127)-->"D:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"D:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"D:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->D:\WINDOWS\system32\MacroMed\Flash\genuinst.exe D:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"D:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"D:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"D:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"D:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SetPoint-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Shop for HP Supplies-->D:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SigmaTel Audio-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SopCast 3.0.3-->D:\Program Files\SopCast\uninst.exe
TBS WMP Plug-in-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Uniblue RegistryBooster 2009-->"D:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->D:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Update for Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VeohTV BETA-->D:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VLC media player 0.9.2-->D:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->D:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us D:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
WordWeb-->D:\Program Files\WordWeb\uninst.exe
Yahoo! Browser Services-->D:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->D:\WINDOWS\system32\regsvr32 /u D:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->D:\WINDOWS\system32\regsvr32 /u /s D:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->D:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O20 - AppInit_DLLs: pyybgm.dll
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Logfile of random's system information tool 1.04 (written by random/random)
Run by Nisha_Tush at 2008-12-05 23:55:28
Microsoft Windows XP Professional Service Pack 3
System drive D: has 124 GB (89%) free of 140 GB
Total RAM: 2038 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:31 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\McAfee\SiteAdvisor\McSACore.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\Program Files\McAfee\VirusScan\McShield.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\McAfee.com\Agent\mcagent.exe
D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\WordWeb\wweb32.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\msiexec.exe
D:\Documents and Settings\Nisha_Tush\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Nisha_Tush\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Nisha_Tush\My Documents\Downloads\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Nisha_Tush.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] D:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - D:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8306 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\eizctdeg.job
D:\WINDOWS\tasks\GoogleUpdateTaskUser.job
D:\WINDOWS\tasks\McDefragTask.job
D:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - D:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-07 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-05-08 352256]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"=D:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"SigmatelSysTrayApp"=D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2007-11-15 141848]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2007-11-15 166424]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2007-11-15 137752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Uniblue RegistryBooster 2009"=D:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule30]
D:\Program Files\GetModule\GetModule30.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
D:\Documents and Settings\Nisha_Tush\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
D:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
D:\WINDOWS\KHALMNPR.EXE [2005-12-20 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-10-16 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prunnet]
D:\WINDOWS\system32\prunnet.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rs32net]
D:\WINDOWS\System32\rs32net.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
D:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-05-24 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^SetPoint.lnk]
D:\PROGRA~1\SetPoint\SetPoint.exe [2006-04-27 532480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FCI"=2
"ICF"=2
"WMPNetworkSvc"=3
"ose"=3
"odserv"=3
"NMIndexingService"=3
"NBService"=3
"mnmsrvc"=3
"Microsoft Office Groove Audit Service"=3
"IDriverT"=3
"gusvc"=2
"Akamai"=2

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
WordWeb.lnk - D:\Program Files\WordWeb\wweb32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2007-10-30 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3pxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4utxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5nwxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati3pxxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4utxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati5nwxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Nonoh.net\Nonoh\Nonoh.exe"="D:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:*:Enabled:Nonoh"
"D:\Program Files\DNA\btdna.exe"="D:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Program Files\Yahoo!\Messenger\YServer.exe"="D:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="D:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\Documents and Settings\Nisha_Tush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="D:\Documents and Settings\Nisha_Tush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"D:\Documents and Settings\Nisha_Tush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="D:\Documents and Settings\Nisha_Tush\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-05 23:55:28 ----D---- D:\rsit
2008-12-05 23:48:33 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-05 22:22:55 ----D---- D:\Documents and Settings\Nisha_Tush\Application Data\Uniblue
2008-12-05 22:22:18 ----D---- D:\Program Files\Uniblue
2008-12-05 22:19:14 ----HDC---- D:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-05 21:42:57 ----D---- D:\Program Files\Trend Micro
2008-12-05 07:29:48 ----D---- D:\Documents and Settings\Nisha_Tush\Application Data\Malwarebytes
2008-12-05 07:26:26 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 07:26:26 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-05 07:00:48 ----A---- D:\WINDOWS\~DF517F.tmp
2008-12-05 06:20:51 ----N---- D:\WINDOWS\system32\emeihpw.dll
2008-12-04 21:03:45 ----A---- D:\WINDOWS\system32\b796af63-.txt
2008-11-27 09:16:53 ----D---- D:\Program Files\Common Files\Akamai
2008-11-27 09:13:32 ----D---- D:\Program Files\Kuma Games
2008-11-21 22:35:27 ----D---- D:\Program Files\AGEIA Technologies
2008-11-21 21:21:04 ----D---- D:\Program Files\WIDCOMM
2008-11-21 20:23:24 ----D---- D:\Documents and Settings\Nisha_Tush\Application Data\Logitech
2008-11-21 20:16:23 ----A---- D:\WINDOWS\system32\KemXML.dll
2008-11-21 20:16:23 ----A---- D:\WINDOWS\system32\KemWnd.dll
2008-11-21 20:16:23 ----A---- D:\WINDOWS\system32\KemUtil.dll
2008-11-21 20:16:23 ----A---- D:\WINDOWS\system32\kemutb.dll
2008-11-21 20:16:22 ----A---- D:\WINDOWS\system32\unicows.dll
2008-11-21 20:16:20 ----A---- D:\WINDOWS\system32\MFC71.dll
2008-11-21 20:16:12 ----A---- D:\WINDOWS\system32\msvcr71.dll
2008-11-21 20:16:12 ----A---- D:\WINDOWS\system32\MFC71u.dll
2008-11-21 20:15:35 ----D---- D:\Program Files\Common Files\Logitech
2008-11-21 20:15:11 ----A---- D:\WINDOWS\KHALMNPR.Exe
2008-11-21 20:15:09 ----D---- D:\Program Files\SetPoint
2008-11-21 17:30:38 ----D---- D:\WINDOWS\system32\dPI19
2008-11-13 08:15:24 ----HDC---- D:\WINDOWS\$NtUninstallKB957097$
2008-11-13 08:14:00 ----HDC---- D:\WINDOWS\$NtUninstallKB954459$
2008-11-13 08:11:15 ----HDC---- D:\WINDOWS\$NtUninstallKB955069$
2008-11-07 14:38:16 ----A---- D:\WINDOWS\OSA.INI
2008-11-07 14:38:13 ----N---- D:\WINDOWS\osaerrdf.txt
2008-11-07 14:38:13 ----A---- D:\WINDOWS\system32\ROBOEX32.DLL
2008-11-07 14:38:13 ----A---- D:\WINDOWS\system32\INETWH32.DLL
2008-11-07 14:37:46 ----D---- D:\Program Files\ETS
2008-11-07 14:35:53 ----A---- D:\WINDOWS\IsUninst.exe

======List of files/folders modified in the last 1 months======

2008-12-05 23:55:30 ----D---- D:\WINDOWS\Temp
2008-12-05 23:14:29 ----D---- D:\Program Files\Mozilla Firefox
2008-12-05 22:39:28 ----D---- D:\WINDOWS
2008-12-05 22:22:25 ----SHD---- D:\WINDOWS\Installer
2008-12-05 22:22:24 ----HD---- D:\Config.Msi
2008-12-05 22:22:18 ----RD---- D:\Program Files
2008-12-05 21:50:45 ----SD---- D:\WINDOWS\Downloaded Program Files
2008-12-05 21:32:30 ----D---- D:\WINDOWS\Prefetch
2008-12-05 21:07:01 ----D---- D:\WINDOWS\system32\drivers
2008-12-05 21:06:18 ----D---- D:\WINDOWS\system32\CatRoot2
2008-12-05 20:57:57 ----D---- D:\WINDOWS\system32
2008-12-05 20:50:26 ----A---- D:\WINDOWS\SchedLgU.Txt
2008-12-05 06:50:34 ----SD---- D:\Documents and Settings\Nisha_Tush\Application Data\Microsoft
2008-12-05 06:43:39 ----A---- D:\WINDOWS\win.ini
2008-12-05 06:43:39 ----A---- D:\WINDOWS\system.ini
2008-12-05 06:41:32 ----D---- D:\WINDOWS\pss
2008-12-05 06:25:18 ----RSHDC---- D:\WINDOWS\system32\dllcache
2008-12-05 06:23:41 ----A---- D:\WINDOWS\system32\svchost.exe
2008-12-04 20:54:43 ----SD---- D:\WINDOWS\Tasks
2008-12-04 20:19:50 ----A---- D:\WINDOWS\NeroDigital.ini
2008-12-04 18:59:15 ----D---- D:\Documents and Settings\Nisha_Tush\Application Data\HPAppData
2008-12-04 18:27:00 ----D---- D:\Documents and Settings\Nisha_Tush\Application Data\Mozilla
2008-12-04 13:13:51 ----D---- D:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-28 15:10:08 ----HD---- D:\Program Files\InstallShield Installation Information
2008-11-28 12:44:55 ----D---- D:\WINDOWS\Minidump
2008-11-27 09:16:53 ----D---- D:\Program Files\Common Files
2008-11-21 21:28:12 ----HD---- D:\WINDOWS\inf
2008-11-14 06:55:11 ----D---- D:\WINDOWS\Help
2008-11-13 08:28:08 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-13 08:15:22 ----HD---- D:\WINDOWS\$hf_mig$
2008-11-13 08:15:12 ----A---- D:\WINDOWS\imsins.BAK
2008-11-13 08:05:24 ----D---- D:\WINDOWS\WinSxS
2008-11-10 07:26:45 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2008-11-07 14:38:14 ----D---- D:\WINDOWS\system
2008-11-06 08:27:03 ----D---- D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-06 08:26:37 ----D---- D:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; D:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; D:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; D:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-21 21361]
R2 BTSERIAL;Bluetooth Serial Driver; \??\D:\WINDOWS\system32\drivers\btserial.sys []
R2 rimmptsk;rimmptsk; D:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-14 32256]
R2 rimsptsk;rimsptsk; D:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; D:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;WLAN Transport; D:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; D:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 btaudio;Bluetooth Audio Device; D:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTKRNL;Bluetooth Bus Enumerator; D:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; D:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-30 5851488]
R3 mfeavfk;McAfee Inc. mfeavfk; D:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; D:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; D:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; D:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; D:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 BTDriver;Bluetooth Virtual Communications Driver; D:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
S3 BTWDNDIS;Bluetooth LAN Access Server; D:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; D:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 btwmodem;Bluetooth Modem; D:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; D:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; D:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; D:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; D:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-12-20 27008]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; D:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-12-20 69376]
S3 mferkdk;McAfee Inc. mferkdk; D:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sffdisk;SFF Storage Class Driver; D:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; D:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; D:\WINDOWS\system32\svchost.exe [2008-12-05 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; D:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; D:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; D:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Net Driver HPZ12;Net Driver HPZ12; D:\WINDOWS\System32\svchost.exe [2008-12-05 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\System32\svchost.exe [2008-12-05 14336]
R3 hpqcxs08;hpqcxs08; D:\WINDOWS\system32\svchost.exe [2008-12-05 14336]
R3 McSysmon;McAfee SystemGuards; D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352]
S3 McODS;McAfee Scanner; D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-12-05 14336]
S4 Akamai;Akamai; D:\WINDOWS\System32\svchost.exe [2008-12-05 14336]
S4 EvtEng;Intel® PROSet/Wireless Event Log; D:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
S4 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
S4 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S4 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NMIndexingService;NMIndexingService; D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 RegSrvc;Intel® PROSet/Wireless Registry Service; D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
S4 S24EventMonitor;Intel® PROSet/Wireless Service; D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 extintion1980

extintion1980
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 06 December 2008 - 07:24 AM

Any Help would be great.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:03 AM

Posted 16 December 2008 - 09:04 AM

We apologize for the delay in responding to your request for help. We are volunteer staff at Bleeping Computer and get overwhelmed at times with the large number of users seeking help. We are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate your letting us know. If not, please perform the following steps so we can have a look at the current condition of your computer. If you have not done so, include a description of your problem along with any steps you may have performed so far.

When you have completed the steps below, a staff member will review the log and provide instructions for you to get your computer clean and free of malware.

Thanks and we apologize for the delay.

We need to see current information on what is happening in your computer. Please perform the following scan:
  • Please download DDS by sUBs from one of the following links. Save it to your desktop.
  • After downloading the tool:
  • Double click on the DDS icon, allow it to run. Please note: If the scan fails to run, you may have to disable any script protection running.
  • A small box, which gives an explanation about the tool, will open. No input is needed, the scan is running.
  • Notepad will open with the results, click No to the Optional_Scan.
  • Follow the instructions that pop up for posting the results.
  • Close the program window and delete the program from your desktop.
  • Enable your antivirus and anti-spyware protection.
  • Reconnect to the Internet.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:03 AM

Posted 21 December 2008 - 02:31 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users