Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Trojan problem


  • This topic is locked This topic is locked
18 replies to this topic

#1 chan58849

chan58849

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 24 January 2009 - 08:36 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:30 AM, on 1/24/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\visualtasktips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executor\Executor.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinTV\WinTV2K.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39B1EEAE-FD6B-429C-AA2A-17BE1036E639} - (no file)
O2 - BHO: (no name) - {39B1EEAE-FD6B-429C-AA2A-17BE1036E639} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {94FDEED6-9C38-45E1-A398-995E314628D9} - (no file)
O2 - BHO: {fd591eca-1d77-24fa-fef4-6c33e43fcdea} - {aedcf34e-33c6-4fef-af42-77d1ace195df} - C:\WINDOWS\system32\galjta.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {C2A58160-3ED4-4FA5-A54D-DB126449C476} - C:\WINDOWS\system32\efcCrRJY.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\Executor.exe" -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TopDesk] C:\WINDOWS\System32\topdesk.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll galjta.dll
O20 - Winlogon Notify: tuvsPFVn - tuvsPFVn.dll (file missing)
O20 - Winlogon Notify: vtUnkiif - vtUnkiif.dll (file missing)
O23 - Service: Access Utility Service - Unknown owner - C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 12207 bytes






Any help on what I have to remove to get rid of the Vundo Trojan would be great, or any other virus/trojan/spyware.

Thank you.

Edited by chan58849, 24 January 2009 - 09:17 AM.


BC AdBot (Login to Remove)

 


#2 chan58849

chan58849
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 27 January 2009 - 07:54 PM

It's been 3 days, anyone have an answer?

Sorry if I sound impatient, just want this problem to get fixed asap.

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 01 February 2009 - 09:43 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 chan58849

chan58849
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 01 February 2009 - 10:34 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Ravi Theja at 2009-02-01 21:33:10
Microsoft Windows XP Professional Service Pack 3, v.5657
System drive C: has 56 GB (29%) free of 194 GB
Total RAM: 1535 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:40 PM, on 2/1/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\visualtasktips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executor\Executor.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinTV\WinTV2K.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Ravi Theja\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ravi Theja.exe
C:\Program Files\WinRAR\WinRAR.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39B1EEAE-FD6B-429C-AA2A-17BE1036E639} - (no file)
O2 - BHO: {9f26e9a8-0959-f5da-14e4-19a8635da126} - {621ad536-8a91-4e41-ad5f-95908a9e62f9} - C:\WINDOWS\system32\lheued.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CECEA4D-3DB2-4BFA-864B-7E9E83846A4A} - (no file)
O2 - BHO: (no name) - {94FDEED6-9C38-45E1-A398-995E314628D9} - (no file)
O2 - BHO: (no name) - {aedcf34e-33c6-4fef-af42-77d1ace195df} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {C2A58160-3ED4-4FA5-A54D-DB126449C476} - C:\WINDOWS\system32\efcCrRJY.dll (file missing)
O2 - BHO: (no name) - {DC53678D-E1FD-4516-B85B-12343B1C4BFD} - C:\WINDOWS\system32\fccaWMeE.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cc7cf2d2] rundll32.exe "C:\WINDOWS\system32\ofkjabrl.dll",b
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\Executor.exe" -s
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TopDesk] C:\WINDOWS\System32\topdesk.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll lheued.dll
O20 - Winlogon Notify: tuvsPFVn - tuvsPFVn.dll (file missing)
O20 - Winlogon Notify: vtUnkiif - vtUnkiif.dll (file missing)
O23 - Service: Access Utility Service - Unknown owner - C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 12538 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ghwvzxes.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39B1EEAE-FD6B-429C-AA2A-17BE1036E639}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{621ad536-8a91-4e41-ad5f-95908a9e62f9}]
C:\WINDOWS\system32\lheued.dll [2009-02-01 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CECEA4D-3DB2-4BFA-864B-7E9E83846A4A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94FDEED6-9C38-45E1-A398-995E314628D9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aedcf34e-33c6-4fef-af42-77d1ace195df}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-08 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A58160-3ED4-4FA5-A54D-DB126449C476}]
C:\WINDOWS\system32\efcCrRJY.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC53678D-E1FD-4516-B85B-12343B1C4BFD}]
C:\WINDOWS\system32\fccaWMeE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-15 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - QT TabBar - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - QT Tab Standard Buttons - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{af83e43c-dd2b-4787-826b-31b17dee52ed} - QT Breadcrumbs Address Bar - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-02-29 15872]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
"SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [2008-02-28 2049320]
"InCD"=C:\Program Files\Nero\Nero8\InCD\InCD.exe [2008-02-28 1083176]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"cc7cf2d2"=C:\WINDOWS\system32\ofkjabrl.dll [2009-02-01 83968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"=C:\WINDOWS\System32\visualtasktips.exe [2007-09-05 36352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-02-12 15360]
"Executor"=C:\Program Files\Executor\Executor.exe [2008-05-19 1052672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

C:\Users\All Users\Start Menu\Programs\Startup
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Users\Ravi Theja\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe
Dropbox.lnk - C:\Program Files\Dropbox\dropbox.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll lheued.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvsPFVn]
tuvsPFVn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUnkiif]
vtUnkiif.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-02-23 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\Streamload\MediaMax XL\MediaMax XL.exe"="C:\Program Files\Streamload\MediaMax XL\MediaMax XL.exe:*:Enabled:MediaMax XL"
"C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe"="C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\phpDesigner 2008\phpDesigner2008.exe"="C:\Program Files\phpDesigner 2008\phpDesigner2008.exe:*:Enabled:phpDesigner2008"
"C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Users\Ravi Theja\Desktop\DRGunZ\DRGunZ.exe"="C:\Users\Ravi Theja\Desktop\DRGunZ\DRGunZ.exe:*:Enabled:Gunz"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\Program Files\Digsby\digsby.exe"="C:\Program Files\Digsby\digsby.exe:*:Enabled:Digsby IM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Users\Ravi Theja\Desktop\RISK2\RISKII.EXE"="C:\Users\Ravi Theja\Desktop\RISK2\RISKII.EXE:*:Enabled:Risk II"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2019-09-25 16:40:30 ----A---- C:\WINDOWS\system32\APITypes.dll
2009-02-01 21:32:21 ----D---- C:\rsit
2009-02-01 21:29:57 ----D---- C:\Users\Ravi Theja\Application Data\Malwarebytes
2009-02-01 21:29:45 ----D---- C:\Users\All Users\Application Data\Malwarebytes
2009-02-01 21:29:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-01 17:11:13 ----A---- C:\WINDOWS\system32\tveirhhu.dll
2009-02-01 17:11:13 ----A---- C:\WINDOWS\system32\lheued.dll
2009-02-01 17:08:16 ----SH---- C:\WINDOWS\system32\lrbajkfo.ini
2009-02-01 17:08:13 ----A---- C:\WINDOWS\system32\ofkjabrl.dll
2009-01-31 17:10:16 ----A---- C:\WINDOWS\system32\nuwlsl.dll
2009-01-31 17:10:15 ----A---- C:\WINDOWS\system32\gudkcxyq.dll
2009-01-31 17:07:16 ----SH---- C:\WINDOWS\system32\antqaggv.ini
2009-01-31 17:07:15 ----A---- C:\WINDOWS\system32\vggaqtna.dll
2009-01-30 17:10:18 ----SH---- C:\WINDOWS\system32\jythrvon.ini
2009-01-30 17:10:15 ----N---- C:\WINDOWS\system32\novrhtyj.dll
2009-01-30 17:07:16 ----A---- C:\WINDOWS\system32\mdurrl.dll
2009-01-30 17:07:15 ----A---- C:\WINDOWS\system32\kpfniofw.dll
2009-01-29 17:10:33 ----SH---- C:\WINDOWS\system32\nnbwafoc.ini
2009-01-29 17:10:32 ----A---- C:\WINDOWS\system32\cofawbnn.dll
2009-01-29 17:07:35 ----A---- C:\WINDOWS\system32\lfdmwo.dll
2009-01-29 17:07:32 ----A---- C:\WINDOWS\system32\pcmuwkyp.dll
2009-01-28 17:10:34 ----SH---- C:\WINDOWS\system32\kctnddui.ini
2009-01-28 17:10:32 ----N---- C:\WINDOWS\system32\iuddntck.dll
2009-01-28 17:07:33 ----A---- C:\WINDOWS\system32\uurhyw.dll
2009-01-28 17:07:32 ----A---- C:\WINDOWS\system32\hvyfuaap.dll
2009-01-27 17:10:33 ----A---- C:\WINDOWS\system32\hbbmfd.dll
2009-01-27 17:10:32 ----A---- C:\WINDOWS\system32\dhculujf.dll
2009-01-27 17:07:33 ----SH---- C:\WINDOWS\system32\hlcyruyu.ini
2009-01-27 17:07:32 ----N---- C:\WINDOWS\system32\uyuryclh.dll
2009-01-26 17:07:32 ----SH---- C:\WINDOWS\system32\mimmgqna.ini
2009-01-26 17:07:32 ----N---- C:\WINDOWS\system32\anqgmmim.dll
2009-01-26 17:05:57 ----A---- C:\WINDOWS\system32\adxdzx.dll
2009-01-26 17:05:56 ----A---- C:\WINDOWS\system32\uxxauutg.dll
2009-01-25 10:31:09 ----SH---- C:\WINDOWS\system32\jvmjhhrt.ini
2009-01-25 10:31:09 ----N---- C:\WINDOWS\system32\trhhjmvj.dll
2009-01-25 10:28:10 ----A---- C:\WINDOWS\system32\hjjqzn.dll
2009-01-25 10:28:09 ----A---- C:\WINDOWS\system32\jlvvnbfq.dll
2009-01-24 10:26:10 ----SH---- C:\WINDOWS\system32\rhputprk.ini
2009-01-24 10:26:09 ----A---- C:\WINDOWS\system32\pxfhzq.dll
2009-01-24 10:26:08 ----A---- C:\WINDOWS\system32\momnyryj.dll
2009-01-24 09:29:58 ----A---- C:\WINDOWS\system32\qsxpfv.dll
2009-01-24 09:29:57 ----A---- C:\WINDOWS\system32\fcyhgwyg.dll
2009-01-24 09:28:11 ----SH---- C:\WINDOWS\system32\jfwyneli.ini
2009-01-24 09:28:05 ----A---- C:\WINDOWS\system32\ilenywfj.dll
2009-01-24 07:49:39 ----ASH---- C:\WINDOWS\system32\EeMWaccf.ini2
2009-01-24 07:29:00 ----D---- C:\Program Files\Trend Micro
2009-01-23 18:39:44 ----D---- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2009-01-23 18:39:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-23 17:31:22 ----A---- C:\WINDOWS\system32\squsynon.dll
2009-01-23 17:28:23 ----A---- C:\WINDOWS\system32\galjta.dll
2009-01-23 17:28:22 ----A---- C:\WINDOWS\system32\tgrrmucx.dll
2009-01-15 15:30:11 ----ASH---- C:\WINDOWS\system32\EeMWaccf.ini
2009-01-14 21:26:54 ----A---- C:\WINDOWS\iun6002.exe
2009-01-14 21:26:52 ----D---- C:\Program Files\West Point Bridge Designer 2007
2009-01-14 21:26:52 ----A---- C:\WINDOWS\system32\COMCTL32.OCX.bak
2009-01-05 20:26:54 ----D---- C:\Program Files\Synergy
2008-12-27 17:58:55 ----D---- C:\Users\Ravi Theja\Application Data\vlc
2008-12-20 20:18:13 ----D---- C:\Users\Ravi Theja\Application Data\Executor
2008-12-20 20:18:01 ----D---- C:\Program Files\Executor
2008-12-20 16:48:54 ----A---- C:\WINDOWS\system32\c75f36ac-.txt
2008-12-13 12:43:56 ----D---- C:\Users\All Users\Application Data\Digsby
2008-12-10 20:52:01 ----D---- C:\Users\All Users\Application Data\DVD Shrink
2008-12-10 20:52:00 ----D---- C:\Program Files\DVD Shrink
2008-12-09 19:52:09 ----D---- C:\Users\Ravi Theja\Application Data\SpeedRunner
2008-12-09 19:47:12 ----D---- C:\Users\Ravi Theja\Application Data\Twain
2008-12-09 19:42:15 ----D---- C:\Program Files\Webtools
2008-11-24 18:34:25 ----D---- C:\Program Files\Xilisoft
2008-11-20 00:52:56 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-20 00:52:54 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-16 10:42:55 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-16 10:42:53 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-16 10:42:51 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-16 10:42:50 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-16 10:42:30 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-16 10:41:43 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-11-16 10:41:41 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-11-16 10:40:39 ----D---- C:\WINDOWS\system32\AGEIA
2008-11-16 10:40:38 ----D---- C:\Program Files\AGEIA Technologies
2008-11-06 16:08:11 ----D---- C:\WINDOWS\system32\QI19
2008-11-06 16:08:11 ----D---- C:\Temp
2008-11-03 18:29:22 ----D---- C:\Program Files\Full Tilt Poker

======List of files/folders modified in the last 3 months======

2009-02-01 21:29:49 ----D---- C:\WINDOWS\system32\drivers
2009-02-01 21:29:45 ----RD---- C:\Program Files
2009-02-01 19:50:03 ----D---- C:\Users\All Users\Application Data\Google Updater
2009-02-01 18:05:20 ----D---- C:\Program Files\Mozilla Firefox
2009-02-01 17:11:13 ----D---- C:\WINDOWS\system32
2009-02-01 14:39:20 ----D---- C:\Users\Ravi Theja\Application Data\Move Networks
2009-02-01 01:42:00 ----D---- C:\WINDOWS\Temp
2009-01-31 17:10:19 ----D---- C:\WINDOWS\Prefetch
2009-01-26 17:48:44 ----SD---- C:\WINDOWS\Tasks
2009-01-26 17:06:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-24 10:29:26 ----RD---- C:\WINDOWS
2009-01-24 09:24:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-23 18:21:57 ----HD---- C:\$AVG8.VAULT$
2009-01-15 15:26:52 ----D---- C:\Users\All Users\Application Data\avg8
2009-01-14 22:23:31 ----D---- C:\Users\Ravi Theja\Application Data\FrostWire
2009-01-14 20:42:59 ----D---- C:\Users\Ravi Theja\Application Data\uTorrent
2009-01-12 22:15:19 ----D---- C:\Users\Ravi Theja\Application Data\Adobe
2009-01-05 20:32:40 ----D---- C:\WINDOWS\Debug
2009-01-05 20:30:12 ----D---- C:\Program Files\CCleaner
2009-01-01 17:17:34 ----A---- C:\WINDOWS\BRPP2KA.INI
2009-01-01 17:17:33 ----A---- C:\WINDOWS\BRWMARK.INI
2008-12-30 21:33:47 ----RSD---- C:\WINDOWS\Fonts
2008-12-30 20:51:14 ----D---- C:\Program Files\Fonts
2008-12-28 21:59:18 ----D---- C:\movies
2008-12-27 20:23:09 ----D---- C:\Users\Ravi Theja\Application Data\dvdcss
2008-12-27 14:46:25 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-22 20:22:46 ----D---- C:\Program Files\FrostWire
2008-12-18 16:01:51 ----HD---- C:\WINDOWS\inf
2008-12-17 21:14:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 21:14:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 15:30:56 ----D---- C:\Program Files\Digsby
2008-12-14 11:36:01 ----D---- C:\Users\Ravi Theja\Application Data\U3
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 21:06:55 ----HD---- C:\Config.Msi
2008-12-11 21:06:55 ----D---- C:\Users\All Users\Application Data\Microsoft Help
2008-12-11 21:06:53 ----SHD---- C:\WINDOWS\Installer
2008-12-11 21:06:00 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-05 16:23:43 ----D---- C:\WINDOWS\system32\bin
2008-11-24 18:43:16 ----D---- C:\Program Files\Smallvideosoft
2008-11-24 18:34:54 ----RD---- C:\Users
2008-11-24 16:47:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-23 10:51:38 ----D---- C:\Users\Ravi Theja\Application Data\LimeWire
2008-11-23 10:46:10 ----AD---- C:\Program Files\Common Files
2008-11-23 10:44:03 ----D---- C:\Users\Ravi Theja\Application Data\MeeBone.F6ED9EBD01AEA0354D3E91504B24BC94F2EBD248.1
2008-11-23 10:42:20 ----D---- C:\Program Files\MeeBone
2008-11-22 17:27:20 ----D---- C:\WINDOWS\Help
2008-11-16 10:41:31 ----D---- C:\WINDOWS\system32\DirectX
2008-11-16 10:40:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-16 10:40:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-16 10:31:17 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 22:01:10 ----D---- C:\WINDOWS\WinSxS
2008-11-03 17:08:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-01 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-28 38952]
R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-28 40360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-02-11 36352]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-02-12 60800]
R3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-02-12 17024]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-01-21 443460]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-02-12 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2008-02-11 606684]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-02-12 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-11 1897408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-02-11 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-02-11 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-02-11 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-02-11 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-02-11 20608]
R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-28 128424]
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekafreiqxhf.sys [2009-01-15 47023]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-02-12 48128]
S3 adc9942z;adc9942z; C:\WINDOWS\system32\drivers\adc9942z.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-02-12 38912]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-12 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-02-12 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-02-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-02-12 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-02-12 10880]
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\WINDOWS\System32\Drivers\SilvrLnk.sys [2004-01-28 21456]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-02-12 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2003-10-15 51040]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2003-10-15 6000]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2003-10-15 82576]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-02-12 15232]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-02-12 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-02-12 25856]
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-10-17 3072]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-02-12 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-02-23 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-02-23 82944]
S3 XDva120;XDva120; \??\C:\WINDOWS\system32\XDva120.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-02-11 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-08 168432]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe [2008-02-28 1440552]
R2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S1 InCDRec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-28 17448]
S2 Access Utility Service;Access Utility Service; C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe []
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ehSched;Media Center Scheduler Service; C:\WINDOWS\ehome\ehSched.exe [2008-02-12 84992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-16 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 License Management Service ESD;License Management Service ESD; C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe [2008-03-16 69120]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-17 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe [2008-01-18 5750784]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------




Only the log.txt popped up after scan, the info.txt did not come up.

Edited by chan58849, 01 February 2009 - 11:01 PM.


#5 chan58849

chan58849
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 01 February 2009 - 10:56 PM

GMER log

Attached Files

  • Attached File  GMER.txt   32.04KB   25 downloads


#6 chan58849

chan58849
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 01 February 2009 - 11:48 PM

Malwarebytes' Anti-Malware 1.33
Database version: 1714
Windows 5.1.2600 Service Pack 3, v.5657

2/1/2009 10:42:16 PM
mbam-log-2009-02-01 (22-42-16).txt

Scan type: Full Scan (C:\|J:\|K:\|)
Objects scanned: 230197
Time elapsed: 1 hour(s), 10 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 36
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 53

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ofkjabrl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fccaWMeE.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tveirhhu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lheued.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{621ad536-8a91-4e41-ad5f-95908a9e62f9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{621ad536-8a91-4e41-ad5f-95908a9e62f9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc53678d-e1fd-4516-b85b-12343b1c4bfd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dc53678d-e1fd-4516-b85b-12343b1c4bfd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{19f26c79-e26b-45f8-a182-9c36316332ec} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{19f26c79-e26b-45f8-a182-9c36316332ec} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f9d2137-8a68-471d-a683-0a352d91bdd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f9d2137-8a68-471d-a683-0a352d91bdd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\aylnlfdx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aylnlfdx (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\fvcuefug (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fvcuefug (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\seneka (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\hnwigzyz (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hnwigzyz (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\zhhmxgsf (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zhhmxgsf (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc7cf2d2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Ravi Theja\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\lheued.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fccaWMeE.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fccaWMeE.dllbox (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\c:\windows\system32\fccawmee.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\EeMWaccf.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\EeMWaccf.ini2 (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\anqgmmim.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mimmgqna.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cofawbnn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnbwafoc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilenywfj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jfwyneli.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iuddntck.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kctnddui.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\novrhtyj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jythrvon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofkjabrl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lrbajkfo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trhhjmvj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jvmjhhrt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uyuryclh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlcyruyu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vggaqtna.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\antqaggv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tveirhhu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1275210071-823518204-842925246-1004\Dc31.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Ravi Theja\Local Settings\Temp\nesmcwroxa.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Ravi Theja\Local Settings\Temp\craemnowsx.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Ravi Theja\Local Settings\Temporary Internet Files\Content.IE5\REC50FA5\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ravi Theja\Local Settings\Temporary Internet Files\Content.IE5\REC50FA5\dd_1[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Ravi Theja\Local Settings\Temporary Internet Files\Content.IE5\T2XUUC3M\upd105320[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhculujf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adxdzx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fcyhgwyg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbbmfd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdurrl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\momnyryj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pcmuwkyp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qsxpfv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxxauutg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekacdtatxbj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kpfniofw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxfhzq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lfdmwo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\phqghume.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\rlyualkv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekafreiqxhf.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\nnjvviql.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ldxetwtj.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\galjta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



Thank you so much for your help.

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 02 February 2009 - 02:07 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 chan58849

chan58849
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 02 February 2009 - 06:08 PM

My computer will not let me run Combofix, it keeps saying that there was a prep error.

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 02 February 2009 - 10:53 PM

Delete that version of ComboFix.. Find and delete these folders if present..

C:\combofix
C:\qoobox



Then do below..

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 chan58849

chan58849
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 03 February 2009 - 08:15 PM

I deleted everything, downloaded it again, and saved it as COmbo-Fix, but when I double click it, I still get a prep.com error.


I've noticed that I'm not getting anymore pop-up websites, so I think my problem might be solved.


Please let me know if you suggest I do something else.

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 03 February 2009 - 10:14 PM

I've noticed that I'm not getting anymore pop-up websites, so I think my problem might be solved.


I really hope so.. Please run RSIT again and post the log here for my final review.. We'll see whether your computer is good to go.. or not.. :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 chan58849

chan58849
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 03 February 2009 - 11:35 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Ravi Theja at 2009-02-03 22:34:38
Microsoft Windows XP Professional Service Pack 3, v.5657
System drive C: has 56 GB (29%) free of 194 GB
Total RAM: 1535 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:07 PM, on 2/3/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\visualtasktips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executor\Executor.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Users\Ravi Theja\Desktop\Fixing Stuff\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ravi Theja.exe
C:\Program Files\WinTV\WinTV2K.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39B1EEAE-FD6B-429C-AA2A-17BE1036E639} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7CECEA4D-3DB2-4BFA-864B-7E9E83846A4A} - (no file)
O2 - BHO: (no name) - {94FDEED6-9C38-45E1-A398-995E314628D9} - (no file)
O2 - BHO: (no name) - {aedcf34e-33c6-4fef-af42-77d1ace195df} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {C2A58160-3ED4-4FA5-A54D-DB126449C476} - C:\WINDOWS\system32\efcCrRJY.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\Executor.exe" -s
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TopDesk] C:\WINDOWS\System32\topdesk.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: tuvsPFVn - tuvsPFVn.dll (file missing)
O20 - Winlogon Notify: vtUnkiif - vtUnkiif.dll (file missing)
O23 - Service: Access Utility Service - Unknown owner - C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 11988 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ghwvzxes.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39B1EEAE-FD6B-429C-AA2A-17BE1036E639}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CECEA4D-3DB2-4BFA-864B-7E9E83846A4A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94FDEED6-9C38-45E1-A398-995E314628D9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aedcf34e-33c6-4fef-af42-77d1ace195df}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-08 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A58160-3ED4-4FA5-A54D-DB126449C476}]
C:\WINDOWS\system32\efcCrRJY.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-15 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - QT TabBar - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - QT Tab Standard Buttons - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{af83e43c-dd2b-4787-826b-31b17dee52ed} - QT Breadcrumbs Address Bar - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-02-29 15872]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
"SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [2008-02-28 2049320]
"InCD"=C:\Program Files\Nero\Nero8\InCD\InCD.exe [2008-02-28 1083176]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"=C:\WINDOWS\System32\visualtasktips.exe [2007-09-05 36352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-02-12 15360]
"Executor"=C:\Program Files\Executor\Executor.exe [2008-05-19 1052672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

C:\Users\All Users\Start Menu\Programs\Startup
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Users\Ravi Theja\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe
Dropbox.lnk - C:\Program Files\Dropbox\dropbox.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2008-07-03 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvsPFVn]
tuvsPFVn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUnkiif]
vtUnkiif.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-02-23 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\fccaWMeE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\Streamload\MediaMax XL\MediaMax XL.exe"="C:\Program Files\Streamload\MediaMax XL\MediaMax XL.exe:*:Enabled:MediaMax XL"
"C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe"="C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\phpDesigner 2008\phpDesigner2008.exe"="C:\Program Files\phpDesigner 2008\phpDesigner2008.exe:*:Enabled:phpDesigner2008"
"C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Users\Ravi Theja\Desktop\DRGunZ\DRGunZ.exe"="C:\Users\Ravi Theja\Desktop\DRGunZ\DRGunZ.exe:*:Enabled:Gunz"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\Program Files\Digsby\digsby.exe"="C:\Program Files\Digsby\digsby.exe:*:Enabled:Digsby IM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Users\Ravi Theja\Desktop\RISK2\RISKII.EXE"="C:\Users\Ravi Theja\Desktop\RISK2\RISKII.EXE:*:Enabled:Risk II"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2019-09-25 16:40:30 ----A---- C:\WINDOWS\system32\APITypes.dll
2009-02-03 19:14:09 ----D---- C:\32788R22FWJFW
2009-02-02 17:06:54 ----A---- C:\WINDOWS\system32\cmd.execf
2009-02-01 21:36:30 ----A---- C:\WINDOWS\gmer.ini
2009-02-01 21:36:24 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-01 21:36:24 ----A---- C:\WINDOWS\gmer.dll
2009-02-01 21:36:23 ----A---- C:\WINDOWS\gmer.exe
2009-02-01 21:32:21 ----D---- C:\rsit
2009-02-01 21:29:57 ----D---- C:\Users\Ravi Theja\Application Data\Malwarebytes
2009-02-01 21:29:45 ----D---- C:\Users\All Users\Application Data\Malwarebytes
2009-02-01 21:29:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-31 17:10:16 ----A---- C:\WINDOWS\system32\nuwlsl.dll
2009-01-31 17:10:15 ----A---- C:\WINDOWS\system32\gudkcxyq.dll
2009-01-25 10:28:10 ----A---- C:\WINDOWS\system32\hjjqzn.dll
2009-01-25 10:28:09 ----A---- C:\WINDOWS\system32\jlvvnbfq.dll
2009-01-24 10:26:10 ----SH---- C:\WINDOWS\system32\rhputprk.ini
2009-01-24 07:29:00 ----D---- C:\Program Files\Trend Micro
2009-01-23 18:39:44 ----D---- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2009-01-23 18:39:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-14 21:26:54 ----A---- C:\WINDOWS\iun6002.exe
2009-01-14 21:26:52 ----D---- C:\Program Files\West Point Bridge Designer 2007
2009-01-14 21:26:52 ----A---- C:\WINDOWS\system32\COMCTL32.OCX.bak
2009-01-05 20:26:54 ----D---- C:\Program Files\Synergy
2008-12-27 17:58:55 ----D---- C:\Users\Ravi Theja\Application Data\vlc
2008-12-20 20:18:13 ----D---- C:\Users\Ravi Theja\Application Data\Executor
2008-12-20 20:18:01 ----D---- C:\Program Files\Executor
2008-12-20 16:48:54 ----A---- C:\WINDOWS\system32\c75f36ac-.txt
2008-12-13 12:43:56 ----D---- C:\Users\All Users\Application Data\Digsby
2008-12-10 20:52:01 ----D---- C:\Users\All Users\Application Data\DVD Shrink
2008-12-10 20:52:00 ----D---- C:\Program Files\DVD Shrink
2008-12-09 19:47:12 ----D---- C:\Users\Ravi Theja\Application Data\Twain
2008-11-24 18:34:25 ----D---- C:\Program Files\Xilisoft
2008-11-20 00:52:56 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-20 00:52:54 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-16 10:42:55 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-16 10:42:53 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-16 10:42:51 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-16 10:42:50 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-16 10:42:30 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-16 10:41:43 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-11-16 10:41:41 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-11-16 10:40:39 ----D---- C:\WINDOWS\system32\AGEIA
2008-11-16 10:40:38 ----D---- C:\Program Files\AGEIA Technologies
2008-11-06 16:08:11 ----D---- C:\WINDOWS\system32\QI19
2008-11-06 16:08:11 ----D---- C:\Temp

======List of files/folders modified in the last 3 months======

2009-02-03 21:50:12 ----D---- C:\Users\All Users\Application Data\Google Updater
2009-02-03 19:16:21 ----D---- C:\WINDOWS\Temp
2009-02-03 18:17:14 ----D---- C:\Program Files\Mozilla Firefox
2009-02-02 18:57:14 ----D---- C:\Users\All Users\Application Data\avg8
2009-02-02 17:07:05 ----D---- C:\WINDOWS\Prefetch
2009-02-02 17:06:54 ----D---- C:\WINDOWS\system32
2009-02-02 07:41:11 ----SD---- C:\WINDOWS\Tasks
2009-02-02 07:37:38 ----D---- C:\WINDOWS\system32\drivers
2009-02-02 07:37:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-01 22:57:33 ----HD---- C:\$AVG8.VAULT$
2009-02-01 22:46:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-01 22:42:45 ----RD---- C:\WINDOWS
2009-02-01 22:42:12 ----RD---- C:\Program Files
2009-02-01 14:39:20 ----D---- C:\Users\Ravi Theja\Application Data\Move Networks
2009-01-23 14:05:07 ----D---- C:\Program Files\Full Tilt Poker
2009-01-14 22:23:31 ----D---- C:\Users\Ravi Theja\Application Data\FrostWire
2009-01-14 20:42:59 ----D---- C:\Users\Ravi Theja\Application Data\uTorrent
2009-01-12 22:15:19 ----D---- C:\Users\Ravi Theja\Application Data\Adobe
2009-01-05 20:32:40 ----D---- C:\WINDOWS\Debug
2009-01-05 20:30:12 ----D---- C:\Program Files\CCleaner
2009-01-01 17:17:34 ----A---- C:\WINDOWS\BRPP2KA.INI
2009-01-01 17:17:33 ----A---- C:\WINDOWS\BRWMARK.INI
2008-12-30 21:33:47 ----RSD---- C:\WINDOWS\Fonts
2008-12-30 20:51:14 ----D---- C:\Program Files\Fonts
2008-12-28 21:59:18 ----D---- C:\movies
2008-12-27 20:23:09 ----D---- C:\Users\Ravi Theja\Application Data\dvdcss
2008-12-27 14:46:25 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-22 20:22:46 ----D---- C:\Program Files\FrostWire
2008-12-18 16:01:51 ----HD---- C:\WINDOWS\inf
2008-12-17 21:14:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 21:14:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 15:30:56 ----D---- C:\Program Files\Digsby
2008-12-14 11:36:01 ----D---- C:\Users\Ravi Theja\Application Data\U3
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 21:06:55 ----HD---- C:\Config.Msi
2008-12-11 21:06:55 ----D---- C:\Users\All Users\Application Data\Microsoft Help
2008-12-11 21:06:53 ----SHD---- C:\WINDOWS\Installer
2008-12-11 21:06:00 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-05 16:23:43 ----D---- C:\WINDOWS\system32\bin
2008-11-24 18:43:16 ----D---- C:\Program Files\Smallvideosoft
2008-11-24 18:34:54 ----RD---- C:\Users
2008-11-24 16:47:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-23 10:51:38 ----D---- C:\Users\Ravi Theja\Application Data\LimeWire
2008-11-23 10:46:10 ----AD---- C:\Program Files\Common Files
2008-11-23 10:44:03 ----D---- C:\Users\Ravi Theja\Application Data\MeeBone.F6ED9EBD01AEA0354D3E91504B24BC94F2EBD248.1
2008-11-23 10:42:20 ----D---- C:\Program Files\MeeBone
2008-11-22 17:27:20 ----D---- C:\WINDOWS\Help
2008-11-16 10:41:31 ----D---- C:\WINDOWS\system32\DirectX
2008-11-16 10:40:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-16 10:40:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-16 10:31:17 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 22:01:10 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-01 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-28 38952]
R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-28 40360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-02-11 36352]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-02-12 60800]
R3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-02-12 17024]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-01-21 443460]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-02-12 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2008-02-11 606684]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-02-12 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-11 1897408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-02-11 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-02-11 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-02-11 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-02-11 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-02-11 20608]
R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-28 128424]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-02-12 48128]
S3 aaaj8bbh;aaaj8bbh; C:\WINDOWS\system32\drivers\aaaj8bbh.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-02-12 38912]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-12 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-01 85969]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-02-12 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-02-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-02-12 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-02-12 10880]
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\WINDOWS\System32\Drivers\SilvrLnk.sys [2004-01-28 21456]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-02-12 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2003-10-15 51040]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2003-10-15 6000]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2003-10-15 82576]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-02-12 15232]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-02-12 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-02-12 25856]
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-10-17 3072]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-02-12 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-02-23 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-02-23 82944]
S3 XDva120;XDva120; \??\C:\WINDOWS\system32\XDva120.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-02-11 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-08 168432]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe [2008-02-28 1440552]
R2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S1 InCDRec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-28 17448]
S2 Access Utility Service;Access Utility Service; C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe []
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ehSched;Media Center Scheduler Service; C:\WINDOWS\ehome\ehSched.exe [2008-02-12 84992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-16 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 License Management Service ESD;License Management Service ESD; C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe [2008-03-16 69120]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-17 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe [2008-01-18 5750784]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------




Thank You SOOOO MUCH for your help. I really appreciate.

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 04 February 2009 - 12:59 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\tasks\ghwvzxes.job
    C:\WINDOWS\system32\efcCrRJY.dll
    C:\WINDOWS\system32\nuwlsl.dll
    C:\WINDOWS\system32\gudkcxyq.dll
    C:\WINDOWS\system32\hjjqzn.dll
    C:\WINDOWS\system32\jlvvnbfq.dll
    C:\WINDOWS\system32\rhputprk.ini
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39B1EEAE-FD6B-429C-AA2A-17BE1036E639}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CECEA4D-3DB2-4BFA-864B-7E9E83846A4A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94FDEED6-9C38-45E1-A398-995E314628D9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aedcf34e-33c6-4fef-af42-77d1ace195df}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A58160-3ED4-4FA5-A54D-DB126449C476}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvsPFVn]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUnkiif]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 chan58849

chan58849
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 04 February 2009 - 05:27 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\WINDOWS\tasks\ghwvzxes.job moved successfully.
File/Folder C:\WINDOWS\system32\efcCrRJY.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nuwlsl.dll
C:\WINDOWS\system32\nuwlsl.dll NOT unregistered.
C:\WINDOWS\system32\nuwlsl.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gudkcxyq.dll
C:\WINDOWS\system32\gudkcxyq.dll NOT unregistered.
C:\WINDOWS\system32\gudkcxyq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hjjqzn.dll
C:\WINDOWS\system32\hjjqzn.dll NOT unregistered.
C:\WINDOWS\system32\hjjqzn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jlvvnbfq.dll
C:\WINDOWS\system32\jlvvnbfq.dll NOT unregistered.
C:\WINDOWS\system32\jlvvnbfq.dll moved successfully.
C:\WINDOWS\system32\rhputprk.ini moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39B1EEAE-FD6B-429C-AA2A-17BE1036E639}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CECEA4D-3DB2-4BFA-864B-7E9E83846A4A}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94FDEED6-9C38-45E1-A398-995E314628D9}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aedcf34e-33c6-4fef-af42-77d1ace195df}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A58160-3ED4-4FA5-A54D-DB126449C476}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvsPFVn\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUnkiif\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\Users\RAVITH~1\LOCALS~1\Temp\etilqs_mZepJT86MG9Q7HsV8d9w scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Users\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02042009_162147

Files moved on Reboot...
File C:\Users\RAVITH~1\LOCALS~1\Temp\etilqs_mZepJT86MG9Q7HsV8d9w not found!
File move failed. C:\Users\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\urlclassifier3.sqlite moved successfully.
C:\Users\Ravi Theja\Local Settings\Application Data\Mozilla\Firefox\Profiles\8fyur8uy.default\XUL.mfl moved successfully.

#15 chan58849

chan58849
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 04 February 2009 - 05:30 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Ravi Theja at 2009-02-04 16:28:30
Microsoft Windows XP Professional Service Pack 3, v.5657
System drive C: has 56 GB (29%) free of 194 GB
Total RAM: 1535 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:12 PM, on 2/4/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\visualtasktips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executor\Executor.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Users\Ravi Theja\Desktop\Fixing Stuff\RSIT.exe
C:\Program Files\WinTV\WinTV2K.EXE
C:\Program Files\Trend Micro\HijackThis\Ravi Theja.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\Executor.exe" -s
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [VisualTaskTips] C:\WINDOWS\System32\visualtasktips.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TopDesk] C:\WINDOWS\System32\topdesk.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\dropbox.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Access Utility Service - Unknown owner - C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 11376 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-08 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-15 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - QT TabBar - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - QT Tab Standard Buttons - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{af83e43c-dd2b-4787-826b-31b17dee52ed} - QT Breadcrumbs Address Bar - C:\WINDOWS\system32\mscoree.dll [2007-10-24 282112]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-02-29 15872]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
"SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [2008-02-28 2049320]
"InCD"=C:\Program Files\Nero\Nero8\InCD\InCD.exe [2008-02-28 1083176]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-04 1601304]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"=C:\WINDOWS\System32\visualtasktips.exe [2007-09-05 36352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-02-12 15360]
"Executor"=C:\Program Files\Executor\Executor.exe [2008-05-19 1052672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

C:\Users\All Users\Start Menu\Programs\Startup
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Users\Ravi Theja\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe
Dropbox.lnk - C:\Program Files\Dropbox\dropbox.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-04 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-05-19 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-02-23 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\Streamload\MediaMax XL\MediaMax XL.exe"="C:\Program Files\Streamload\MediaMax XL\MediaMax XL.exe:*:Enabled:MediaMax XL"
"C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe"="C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\phpDesigner 2008\phpDesigner2008.exe"="C:\Program Files\phpDesigner 2008\phpDesigner2008.exe:*:Enabled:phpDesigner2008"
"C:\Program Files\ooVoo\ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Users\Ravi Theja\Desktop\DRGunZ\DRGunZ.exe"="C:\Users\Ravi Theja\Desktop\DRGunZ\DRGunZ.exe:*:Enabled:Gunz"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\Program Files\Digsby\digsby.exe"="C:\Program Files\Digsby\digsby.exe:*:Enabled:Digsby IM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Users\Ravi Theja\Desktop\RISK2\RISKII.EXE"="C:\Users\Ravi Theja\Desktop\RISK2\RISKII.EXE:*:Enabled:Risk II"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2019-09-25 16:40:30 ----A---- C:\WINDOWS\system32\APITypes.dll
2009-02-04 16:21:47 ----D---- C:\_OTMoveIt
2009-02-03 19:14:09 ----D---- C:\32788R22FWJFW
2009-02-02 17:06:54 ----A---- C:\WINDOWS\system32\cmd.execf
2009-02-01 21:36:30 ----A---- C:\WINDOWS\gmer.ini
2009-02-01 21:36:24 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-01 21:36:24 ----A---- C:\WINDOWS\gmer.dll
2009-02-01 21:36:23 ----A---- C:\WINDOWS\gmer.exe
2009-02-01 21:32:21 ----D---- C:\rsit
2009-02-01 21:29:57 ----D---- C:\Users\Ravi Theja\Application Data\Malwarebytes
2009-02-01 21:29:45 ----D---- C:\Users\All Users\Application Data\Malwarebytes
2009-02-01 21:29:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-24 07:29:00 ----D---- C:\Program Files\Trend Micro
2009-01-23 18:39:44 ----D---- C:\Users\All Users\Application Data\Spybot - Search & Destroy
2009-01-23 18:39:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-14 21:26:54 ----A---- C:\WINDOWS\iun6002.exe
2009-01-14 21:26:52 ----D---- C:\Program Files\West Point Bridge Designer 2007
2009-01-14 21:26:52 ----A---- C:\WINDOWS\system32\COMCTL32.OCX.bak
2009-01-05 20:26:54 ----D---- C:\Program Files\Synergy
2008-12-27 17:58:55 ----D---- C:\Users\Ravi Theja\Application Data\vlc
2008-12-20 20:18:13 ----D---- C:\Users\Ravi Theja\Application Data\Executor
2008-12-20 20:18:01 ----D---- C:\Program Files\Executor
2008-12-20 16:48:54 ----A---- C:\WINDOWS\system32\c75f36ac-.txt
2008-12-13 12:43:56 ----D---- C:\Users\All Users\Application Data\Digsby
2008-12-10 20:52:01 ----D---- C:\Users\All Users\Application Data\DVD Shrink
2008-12-10 20:52:00 ----D---- C:\Program Files\DVD Shrink
2008-12-09 19:47:12 ----D---- C:\Users\Ravi Theja\Application Data\Twain
2008-11-24 18:34:25 ----D---- C:\Program Files\Xilisoft
2008-11-20 00:52:56 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-20 00:52:54 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-16 10:42:55 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-16 10:42:53 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-16 10:42:51 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-16 10:42:50 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-16 10:42:30 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-16 10:41:43 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-11-16 10:41:41 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-11-16 10:40:39 ----D---- C:\WINDOWS\system32\AGEIA
2008-11-16 10:40:38 ----D---- C:\Program Files\AGEIA Technologies
2008-11-06 16:08:11 ----D---- C:\WINDOWS\system32\QI19
2008-11-06 16:08:11 ----D---- C:\Temp

======List of files/folders modified in the last 3 months======

2009-02-04 16:26:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-04 16:26:44 ----SD---- C:\WINDOWS\Tasks
2009-02-04 16:25:53 ----D---- C:\Program Files\Mozilla Firefox
2009-02-04 16:25:46 ----D---- C:\WINDOWS\Temp
2009-02-04 16:23:17 ----D---- C:\WINDOWS\system32
2009-02-04 16:22:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-04 09:13:34 ----D---- C:\WINDOWS\system32\drivers
2009-02-04 09:11:35 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-03 22:34:44 ----D---- C:\WINDOWS\Prefetch
2009-02-03 21:50:12 ----D---- C:\Users\All Users\Application Data\Google Updater
2009-02-02 18:57:14 ----D---- C:\Users\All Users\Application Data\avg8
2009-02-01 22:57:33 ----HD---- C:\$AVG8.VAULT$
2009-02-01 22:42:45 ----RD---- C:\WINDOWS
2009-02-01 22:42:12 ----RD---- C:\Program Files
2009-02-01 14:39:20 ----D---- C:\Users\Ravi Theja\Application Data\Move Networks
2009-01-23 14:05:07 ----D---- C:\Program Files\Full Tilt Poker
2009-01-14 22:23:31 ----D---- C:\Users\Ravi Theja\Application Data\FrostWire
2009-01-14 20:42:59 ----D---- C:\Users\Ravi Theja\Application Data\uTorrent
2009-01-12 22:15:19 ----D---- C:\Users\Ravi Theja\Application Data\Adobe
2009-01-05 20:32:40 ----D---- C:\WINDOWS\Debug
2009-01-05 20:30:12 ----D---- C:\Program Files\CCleaner
2009-01-01 17:17:34 ----A---- C:\WINDOWS\BRPP2KA.INI
2009-01-01 17:17:33 ----A---- C:\WINDOWS\BRWMARK.INI
2008-12-30 21:33:47 ----RSD---- C:\WINDOWS\Fonts
2008-12-30 20:51:14 ----D---- C:\Program Files\Fonts
2008-12-28 21:59:18 ----D---- C:\movies
2008-12-27 20:23:09 ----D---- C:\Users\Ravi Theja\Application Data\dvdcss
2008-12-27 14:46:25 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-22 20:22:46 ----D---- C:\Program Files\FrostWire
2008-12-18 16:01:51 ----HD---- C:\WINDOWS\inf
2008-12-17 21:14:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 21:14:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 15:30:56 ----D---- C:\Program Files\Digsby
2008-12-14 11:36:01 ----D---- C:\Users\Ravi Theja\Application Data\U3
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 21:06:55 ----HD---- C:\Config.Msi
2008-12-11 21:06:55 ----D---- C:\Users\All Users\Application Data\Microsoft Help
2008-12-11 21:06:53 ----SHD---- C:\WINDOWS\Installer
2008-12-11 21:06:00 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-05 16:23:43 ----D---- C:\WINDOWS\system32\bin
2008-11-24 18:43:16 ----D---- C:\Program Files\Smallvideosoft
2008-11-24 18:34:54 ----RD---- C:\Users
2008-11-24 16:47:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-23 10:51:38 ----D---- C:\Users\Ravi Theja\Application Data\LimeWire
2008-11-23 10:46:10 ----AD---- C:\Program Files\Common Files
2008-11-23 10:44:03 ----D---- C:\Users\Ravi Theja\Application Data\MeeBone.F6ED9EBD01AEA0354D3E91504B24BC94F2EBD248.1
2008-11-23 10:42:20 ----D---- C:\Program Files\MeeBone
2008-11-22 17:27:20 ----D---- C:\WINDOWS\Help
2008-11-16 10:41:31 ----D---- C:\WINDOWS\system32\DirectX
2008-11-16 10:40:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-16 10:40:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-16 10:31:17 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 22:01:10 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-04 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-04 27656]
R1 InCDPass;Nero InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-28 38952]
R1 incdrm;Nero InCD MRW Remapper; C:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-28 40360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-02-11 36352]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-02-12 60800]
R3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-02-12 17024]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-01-21 443460]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-02-12 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2008-02-11 606684]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-02-12 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-11 1897408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-02-11 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-02-11 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-02-11 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-02-11 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-02-11 20608]
R4 InCDfs;Nero InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-28 128424]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-02-12 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-02-12 38912]
S3 avqy2cw3;avqy2cw3; C:\WINDOWS\system32\drivers\avqy2cw3.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-12 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-01 85969]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-02-12 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-02-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-02-12 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-02-12 10880]
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\WINDOWS\System32\Drivers\SilvrLnk.sys [2004-01-28 21456]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-02-12 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2003-10-15 51040]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2003-10-15 6000]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2003-10-15 82576]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-02-12 15232]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-02-12 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-02-12 25856]
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2007-10-17 3072]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-02-12 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-02-23 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-02-23 82944]
S3 XDva120;XDva120; \??\C:\WINDOWS\system32\XDva120.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-02-11 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-08 168432]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe [2008-02-28 1440552]
R2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S1 InCDRec;Nero InCD File System Recognizer; C:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-28 17448]
S2 Access Utility Service;Access Utility Service; C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe []
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 ehSched;Media Center Scheduler Service; C:\WINDOWS\ehome\ehSched.exe [2008-02-12 84992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-16 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 License Management Service ESD;License Management Service ESD; C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe [2008-03-16 69120]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-17 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe [2008-01-18 5750784]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-02-12 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users