Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This LOG File


  • This topic is locked This topic is locked
25 replies to this topic

#1 krzy32

krzy32

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:03:43 PM

Posted 26 June 2009 - 07:25 AM

Hello !!!!!!!!!

This is my latest Hijack This LOG FILE. My PC has considerably slowed down even when i have Dual-Core n 1 GB Ram. I think ( i might be wrong) that some virus or malware or adware has infected my PC and is slowing my PC by running some processes. SO I REQUEST D CONCERNED PERSON TO PLEASE HELP ME !!!!!!!!!!!!!

THANKS IN ADVANCE !!!!!!!!!

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:13 AM

Posted 30 June 2009 - 09:50 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
First I would like to see a new log since alot could have changed since your origional post.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:13 AM

Posted 05 July 2009 - 06:14 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#4 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:03:43 PM

Posted 07 July 2009 - 08:20 AM

Heyy

sorry i couldnt reply to my previous query as my internet was not working
I THANK SYLER for helping me but i couldnt provide him any feedback cuz of internet problems

So i am posting the RSIT log as asked by him so if anybody can help me out PLEASE PLEASE PLEASE help me

Thanking in Advance

Cheers
Ravi


RSIT LOG FILE

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pradyunma at 2009-07-07 18:46:47
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 23 GB (30%) free of 75 GB
Total RAM: 1015 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:53 PM, on 7/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pradyunma\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pradyunma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=331...gitCheckError=7
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.gadima.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ERBHOMasterObject Class - {5A15CA85-DAB9-456c-95ED-06C6E3885C2A} - C:\Program Files\ExitReality\Webspace\System\ExitRealityHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: APS Designer 5.0.LNK = C:\Program Files\APS50\aps50.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Visit in 3D - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\ExitReality\Webspace\System\ExitRealityHelper.dll (HKCU)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nanotechie.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553518000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FD90DD4-43D3-4FEE-BA2E-6864CA3D7504}: NameServer = 203.94.227.70,203.94.243.70
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 9872 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-725345543-1004UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{1085B32D-4D3A-4232-B8E2-04A45059C28E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-15 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A15CA85-DAB9-456c-95ED-06C6E3885C2A}]
ERBHOMasterObject Class - C:\Program Files\ExitReality\Webspace\System\ExitRealityHelper.dll [2008-09-15 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-13 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL [2009-02-27 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-05-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-05-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]
{12F02779-6D88-4958-8AD3-83C12D86ADC7}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo Messenger"= []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-15 198160]
"boincmgr"=C:\Program Files\BOINC\boincmgr.exe [2009-06-10 4182784]
"boinctray"=C:\Program Files\BOINC\boinctray.exe [2009-06-10 58112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
""=1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"Google Update"=C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 133104]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2006-11-10 1051648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC6Player]
C:\Program Files\HHVcdV6Sys\VC6Play.exe [2004-06-25 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.vbs]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.vbs []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-10-24 217194]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pradyunma^Start Menu^Programs^Startup^APS Designer 4.0.LNK]
C:\Program Files\APS40\aps40.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pradyunma^Start Menu^Programs^Startup^desktop.ini]
C:\Documents and Settings\Pradyunma\Start Menu\Programs\Startup\desktop.ini []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VC6SecS"=2
"InCDsrv"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe

C:\Documents and Settings\Pradyunma\Start Menu\Programs\Startup
APS Designer 5.0.LNK - C:\Program Files\APS50\aps50.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NofolderOptions"=0
"NoRun"=0
"EditLevel"=0
"NoClose"=0
"NoCommonGroups"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE"
"D:\Games\ACTION\NFS3\NFS3.EXE"="D:\Games\ACTION\NFS3\NFS3.EXE:*:Enabled:Need For Speed III for Win32"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Tally\tally72.exe"="C:\Tally\tally72.exe:*:Enabled:tally72"
"C:\Program Files\Valve\hltv.exe"="C:\Program Files\Valve\hltv.exe:*:Disabled:HLTV Launcher"
"D:\Games\NFS UG2\Need for Speed Underground 2\speed2.exe"="D:\Games\NFS UG2\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b043f937-06d3-11dd-8d7e-001d7d80b2ed}]
shell\AutoRun\command - G:\qwultj1.bat
shell\explore\command - G:\qwultj1.bat
shell\open\command - G:\qwultj1.bat


======File associations======

.scr - open - "%1" %*
.scr - config -

======List of files/folders created in the last 3 months======

2009-07-07 18:42:00 ----D---- C:\rsit
2009-06-22 22:52:59 ----A---- C:\WINDOWS\PROTOCOL.INI
2009-06-22 22:52:48 ----D---- C:\Program Files\D-Link
2009-06-19 17:50:38 ----D---- C:\Program Files\BOINC
2009-06-19 17:50:38 ----D---- C:\Documents and Settings\All Users\Application Data\BOINC
2009-06-15 23:06:08 ----D---- C:\Program Files\Common Files\xing shared
2009-06-10 22:46:42 ----D---- C:\Documents and Settings\Pradyunma\Application Data\Samsung
2009-06-10 22:37:43 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-06-10 22:37:20 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-06-10 22:35:27 ----D---- C:\Program Files\Samsung
2009-06-10 17:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 17:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 17:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 17:42:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-29 23:02:04 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-05-29 23:02:01 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2009-05-29 12:35:46 ----A---- C:\WINDOWS\system32\suppdll.dll
2009-05-29 12:35:45 ----SHD---- C:\Documents and Settings\Pradyunma\Application Data\.#
2009-04-30 22:58:52 ----A---- C:\Documents and Settings\Pradyunma\Application Data\AutoGK.ini
2009-04-30 15:04:35 ----D---- C:\Program Files\XviD
2009-04-30 15:04:24 ----D---- C:\Program Files\AviSynth 2.5
2009-04-30 15:01:51 ----D---- C:\Program Files\Gabest
2009-04-30 15:01:16 ----D---- C:\Program Files\AutoGK
2009-04-15 19:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 19:21:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 19:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 19:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 19:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 19:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-11 02:28:42 ----D---- C:\WINDOWS\temp
2009-04-11 02:21:34 ----D---- C:\WINDOWS\system32\CatRoot2

======List of files/folders modified in the last 3 months======

2009-07-07 18:42:13 ----D---- C:\WINDOWS\Prefetch
2009-07-07 18:40:06 ----D---- C:\Program Files\Mozilla Firefox
2009-07-07 18:02:28 ----A---- C:\WINDOWS\aps50.ini
2009-07-07 17:15:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-07 17:07:41 ----SD---- C:\WINDOWS\Tasks
2009-07-07 16:52:17 ----D---- C:\Documents and Settings
2009-07-06 21:54:51 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-06 15:38:36 ----D---- C:\WINDOWS
2009-07-06 13:21:20 ----D---- C:\Temp
2009-07-06 13:18:43 ----A---- C:\WINDOWS\QTW.INI
2009-07-04 22:54:16 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-04 22:29:37 ----SHD---- C:\WINDOWS\Installer
2009-07-04 22:29:36 ----HD---- C:\Config.Msi
2009-07-04 22:29:35 ----D---- C:\Documents and Settings\Pradyunma\Application Data\Mozilla
2009-07-04 20:15:09 ----SHD---- C:\System Volume Information
2009-07-04 20:15:09 ----D---- C:\WINDOWS\system32\Restore
2009-07-03 20:45:21 ----A---- C:\WINDOWS\cdplayer.ini
2009-07-03 00:50:29 ----D---- C:\tmp
2009-06-29 23:29:10 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-29 23:27:26 ----HD---- C:\WINDOWS\inf
2009-06-28 00:45:18 ----RD---- C:\Program Files
2009-06-27 23:06:17 ----D---- C:\WINDOWS\system32
2009-06-27 23:06:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-27 13:57:02 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-06-26 18:03:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-24 12:34:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-24 12:34:09 ----D---- C:\Program Files\EA Games
2009-06-19 17:50:18 ----D---- C:\WINDOWS\Downloaded Installations
2009-06-18 12:12:34 ----D---- C:\WINDOWS\system32\drivers
2009-06-15 23:06:08 ----D---- C:\Program Files\Common Files
2009-06-15 23:06:00 ----D---- C:\Program Files\Common Files\Real
2009-06-15 23:05:57 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-06-15 23:05:43 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-06-15 23:05:43 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-06-15 23:05:39 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-06-15 23:05:39 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-06-10 18:10:03 ----A---- C:\WINDOWS\win.ini
2009-06-10 17:58:09 ----A---- C:\WINDOWS\imsins.BAK
2009-06-10 17:57:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-05 22:17:05 ----A---- C:\WINDOWS\hpfccopy.INI
2009-06-01 22:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-29 23:03:23 ----D---- C:\Documents and Settings\Pradyunma\Application Data\Nokia
2009-05-27 10:32:50 ----D---- C:\WINDOWS\Minidump
2009-05-08 00:57:58 ----A---- C:\WINDOWS\ODBCINST.INI
2009-05-08 00:57:58 ----A---- C:\WINDOWS\ODBC.INI
2009-05-07 21:14:00 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-30 12:44:03 ----A---- C:\WINDOWS\avisplitter.INI
2009-04-27 20:45:22 ----D---- C:\Documents and Settings\Pradyunma\Application Data\AdobeUM
2009-04-26 19:22:00 ----A---- C:\HP.ini
2009-04-15 22:14:32 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 22:14:31 ----D---- C:\WINDOWS\AppPatch
2009-04-15 20:56:39 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-04-15 14:54:05 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-04-11 02:30:37 ----RD---- C:\WINDOWS\Web
2009-04-11 00:56:41 ----A---- C:\WINDOWS\ntbtlog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1005000.086\BHDrvx86.sys [2009-02-27 258608]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1005000.086\ccHPx86.sys [2009-03-20 482352]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090625.003\IDSxpx86.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2006-11-10 31360]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2006-11-10 33792]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1005000.086\SRTSP.SYS [2009-02-27 307760]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-06-10 5632]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMTDI.SYS [2009-02-27 217392]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090706.016\NAVEX15.SYS []
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMFW.SYS [2009-02-27 89776]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMIDS.SYS [2009-02-27 34736]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-27 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMNDIS.SYS [2009-02-27 37296]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2006-11-10 102912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 iMSPQMn;iMSPQMn; \??\C:\Documents and Settings\Pradyunma\iMSPQMn.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMDNS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-27 36400]
S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 USB_RNDIS;D-Link DSL Bridge/Router; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2006-02-28 12672]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-24 243064]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-05-20 147456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2008-11-21 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-24 3192184]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe []
S4 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2006-11-10 859136]
S4 VC6SecS;Virtual CD v6 Management Service; C:\Program Files\HHVcdV6Sys\VC6SecS.exe [2004-05-07 98304]

-----------------EOF-----------------



RSIT INFO FILE

info.txt logfile of random's system information tool 1.06 2009-07-07 18:42:16

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe Illustrator 9.0.1-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.isu" -c"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.dll"
Adobe PageMaker 6.5-->C:\WINDOWS\uninst.exe -fC:\PM65\DeIsL1.isu
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Manager 4.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
APS Designer 4.0-->C:\WINDOWS\DESUNST.EXE
APS Designer 5.0 (C:\Program Files\APS50\) #3-->C:\WINDOWS\DESUNST.EXE
APS Designer 5.0 (C:\Program Files\APS50\) #4-->C:\WINDOWS\DESUNST.EXE
APS Designer 5.0 (C:\Program Files\APS50\)-->C:\WINDOWS\DESUNST.EXE
APS Designer 5.0-->C:\WINDOWS\DESUNST.EXE
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Auto Gordian Knot 2.55-->C:\Program Files\AutoGK\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS DVD Player version 2.4-->"C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
AVS DVDMenu Editor 1.2.1.19-->"C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Tools 5.6-->"C:\Program Files\AVSMedia\VideoTools\unins000.exe"
BOINC-->MsiExec.exe /I{FAC5A618-C41C-485F-826C-3589BDA34CE7}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Graphics Suite 11-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CueClub-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Real\RealGames\CueClub\setup.exe"
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DSL USB Driver-->%ComSpec% /c ("%ProgramFiles%\D-Link\DSL USB Driver\deviceinst.exe" -remove "%ProgramFiles%\D-Link\DSL USB Driver\device.dat") && (C:\WINNT\uninst.exe -f"%ProgramFiles%\D-Link\DSL USB Driver\DeIsL1.isu" -c"%ProgramFiles%\D-Link\DSL USB Driver\_ISREG32.DLL")
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
ExitReality-->C:\Program Files\ExitReality\UninstallExitReality.exe
FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe"
GoldWave v5.25-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.25" "C:\Program Files\GoldWave\unstall.log"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Harry Potter - Quidditch World Cup-->C:\Program Files\EA GAMES\Harry Potter - Quidditch WC\EAUninstall.exe
Harry Potter and the Goblet of Fire™-->C:\Program Files\Electronic Arts\Harry Potter and the Goblet of Fire\EAUninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Scanjet 2400 and 3600 series 9.0-->C:\Program Files\HP\Digital Imaging\{8F8FA09F-3F77-4640-8C7D-45FA1D817DE7}\setup\hpzscr01.exe -datfile hpgscr24.dat
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 5-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160050}
K-Lite Mega Codec Pack 3.9.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 7 Essentials-->MsiExec.exe /I{F87DA817-8D53-42CC-AA45-93A100341033}
NetBeans IDE 6.0.1-->"C:\Program Files\NetBeans 6.0.1\uninstall.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\16.5.0.134\InstStub.exe /X
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PicLens for Internet Explorer-->MsiExec.exe /I{5B5B1BD4-1450-355C-92AF-2DA0C9DF1A7F}
PicLens for Internet Explorer-->MsiExec.exe /I{C92651B8-39F6-3DD5-80EF-E71D2A21DE2F}
PowerDVD-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\PowerDVD\Uninst.isu"
QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
Rediff Bol-->C:\Program Files\Rediff Bol\uninstall.exe
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Rupantar 1.0-->C:\WINDOWS\rupaunst.EXE
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB960714)-->"C:\WINDOWS\ie8updates\KB960714-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Settlers3-->C:\WINDOWS\IsUninst.exe -fC:\BlueByte\Settlers3\DeIsL1.isu -x -c"C:\BlueByte\Settlers3\\Install\ITools.dll"
Sony Ericsson Themes Creator 3.32-->C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
Sony Preset Manager 2.0-->MsiExec.exe /X{005E3474-A9DB-4EB2-BDB8-0AA7541A0782}
Sony Sound Forge 8.0-->MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Transport Giant-->MsiExec.exe /X{BAC3B914-9A96-4097-A5C7-7BF0CAD679D3}
Update for Windows Internet Explorer 8 (KB961813)-->"C:\WINDOWS\ie8updates\KB961813-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Driver Package - Nokia Modem (08/03/2007 3.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_05A76228EE0EF20D8B64523AD40E95C8F09D6988\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordWeb-->C:\Program Files\WordWeb\uninst.exe
XviD MPEG4 Video Codec (remove only)-->"C:\Program Files\XviD\xvid-uninstall.exe"
Yahi Hai India-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Yahi Hai India\ST5UNST.LOG"
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

=====HijackThis Backups=====

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (file missing) [2008-08-28]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-05-02]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton AntiVirus

======System event log======

Computer Name: PRATIBHA
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 62171
Source Name: Cdrom
Time Written: 20090623182233.000000+330
Event Type: warning
User:

Computer Name: PRATIBHA
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 62170
Source Name: Cdrom
Time Written: 20090623182233.000000+330
Event Type: warning
User:

Computer Name: PRATIBHA
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 62169
Source Name: Cdrom
Time Written: 20090623182233.000000+330
Event Type: warning
User:

Computer Name: PRATIBHA
Event Code: 7034
Message: The IMAPI CD-Burning COM Service service terminated unexpectedly. It has done this 1 time(s).

Record Number: 62166
Source Name: Service Control Manager
Time Written: 20090623182051.000000+330
Event Type: error
User:

Computer Name: PRATIBHA
Event Code: 1002
Message: The IP address lease 192.168.1.2 for the Network Card with network address 000F3DDCB996 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 62157
Source Name: Dhcp
Time Written: 20090623175905.000000+330
Event Type: error
User:

=====Application event log=====

Computer Name: PRATIBHA
Event Code: 1001
Message: Detection of product '{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}', feature 'SolutionCenter' failed during request for component '{5FF21F12-FDC3-4FB0-A6BE-04FE524B1C11}'

Record Number: 31322
Source Name: MsiInstaller
Time Written: 20090620195439.000000+330
Event Type: warning
User: PRATIBHA\Pradyunma

Computer Name: PRATIBHA
Event Code: 1004
Message: Detection of product '{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}', feature 'SolutionCenter', component '{C8AA5B6D-C6A6-487D-B2AD-B6C2DC258E47}' failed. The resource 'C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx' does not exist.

Record Number: 31321
Source Name: MsiInstaller
Time Written: 20090620195439.000000+330
Event Type: warning
User: PRATIBHA\Pradyunma

Computer Name: PRATIBHA
Event Code: 11706
Message: Product: SolutionCenter -- Error 1706. An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'.

Record Number: 31319
Source Name: MsiInstaller
Time Written: 20090620195439.000000+330
Event Type: error
User: PRATIBHA\Pradyunma

Computer Name: PRATIBHA
Event Code: 1001
Message: Detection of product '{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}', feature 'SolutionCenter' failed during request for component '{5FF21F12-FDC3-4FB0-A6BE-04FE524B1C11}'

Record Number: 31318
Source Name: MsiInstaller
Time Written: 20090620195420.000000+330
Event Type: warning
User: PRATIBHA\Pradyunma

Computer Name: PRATIBHA
Event Code: 1004
Message: Detection of product '{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}', feature 'SolutionCenter', component '{C8AA5B6D-C6A6-487D-B2AD-B6C2DC258E47}' failed. The resource 'C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx' does not exist.

Record Number: 31317
Source Name: MsiInstaller
Time Written: 20090620195420.000000+330
Event Type: warning
User: PRATIBHA\Pradyunma

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jdk1.6.0_05\bin;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\cygnus\cygwin-b20\H-i586-cygwin32\bin;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Samsung\Samsung PC Studio 3\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f02
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"windir"=%SystemRoot%

-----------------EOF-----------------

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:13 AM

Posted 09 July 2009 - 05:10 PM

Hello krzy32,

To avoid confusion, I have merged your latest topic in the HiJack This forum to your previous topic which I have reopened.

Back to you Syler,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:13 AM

Posted 09 July 2009 - 05:41 PM

Thanks OB

Hello krzy32,


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following:
  • MBAM log
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#7 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:03:43 PM

Posted 11 July 2009 - 07:14 AM

THANKS AGAIN FOR HELPING ME..........I'll Post the log file
i'm sure u'll get me outta this.

Cheers!!!!!!!
RAVI

#8 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:03:43 PM

Posted 11 July 2009 - 01:18 PM

HERE ARE THE LOG FILES AS REQUESTED

MABM LOG FILE

Malwarebytes' Anti-Malware 1.38
Database version: 2404
Windows 5.1.2600 Service Pack 2

7/11/2009 11:13:57 PM
mbam-log-2009-07-11 (23-13-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 220389
Time elapsed: 5 hour(s), 17 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\pradyunma\my documents\downloads\setupxv (1).exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\pradyunma\my documents\downloads\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.


I AM ATTACHING THE OTL FILE AS FIREFOX Stops responding when i tyr to paste the contents

HERE IS THE EXTRA LOG FILE of OTL


EXTRA LOG FILE

OTL Extras logfile created on: 7/11/2009 11:26:10 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Pradyunma\My Documents\RAVI
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 453.66 Mb Available Physical Memory | 44.67% Memory free
2.38 Gb Paging File | 1.98 Gb Available in Paging File | 82.89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.24 Gb Total Space | 22.25 Gb Free Space | 30.38% Space Free | Partition Type: NTFS
Drive D: | 75.80 Gb Total Space | 8.37 Gb Free Space | 11.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRATIBHA
Current User Name: Pradyunma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = 0
"FirstRunDisabled" = 0
"FirewallOverride" = 0
"AntiVirusOverride" = 0
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 18:14:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/10 18:14:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/09/10 15:12:44 | 00,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE
File not found -- D:\Games\ACTION\NFS3\NFS3.EXE:*:Enabled:Need For Speed III for Win32
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2009/06/22 15:23:06 | 03,995,120 | ---- | M] (Google) -- C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
[2009/06/22 14:57:54 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
File not found -- C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher
[2006/11/16 19:04:32 | 00,663,552 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home
[2006/11/17 21:23:38 | 01,556,480 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup
File not found -- C:\Tally\tally72.exe:*:Enabled:tally72
File not found -- C:\Program Files\Valve\hltv.exe:*:Disabled:HLTV Launcher
[2004/11/10 03:58:10 | 04,788,224 | ---- | M] () -- D:\Games\NFS UG2\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{005E3474-A9DB-4EB2-BDB8-0AA7541A0782}" = Sony Preset Manager 2.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{315DF43B-7BFC-40E7-A1A7-BEBA128D4C03}" = hpg2436
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0160050}" = Java™ SE Development Kit 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D7BD4A-5BE7-11D4-9D68-0020781864F1}" = CueClub
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5B5B1BD4-1450-355C-92AF-2DA0C9DF1A7F}" = PicLens for Internet Explorer
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F8FA09F-3F77-4640-8C7D-45FA1D817DE7}" = HP Scanjet 2400 and 3600 series 9.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter and the Goblet of Fire™
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B905C2C6-E171-4D6A-B235-EDECF1F5EFB1}" = Samsung PC Studio 3
"{BAC3B914-9A96-4097-A5C7-7BF0CAD679D3}" = Transport Giant
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BED97FB6-E9E2-4DEC-009D-9950236206DA}" = Harry Potter - Quidditch World Cup
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C92651B8-39F6-3DD5-80EF-E71D2A21DE2F}" = PicLens for Internet Explorer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB712A6-D11C-4CFF-A5B9-A51F004F998B}" = hpg2436QFolder
"{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}" = Google Talk Plugin
"{F87DA817-8D53-42CC-AA45-93A100341033}" = Nero 7 Essentials
"{FAC5A618-C41C-485F-826C-3589BDA34CE7}" = BOINC
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0.1" = Adobe Illustrator 9.0.1
"Adobe PageMaker 6.5" = Adobe PageMaker 6.5
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS Video Tools 5_is1" = AVS Video Tools 5.6
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DSL USB Driver" = DSL USB Driver
"EAX Unified" = EAX Unified
"ExitReality" = ExitReality
"F1CB0AC2D40DDCFCA6933082B115073476C155DE" = Windows Driver Package - Nokia Modem (08/03/2007 3.2)
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GoldWave v5.25" = GoldWave v5.25
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Beta 2
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"nbi-nb-base-6.0.1.1.200801291616" = NetBeans IDE 6.0.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PowerDVD" = PowerDVD
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"QuickTime32" = QuickTime for Windows (32-bit)
"RealPlayer 6.0" = RealPlayer
"Rediff Bol" = Rediff Bol
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Settlers3Deinstall" = Settlers3
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 3.32
"ST5UNST #1" = APS Designer 5.0
"ST5UNST #2" = Yahi Hai India
"ST5UNST #3" = APS Designer 5.0 (C:\Program Files\APS50\)
"ST5UNST #4" = APS Designer 5.0 (C:\Program Files\APS50\) #3
"ST5UNST #5" = APS Designer 4.0
"ST5UNST #6" = APS Designer 5.0 (C:\Program Files\APS50\) #4
"ST5UNST #7" = Rupantar 1.0
"SystemRequirementsLab" = System Requirements Lab
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordWeb" = WordWeb
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Companion" = Yahoo! ¤u¨ã¦C
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Folder Lock" = Folder Lock
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2009 3:55:52 PM | Computer Name = PRATIBHA | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\7D2F387510069040002000060BECB6AB\SourceList'

Error - 7/11/2009 3:42:58 AM | Computer Name = PRATIBHA | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\7D2F387510069040002000060BECB6AB\SourceList'

Error - 7/11/2009 7:29:33 AM | Computer Name = PRATIBHA | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\7D2F387510069040002000060BECB6AB\SourceList'

Error - 7/11/2009 8:59:15 AM | Computer Name = PRATIBHA | Source = Google Update | ID = 20
Description =

Error - 7/11/2009 9:59:16 AM | Computer Name = PRATIBHA | Source = Google Update | ID = 20
Description =

Error - 7/11/2009 10:59:05 AM | Computer Name = PRATIBHA | Source = Google Update | ID = 20
Description =

Error - 7/11/2009 11:59:05 AM | Computer Name = PRATIBHA | Source = Google Update | ID = 20
Description =

Error - 7/11/2009 12:59:08 PM | Computer Name = PRATIBHA | Source = Google Update | ID = 20
Description =

Error - 7/11/2009 1:47:07 PM | Computer Name = PRATIBHA | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\7D2F387510069040002000060BECB6AB\SourceList'

Error - 7/11/2009 1:47:19 PM | Computer Name = PRATIBHA | Source = BOINC | ID = 1
Description =

[ System Events ]
Error - 7/10/2009 8:04:51 AM | Computer Name = PRATIBHA | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 7/10/2009 8:05:12 AM | Computer Name = PRATIBHA | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 7/10/2009 12:44:42 PM | Computer Name = PRATIBHA | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 7/10/2009 12:44:49 PM | Computer Name = PRATIBHA | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 7/10/2009 3:55:25 PM | Computer Name = PRATIBHA | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 7/10/2009 3:55:33 PM | Computer Name = PRATIBHA | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 7/11/2009 3:42:15 AM | Computer Name = PRATIBHA | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 7/11/2009 3:42:36 AM | Computer Name = PRATIBHA | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 7/11/2009 7:29:02 AM | Computer Name = PRATIBHA | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 7/11/2009 1:46:55 PM | Computer Name = PRATIBHA | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

< End of report >

Edited by krzy32, 11 July 2009 - 01:20 PM.


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:13 AM

Posted 11 July 2009 - 10:21 PM

I AM ATTACHING THE OTL FILE AS FIREFOX Stops responding when i tyr to paste the contents


Proberbly because you changed it to scan files from the last 90 days, so the log is too big. Change it back to the default setting of 30 days!
then run it again and POST the log, also run this next scan.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

unite.jpg


#10 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:03:43 PM

Posted 12 July 2009 - 12:34 PM

Here is the OTL Log FILE...............ur guess was absolutely correct....i'd selected 90 days option.

OTL logfile created on: 7/12/2009 10:57:04 PM - Run 2
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Pradyunma\My Documents\RAVI
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 437.93 Mb Available Physical Memory | 43.13% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.30% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.24 Gb Total Space | 22.22 Gb Free Space | 30.34% Space Free | Partition Type: NTFS
Drive D: | 75.80 Gb Total Space | 8.37 Gb Free Space | 11.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRATIBHA
Current User Name: Pradyunma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/06/13 15:53:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/08/24 02:05:30 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/05/20 22:17:08 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009/02/27 16:27:27 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2008/11/21 12:06:32 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\UTSCSI.EXE
PRC - [2009/06/15 23:05:34 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/10 11:05:38 | 00,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2009/06/30 23:24:31 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2007/09/10 15:12:44 | 00,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
PRC - [2009/02/27 16:27:27 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
PRC - [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/06/15 23:09:36 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/11 01:39:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pradyunma\My Documents\RAVI\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2000/05/24 15:20:36 | 00,015,360 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\ATMsrvc.exe -- (ATMsrvc [Disabled | Stopped])
SRV - File not found -- -- (Autodesk Licensing Service [Disabled | Stopped])
SRV - [2007/08/24 02:05:30 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/24 14:08:34 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2006/02/28 17:30:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/03/11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Stopped])
SRV - [2006/11/10 16:18:42 | 00,859,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Stopped])
SRV - [2008/05/20 22:17:08 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/08/24 02:05:22 | 03,192,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2006/11/10 19:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2009/02/27 16:27:27 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe -- (Norton AntiVirus [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/11/11 09:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist [On_Demand | Stopped])
SRV - [2006/02/28 17:30:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Stopped])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2008/11/21 12:06:32 | 00,045,056 | ---- | M] () -- C:\WINDOWS\System32\UTSCSI.EXE -- (UTSCSI [Auto | Running])
SRV - [2004/05/07 11:38:00 | 00,098,304 | ---- | M] (H+H Software GmbH) -- C:\Program Files\HHVcdV6Sys\VC6SecS.exe -- (VC6SecS [Disabled | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/27 16:27:36 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009/03/20 21:39:40 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2009/03/09 13:30:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2004/10/25 20:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2009/03/09 13:30:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2004/07/14 12:54:42 | 00,676,864 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2008/03/06 21:36:16 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys -- (Haspnt [Auto | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/02/15 13:12:06 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2009/01/30 03:20:18 | 00,276,344 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090709.001\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2008/02/04 09:14:24 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Pradyunma\iMSPQMn.sys -- (iMSPQMn [On_Demand | Stopped])
DRV - [2006/11/10 16:15:44 | 00,102,912 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])
DRV - [2006/11/10 16:16:34 | 00,031,360 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2006/11/10 16:17:50 | 00,033,792 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm [System | Running])
DRV - [2006/11/15 12:04:00 | 04,225,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/03/09 13:30:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/09 13:30:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090711.024\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2008/09/15 07:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/09/15 07:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2004/02/19 10:39:00 | 00,074,496 | ---- | M] (H+H Software GmbH) -- C:\WINDOWS\System32\Drivers\OBVIOUS.SYS -- (obvious [System | Running])
DRV - [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2006/02/28 17:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/10/28 15:32:00 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/12/14 14:14:06 | 00,085,120 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2007/11/13 15:55:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/02/27 16:27:36 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/02/27 16:27:36 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2005/08/30 17:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2005/08/30 17:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2005/08/30 17:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2009/06/10 22:44:08 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2009/02/27 16:27:36 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1005000.086\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/03/20 21:40:17 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/02/27 16:27:36 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/02/27 16:27:36 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/27 16:27:28 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/27 16:27:28 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/02/27 16:27:36 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/27 16:27:36 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2008/09/15 07:56:24 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2004/08/03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/09/15 07:56:34 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2006/02/28 17:30:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
DRV - [2008/03/31 18:00:26 | 00,035,363 | ---- | M] () -- C:\WINDOWS\System32\windrvNT.sys -- (windrvNT [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3...ml?mode=toolbar


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
IE - HKU\S-1-5-21-823518204-1220945662-725345543-1004\S-1-5-21-823518204-1220945662-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-1220945662-725345543-1004\S-1-5-21-823518204-1220945662-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.gadima.com

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {bb6bc1bb-f824-4702-90cd-35e2fb24f25c}:0.2.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1
FF - prefs.js..extensions.enabledItems: support@exitreality.com:1.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.685
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/05/20 22:17:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\support@exitreality.com: C:\Program Files\ExitReality\WebSpace\System\Mozilla\Extension [2008/09/19 22:49:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/03/05 16:39:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/15 23:06:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/15 23:09:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/15 23:09:43 | 00,000,000 | ---D | M]

[2008/07/28 21:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pradyunma\Application Data\mozilla\Extensions
[2008/07/28 21:11:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pradyunma\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/11 23:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pradyunma\Application Data\mozilla\Firefox\Profiles\1v0j1czv.default\extensions
[2009/06/26 18:15:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pradyunma\Application Data\mozilla\Firefox\Profiles\1v0j1czv.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/05/23 23:45:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pradyunma\Application Data\mozilla\Firefox\Profiles\1v0j1czv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/18 01:23:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pradyunma\Application Data\mozilla\Firefox\Profiles\1v0j1czv.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25c}
[2009/05/23 23:45:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pradyunma\Application Data\mozilla\Firefox\Profiles\1v0j1czv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/23 23:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pradyunma\Application Data\mozilla\Firefox\Profiles\1v0j1czv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/12 22:16:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/15 23:09:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/15 23:09:35 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/15 23:09:35 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/06 16:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/06/15 23:09:39 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007/01/05 19:47:00 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/15 23:05:57 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/15 23:06:14 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/06/15 23:05:48 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/06/03 18:37:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/03 18:37:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/03 18:37:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/03 18:37:00 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/03 18:37:00 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/03 18:37:01 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/03 18:37:01 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (266084 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9217 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ERBHOMasterObject Class) - {5A15CA85-DAB9-456c-95ED-06C6E3885C2A} - C:\Program Files\ExitReality\Webspace\System\ExitRealityHelper.dll ()
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨ã¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [boincmgr] File not found
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - HKU\S-1-5-21-823518204-1220945662-725345543-1004..\Run: [Google Update] C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-823518204-1220945662-725345543-1004..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O4 - Startup: C:\Documents and Settings\Pradyunma\Start Menu\Programs\Startup\APS Designer 5.0.LNK = C:\Program Files\APS50\aps50.exe (SP Software Services)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-823518204-1220945662-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll (Cooliris Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\..Trusted Domains: rapidshare.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\..Trusted Domains: yahoo.com ([us.mg2.mail] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-1220945662-725345543-1004\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://img4.orkut.com/activex/10036/photouploader.cab (UploadListView Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://nanotechie.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553518000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} http://www.intel.com/design/motherbd/boardid/BoardID.cab (BoardCtl Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b043f937-06d3-11dd-8d7e-001d7d80b2ed}\Shell\AutoRun\command - "" = G:\qwultj1.bat -- File not found
O33 - MountPoints2\{b043f937-06d3-11dd-8d7e-001d7d80b2ed}\Shell\explore\Command - "" = G:\qwultj1.bat -- File not found
O33 - MountPoints2\{b043f937-06d3-11dd-8d7e-001d7d80b2ed}\Shell\open\Command - "" = G:\qwultj1.bat -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/11 01:43:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pradyunma\Application Data\Malwarebytes
[2009/07/11 01:42:59 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/11 01:42:57 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/11 01:42:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/11 01:42:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/07 18:42:00 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/07 18:41:09 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Pradyunma\My Documents\RSIT.exe
[2009/07/04 22:29:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pradyunma\Local Settings\Application Data\Temp
[2009/06/30 23:24:37 | 00,000,994 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-725345543-1004UA.job
[2009/06/30 23:24:36 | 00,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-725345543-1004Core.job
[2009/06/29 23:31:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pradyunma\My Documents\bd_rem_tool
[2009/06/29 23:30:30 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Pradyunma\My Documents\noauto.reg
[2009/06/28 14:55:13 | 01,147,763 | ---- | C] () -- C:\Documents and Settings\Pradyunma\Desktop\Right Now.mp3
[2009/06/27 16:02:48 | 05,141,824 | ---- | C] () -- C:\Documents and Settings\Pradyunma\My Documents\TransportG_HB_UK.pdf
[2009/06/26 18:02:29 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/06/22 22:52:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/06/22 22:52:48 | 00,000,000 | ---D | C] -- C:\Program Files\D-Link
[2009/06/19 17:50:38 | 00,000,000 | ---D | C] -- C:\Program Files\BOINC
[2009/06/19 17:50:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2009/06/19 17:49:55 | 06,694,304 | ---- | C] (Space Sciences Laboratory, U.C. Be) -- C:\Documents and Settings\Pradyunma\My Documents\boinc_6.6.36_windows_intelx86.exe
[2009/06/18 11:45:31 | 00,869,627 | ---- | C] () -- C:\Documents and Settings\Pradyunma\My Documents\Engineering_CET _Brochure_2009_Final-09022009.pdf
[2009/06/17 17:14:42 | 00,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/06/17 17:14:42 | 00,002,261 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2009/06/16 15:46:22 | 00,552,490 | ---- | C] () -- C:\Documents and Settings\Pradyunma\My Documents\Passport Form.pdf
[2009/06/15 23:47:31 | 02,112,472 | -H-- | C] () -- C:\Documents and Settings\Pradyunma\Local Settings\Application Data\IconCache.db
[2009/06/15 23:06:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/06/15 23:06:05 | 00,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/06/10 22:35:43 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/05/29 12:35:46 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2009/03/29 00:04:51 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2009/01/26 02:40:48 | 00,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/25 16:29:37 | 00,000,236 | ---- | C] () -- C:\WINDOWS\aps50.ini
[2009/01/10 14:43:50 | 00,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2009/01/09 04:31:22 | 00,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/19 00:38:51 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ccmove32.dll
[2008/12/19 00:38:44 | 00,051,712 | ---- | C] () -- C:\WINDOWS\System32\APS40CC.DLL
[2008/12/19 00:38:27 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\APS4032.DLL
[2008/11/14 23:18:06 | 00,000,138 | ---- | C] () -- C:\WINDOWS\IXFW_95.INI
[2008/11/14 23:17:43 | 00,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2008/10/14 18:40:01 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/10/12 16:58:46 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\vc6upd.dll
[2008/09/23 23:11:33 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/09/23 23:11:33 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/07/04 18:53:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/07/02 16:45:07 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/06/11 20:50:58 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/06/08 17:14:38 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/08 17:14:38 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/01 17:05:17 | 00,009,706 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/31 18:00:22 | 00,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2008/03/13 21:08:21 | 00,000,149 | ---- | C] () -- C:\WINDOWS\TCW.INI
[2008/03/09 13:19:20 | 00,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2008/03/07 22:29:17 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/07 12:20:57 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/03/07 12:20:56 | 00,308,224 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008/03/06 21:36:16 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2008/03/06 21:35:19 | 00,133,120 | ---- | C] () -- C:\WINDOWS\System32\GRP32.DLL
[2008/03/06 21:35:15 | 00,000,400 | ---- | C] () -- C:\WINDOWS\FCW40.INI
[2008/03/06 21:03:38 | 00,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/03/06 21:03:14 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/06 21:03:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\PFPICK.DLL
[2008/03/06 21:03:06 | 00,000,123 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/03/06 20:42:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/06 20:37:31 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/29 22:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/02/28 17:30:00 | 00,001,145 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 17:30:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/10 03:42:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/16 04:24:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/11/19 19:05:18 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/07/12 22:55:00 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1085B32D-4D3A-4232-B8E2-04A45059C28E}.job
[2009/07/12 22:29:00 | 00,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-725345543-1004UA.job
[2009/07/12 22:19:56 | 00,000,236 | ---- | M] () -- C:\WINDOWS\aps50.ini
[2009/07/12 22:16:23 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/12 22:16:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/12 22:15:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/11 23:29:00 | 00,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1220945662-725345543-1004Core.job
[2009/07/09 01:07:53 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/08 23:58:48 | 00,109,568 | ---- | M] () -- C:\Documents and Settings\Pradyunma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 22:37:11 | 00,009,706 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/07/08 12:10:07 | 00,000,281 | -HS- | M] () -- C:\boot.ini
[2009/07/07 18:41:14 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Pradyunma\My Documents\RSIT.exe
[2009/07/07 16:52:00 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/07/06 14:19:37 | 00,002,487 | ---- | M] () -- C:\Documents and Settings\Pradyunma\Desktop\CorelDRAW 11.lnk
[2009/07/06 13:18:43 | 00,000,235 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2009/07/04 23:17:09 | 00,000,075 | ---- | M] () -- C:\Documents and Settings\Pradyunma\Application Data\AVSDVDPlayer.m3u
[2009/06/29 23:30:32 | 00,000,127 | ---- | M] () -- C:\Documents and Settings\Pradyunma\My Documents\noauto.reg
[2009/06/29 14:11:47 | 00,003,431 | ---- | M] () -- C:\WINDOWS\panose.bin
[2009/06/28 15:00:10 | 01,147,763 | ---- | M] () -- C:\Documents and Settings\Pradyunma\Desktop\Right Now.mp3
[2009/06/27 23:06:17 | 00,481,352 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/27 23:06:17 | 00,409,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/27 23:06:17 | 00,064,518 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/27 17:52:03 | 02,112,472 | -H-- | M] () -- C:\Documents and Settings\Pradyunma\Local Settings\Application Data\IconCache.db
[2009/06/27 16:02:48 | 05,141,824 | ---- | M] () -- C:\Documents and Settings\Pradyunma\My Documents\TransportG_HB_UK.pdf
[2009/06/27 13:57:02 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/06/27 13:15:24 | 00,013,738 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/26 13:15:09 | 00,307,762 | ---- | M] () -- C:\WINDOWS\System32\AdobeFnt07.lst
[2009/06/24 12:33:14 | 00,000,739 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2009/06/24 12:09:44 | 00,002,316 | ---- | M] () -- C:\Documents and Settings\Pradyunma\Desktop\Google Chrome.lnk
[2009/06/22 22:52:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\PROTOCOL.INI
[2009/06/19 17:50:12 | 06,694,304 | ---- | M] (Space Sciences Laboratory, U.C. Be) -- C:\Documents and Settings\Pradyunma\My Documents\boinc_6.6.36_windows_intelx86.exe
[2009/06/18 11:45:37 | 00,869,627 | ---- | M] () -- C:\Documents and Settings\Pradyunma\My Documents\Engineering_CET _Brochure_2009_Final-09022009.pdf
[2009/06/17 17:14:42 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2009/06/17 17:14:42 | 00,002,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Home.lnk
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/16 15:46:22 | 00,552,490 | ---- | M] () -- C:\Documents and Settings\Pradyunma\My Documents\Passport Form.pdf
[2009/06/15 23:06:05 | 00,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/06/15 23:05:57 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/06/15 23:05:43 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/06/15 23:05:43 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/06/15 23:05:39 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009/06/15 23:05:39 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\AcSignIcon.dll:SummaryInformation

========== Files - Unicode (All) ==========
[2008/12/20 16:40:07 | 00,003,754 | ---- | C] ()(C:\Documents and Settings\Pradyunma\My Documents\??.mht) -- C:\Documents and Settings\Pradyunma\My Documents\򼯰.mht
[2008/12/20 16:40:07 | 00,003,754 | ---- | M] ()(C:\Documents and Settings\Pradyunma\My Documents\??.mht) -- C:\Documents and Settings\Pradyunma\My Documents\򼯰.mht
< End of report >

I'll POST THE GMER LOG FILE ASAP!!!!!!!

CHEERS!!!!!!!!!
RAVI

#11 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:03:43 PM

Posted 12 July 2009 - 01:19 PM

I installed GMER and followed all the instructions that u asked me to follow........i had turned Real Time Protection and everything as stated in ur previous Post but the Log File is EMPTY.........is it OK or should i download the file again and run the scan again?????????

CHEERS!!!!!!!!!!!!

RAVI

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:13 AM

Posted 12 July 2009 - 05:57 PM

ur guess was absolutely correct....i'd selected 90 days option.


It wasn't a guess :thumbup2:

File Age = 90 Days

  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all six boxes:
    Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

unite.jpg


#13 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:03:43 PM

Posted 13 July 2009 - 12:49 PM

Ohhhhh i fuhgot that these LOG FILES show d options selected.......will post the nxt LOG FILE ASAP.........BTW HAV U FOUND ANY INFECTION YET??????
I MEAN DOES ANY OF THE PREVIOUS LOG FILES POINT TOWARDS ANY KINDA INFECTION????

#14 krzy32

krzy32
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:INDIA
  • Local time:03:43 PM

Posted 13 July 2009 - 01:13 PM

Here's d LOG FILE..............

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/13 23:31
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9CC8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B17000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8846000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF73CF000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\sccfg.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\pradyunma\etilqs_jzfitonhrpwnotmrxaog
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\Documents and Settings\Pradyunma\Application Data\Mozilla\Firefox\Profiles\1v0j1czv.default\cookies.sqlite-journal
Status: Invisible to the Windows API!

Path: c:\documents and settings\pradyunma\local settings\application data\mozilla\firefox\profiles\1v0j1czv.default\cache\_cache_002_
Status: Size mismatch (API: 1570977, Raw: 1567121)

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x86466278

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x86b09748

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x868d7a58

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x86bfb4e8

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x86c0b130

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf793b36a

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xa9f97040

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x85535128

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x8608dbf8

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x860c2388

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x86c016b0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xa9f972c0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xa9f97820

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x868d7f38

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x868d78f8

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x868e9dc8

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x864b09b8

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x868fe130

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x869524d0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x868dae40

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf793bcd8

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x860334a0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x86c1fa70

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x86c0a970

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x860333d0

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x8648a3b0

#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf793b842

#: 154 Function Name: NtQueryInformationProcess
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf79381e0

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x86b024f8

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x86ace2a0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xf793c142

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8604f8f0

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x86bfb308

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xa9f97a70

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x868a4480

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x86ad2c28

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x86ae04b8

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x86ad5b58

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x86c18a70

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x868d79c8

Hidden Services
-------------------
Service Name: obvious.ini
Image PathSystem32\Drivers\OBVIOUS.SYS

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x86b1a770

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x86c44cf8

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x86b2d0e0

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x86c290c8

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x86937c50

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x8693f2d0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x869372f0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x8693a2e0

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x8695b4a8

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x86af5508

==EOF==


CHEERS!!!!!!!!!
RAVI

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:13 AM

Posted 14 July 2009 - 02:11 AM

Hi,

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\System32\drivers\PciBus.sys

Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Next

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found -- -- (Autodesk Licensing Service [Disabled | Stopped])
    O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O4 - HKLM..\Run: [boincmgr] File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [Yahoo Messenger] File not found
    O4 - HKU\.DEFAULT..\RunOnce: [] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [] File not found
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvid
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553518000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)ia.com/content/DriverDownlo.../sysreqlab2.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O33 - MountPoints2\{b043f937-06d3-11dd-8d7e-001d7d80b2ed}\Shell\AutoRun\command - "" = G:\qwultj1.bat -- File not found
    O33 - MountPoints2\{b043f937-06d3-11dd-8d7e-001d7d80b2ed}\Shell\explore\Command - "" = G:\qwultj1.bat -- File not found
    O33 - MountPoints2\{b043f937-06d3-11dd-8d7e-001d7d80b2ed}\Shell\open\Command - "" = G:\qwultj1.bat -- File not found
    O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.
Then please post back here with the following:
  • Jotti result
  • OTL results
  • New OTL log
Thanks

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users