Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help {ASaP}


  • This topic is locked This topic is locked
15 replies to this topic

#1 Malik.ghaddar

Malik.ghaddar

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 30 July 2009 - 09:15 AM

hi bro ...i download a real player prog which was including a crack file inside i press it after that nothing open n this what showing in dekstop..
http://i30.tinypic.com/2w5279f.jpg
here is hijack log plz help me this warning is still on dekstop n it must b damging pc ..task manger is also disabled..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:00 AM, on 7/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4183 bytes

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:26 PM

Posted 07 August 2009 - 07:07 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 Malik.ghaddar

Malik.ghaddar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 08 August 2009 - 06:00 PM

hi bro..here is malware byte log

MBAM log


Malwarebytes' Anti-Malware 1.40


Database version: 2581
Windows 5.1.2600 Service Pack 2

8/8/2009 3:48:54 PM
mbam-log-2009-08-08 (15-48-54).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 107219
Time elapsed: 19 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.







log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by Malik at 2009-08-08 15:56:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 842 MB (9%) free of 10 GB
Total RAM: 511 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:56 PM, on 8/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Malik\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Malik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3752 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-10 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-10 148888]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-04-19 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-08-08 15:56:51 ----D---- C:\rsit
2009-08-08 15:26:48 ----D---- C:\Documents and Settings\Malik\Application Data\Malwarebytes
2009-08-08 15:26:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-08 15:26:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-05 01:17:48 ----SHD---- C:\FOUND.010
2009-07-30 07:12:39 ----D---- C:\Program Files\Trend Micro
2009-07-27 15:22:27 ----D---- C:\YouTubeVideos
2009-07-27 15:17:16 ----D---- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-07-27 15:15:09 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-07-27 15:15:09 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-07-27 15:15:09 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-07-27 15:13:12 ----D---- C:\Program Files\AliveMedia
2009-07-27 11:55:10 ----SHD---- C:\FOUND.009
2009-07-27 07:04:00 ----SHD---- C:\FOUND.008
2009-07-26 05:32:28 ----D---- C:\Documents and Settings\Malik\Application Data\dvdcss
2009-07-26 00:47:02 ----SHD---- C:\FOUND.007
2009-07-25 12:03:16 ----D---- C:\Documents and Settings\Malik\Application Data\FastStone
2009-07-25 12:03:00 ----D---- C:\Program Files\FastStone Capture
2009-07-25 07:08:07 ----D---- C:\Program Files\Common Files\PCSuite
2009-07-25 07:08:06 ----D---- C:\Program Files\Common Files\Nokia
2009-07-25 01:22:05 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-25 01:19:08 ----SHD---- C:\FOUND.006
2009-07-24 15:52:34 ----D---- C:\WINDOWS\WBEM
2009-07-24 15:51:07 ----HD---- C:\WINDOWS\ie8
2009-07-24 15:51:07 ----D---- C:\WINDOWS\system32\en-US
2009-07-24 11:36:38 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-07-24 11:36:34 ----HD---- C:\WINDOWS\$NtUninstallWdf01007$
2009-07-24 11:35:45 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2009-07-24 11:34:06 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-07-24 11:34:06 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-07-24 11:32:55 ----D---- C:\Program Files\MSXML 6.0
2009-07-24 11:21:49 ----HD---- C:\WINDOWS\$NtUninstallWdf01005$
2009-07-24 11:14:17 ----D---- C:\Program Files\PC Connectivity Solution
2009-07-23 03:01:34 ----SHD---- C:\FOUND.005
2009-07-22 07:10:54 ----SHD---- C:\FOUND.004
2009-07-18 11:40:28 ----SHD---- C:\FOUND.003
2009-07-17 14:57:51 ----D---- C:\Documents and Settings\Malik\Application Data\DMCache
2009-07-16 02:35:10 ----D---- C:\Documents and Settings\Malik\Application Data\Samsung
2009-07-16 02:33:14 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-07-16 02:30:25 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-07-16 02:30:07 ----D---- C:\Program Files\Samsung
2009-07-16 02:28:29 ----D---- C:\Program Files\Common Files\Adobe
2009-07-15 01:18:02 ----SHD---- C:\FOUND.002
2009-07-14 12:28:02 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-14 12:27:58 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-14 12:27:52 ----HD---- C:\WINDOWS\$NtUninstallWudf01005$
2009-07-14 12:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2009-07-14 12:26:15 ----D---- C:\Documents and Settings\Malik\Application Data\Nokia
2009-07-14 12:25:16 ----D---- C:\Program Files\DIFX
2009-07-14 12:25:09 ----D---- C:\Documents and Settings\Malik\Application Data\PC Suite
2009-07-14 12:24:48 ----D---- C:\WINDOWS\system32\DRVSTORE
2009-07-14 12:24:36 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-07-14 12:24:34 ----D---- C:\Program Files\Nokia
2009-07-14 12:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-07-13 11:42:36 ----SHD---- C:\FOUND.001
2009-07-12 12:39:01 ----D---- C:\Program Files\Common Files\DivX Shared
2009-07-12 12:39:00 ----D---- C:\Program Files\DivX
2009-07-12 10:13:02 ----SHD---- C:\FOUND.000
2009-07-11 14:52:40 ----A---- C:\Documents and Settings\Malik\Application Data\AtomicAlarmClock.ini
2009-07-10 15:20:41 ----D---- C:\WINDOWS\Sun
2009-07-10 15:20:03 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-10 15:20:03 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-10 15:20:03 ----A---- C:\WINDOWS\system32\java.exe
2009-07-10 15:20:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-10 15:19:46 ----D---- C:\Program Files\Java
2009-07-10 13:11:30 ----D---- C:\Documents and Settings\Malik\Application Data\vlc
2009-07-10 13:10:12 ----D---- C:\Program Files\VideoLAN
2009-07-10 13:09:56 ----D---- C:\Documents and Settings\Malik\Application Data\WinRAR
2009-07-10 12:23:00 ----D---- C:\Documents and Settings\Malik\Application Data\Sun
2009-07-10 12:21:40 ----A---- C:\WINDOWS\iun6002.exe
2009-07-10 12:21:25 ----D---- C:\Program Files\Replay Converter
2009-07-10 12:21:20 ----HD---- C:\WINDOWS\$NtUninstallwmp11$
2009-07-10 12:20:12 ----D---- C:\Program Files\WinRar
2009-07-10 12:18:14 ----D---- C:\Program Files\Common Files\xing shared
2009-07-10 12:08:52 ----D---- C:\Documents and Settings\Malik\Application Data\Macromedia
2009-07-10 12:08:35 ----D---- C:\Documents and Settings\Malik\Application Data\Adobe
2009-07-10 12:08:01 ----D---- C:\Documents and Settings\Malik\Application Data\Yahoo!
2009-07-10 12:02:18 ----D---- C:\Program Files\Kaspersky Lab
2009-07-10 12:02:18 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-07-10 12:01:02 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-07-10 12:01:01 ----D---- C:\Program Files\Yahoo!
2009-07-10 12:00:35 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-07-10 12:00:30 ----A---- C:\Documents and Settings\Malik\Application Data\kis8.0.0.506en.exe
2009-07-10 11:59:44 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-10 11:59:43 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-07-10 11:57:49 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-07-10 11:57:47 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-10 11:57:47 ----D---- C:\Program Files\CyberLink
2009-07-10 11:57:33 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-10 11:57:15 ----SHD---- C:\Recycled
2009-07-10 11:52:45 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-07-10 11:52:45 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-07-10 11:52:44 ----D---- C:\Program Files\Common Files\Real
2009-07-10 11:51:59 ----D---- C:\Program Files\Real
2009-07-10 11:51:14 ----D---- C:\Documents and Settings\Malik\Application Data\Mozilla
2009-07-10 11:51:12 ----D---- C:\Documents and Settings\Malik\Application Data\Real
2009-07-10 11:51:05 ----D---- C:\Program Files\Mozilla Firefox
2009-07-10 11:45:15 ----D---- C:\Documents and Settings\Malik\Application Data\Identities
2009-07-10 11:45:14 ----HD---- C:\Program Files\Uninstall Information
2009-07-10 11:45:09 ----SD---- C:\Documents and Settings\Malik\Application Data\Microsoft
2009-07-10 11:45:09 ----ASH---- C:\Documents and Settings\Malik\Application Data\desktop.ini
2009-07-10 11:44:09 ----SHD---- C:\System Volume Information
2009-07-10 11:44:09 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-10 11:44:08 ----SD---- C:\WINDOWS\system32\Microsoft
2009-07-10 11:44:08 ----D---- C:\WINDOWS\Prefetch
2009-07-10 11:44:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-10 11:37:16 ----D---- C:\WINDOWS\system32\xircom
2009-07-10 11:37:16 ----D---- C:\Program Files\xerox
2009-07-10 11:37:16 ----D---- C:\Program Files\microsoft frontpage
2009-07-10 11:36:56 ----A---- C:\WINDOWS\control.ini
2009-07-10 11:36:56 ----A---- C:\AUTOEXEC.BAT
2009-07-10 11:36:39 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-10 11:36:36 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-07-10 11:35:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-10 11:35:40 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-10 11:35:40 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-10 11:35:33 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-10 11:35:29 ----HD---- C:\Program Files\WindowsUpdate
2009-07-10 11:35:11 ----D---- C:\WINDOWS\system32\DirectX
2009-07-10 11:34:55 ----A---- C:\WINDOWS\system32\atrace.dll
2009-07-10 11:34:53 ----A---- C:\WINDOWS\system32\desktop.ini
2009-07-10 11:34:53 ----A---- C:\WINDOWS\desktop.ini
2009-07-10 11:34:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-07-10 11:34:45 ----D---- C:\Program Files\Common Files\Services
2009-07-10 11:34:45 ----A---- C:\WINDOWS\system32\acctres.dll
2009-07-10 11:34:42 ----SD---- C:\WINDOWS\Tasks
2009-07-10 11:34:42 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-07-10 11:34:41 ----D---- C:\Program Files\Common Files\MSSoap
2009-07-10 11:34:37 ----D---- C:\WINDOWS\srchasst
2009-07-10 11:34:36 ----D---- C:\WINDOWS\system32\Macromed
2009-07-10 11:34:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-07-10 11:34:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-07-10 11:34:34 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-07-10 11:34:34 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-07-10 11:34:33 ----A---- C:\WINDOWS\system32\wups.dll
2009-07-10 11:34:33 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-07-10 11:34:33 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-07-10 11:34:33 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-07-10 11:34:33 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-07-10 11:34:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-07-10 11:34:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-07-10 11:34:33 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-07-10 11:34:33 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-07-10 11:34:29 ----D---- C:\Program Files\Movie Maker
2009-07-10 11:34:26 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-07-10 11:34:26 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-07-10 11:34:26 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-07-10 11:34:26 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-07-10 11:34:23 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-07-10 11:34:23 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-07-10 11:34:22 ----D---- C:\WINDOWS\system32\Restore
2009-07-10 11:34:22 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-07-10 11:34:22 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-07-10 11:34:22 ----A---- C:\WINDOWS\system32\srclient.dll
2009-07-10 11:34:22 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-07-10 11:34:22 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-07-10 11:34:22 ----A---- C:\WINDOWS\system32\ils.dll
2009-07-10 11:34:21 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-07-10 11:34:21 ----A---- C:\WINDOWS\system32\msconf.dll
2009-07-10 11:34:21 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-07-10 11:34:19 ----D---- C:\Program Files\NetMeeting
2009-07-10 11:34:19 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-10 11:34:19 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-10 11:34:18 ----A---- C:\WINDOWS\system32\inetres.dll
2009-07-10 11:34:17 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-10 11:34:16 ----D---- C:\Program Files\Outlook Express
2009-07-10 11:34:16 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-07-10 11:34:16 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-07-10 11:34:16 ----A---- C:\WINDOWS\system32\mstask.dll
2009-07-10 11:34:15 ----A---- C:\WINDOWS\system32\isign32.dll
2009-07-10 11:34:15 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-07-10 11:34:15 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-07-10 11:34:15 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-07-10 11:34:09 ----D---- C:\Program Files\Common Files\System
2009-07-10 11:34:08 ----D---- C:\Program Files\Internet Explorer
2009-07-10 11:33:26 ----D---- C:\Program Files\ComPlus Applications
2009-07-10 11:33:24 ----A---- C:\WINDOWS\vbaddin.ini
2009-07-10 11:33:24 ----A---- C:\WINDOWS\vb.ini
2009-07-10 11:33:20 ----D---- C:\WINDOWS\Registration
2009-07-10 11:33:13 ----D---- C:\Program Files\Windows Media Player
2009-07-10 11:33:13 ----D---- C:\Program Files\Online Services
2009-07-10 11:33:07 ----D---- C:\Program Files\Messenger
2009-07-10 11:33:04 ----D---- C:\Program Files\MSN Gaming Zone
2009-07-10 11:33:04 ----A---- C:\WINDOWS\system32\write.exe
2009-07-10 11:32:56 ----A---- C:\WINDOWS\system32\winchat.exe
2009-07-10 11:32:56 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-07-10 11:32:56 ----A---- C:\WINDOWS\system32\hticons.dll
2009-07-10 11:32:56 ----A---- C:\WINDOWS\system32\avwav.dll
2009-07-10 11:32:56 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-07-10 11:32:56 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-07-10 11:32:50 ----A---- C:\WINDOWS\system32\getuname.dll
2009-07-10 11:32:50 ----A---- C:\WINDOWS\system32\charmap.exe
2009-07-10 11:32:50 ----A---- C:\WINDOWS\system32\calc.exe
2009-07-10 11:32:49 ----A---- C:\WINDOWS\system32\winmine.exe
2009-07-10 11:32:49 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-07-10 11:32:49 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-07-10 11:32:49 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-07-10 11:32:49 ----A---- C:\WINDOWS\system32\tskill.exe
2009-07-10 11:32:49 ----A---- C:\WINDOWS\system32\sol.exe
2009-07-10 11:32:49 ----A---- C:\WINDOWS\system32\reset.exe
2009-07-10 11:32:49 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-07-10 11:32:49 ----A---- C:\WINDOWS\system32\freecell.exe
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\tscon.exe
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\shadow.exe
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\regini.exe
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\msg.exe
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\logoff.exe
2009-07-10 11:32:48 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-07-10 11:32:47 ----A---- C:\WINDOWS\system32\stclient.dll
2009-07-10 11:32:47 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-07-10 11:32:47 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-07-10 11:32:47 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-07-10 11:32:47 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-07-10 11:32:47 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-07-10 11:32:47 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-07-10 11:32:46 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-07-10 11:32:42 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-07-10 11:32:33 ----D---- C:\Program Files\MSN
2009-07-10 11:32:33 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-07-10 11:32:32 ----D---- C:\Program Files\Windows NT
2009-07-10 11:32:32 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-07-10 11:32:32 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-07-10 11:32:32 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-07-10 11:32:32 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-07-10 11:32:32 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-07-10 11:32:31 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-07-10 11:32:31 ----A---- C:\WINDOWS\system32\spider.exe
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-07-10 11:32:30 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-07-10 11:32:29 ----D---- C:\WINDOWS\system32\MsDtc
2009-07-10 11:32:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-07-10 11:32:29 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-07-10 11:32:29 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-07-10 11:32:29 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-07-10 11:32:29 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-07-10 11:32:29 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-07-10 11:32:29 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-07-10 11:32:28 ----D---- C:\WINDOWS\system32\Com
2009-07-10 11:32:28 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-07-10 11:32:28 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-07-10 11:32:28 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-07-10 11:32:28 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-07-10 11:32:27 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-07-10 11:32:27 ----A---- C:\WINDOWS\system32\colbact.dll
2009-07-10 11:32:27 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-07-10 11:32:27 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-07-10 11:32:27 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-07-10 11:32:27 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-07-10 11:32:26 ----A---- C:\WINDOWS\system32\comuid.dll
2009-07-10 11:32:26 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-07-10 11:32:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-07-10 11:32:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-07-10 11:32:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-07-10 11:32:19 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-07-10 11:30:36 ----A---- C:\WINDOWS\system32\h323log.txt
2009-07-10 11:26:52 ----A---- C:\WINDOWS\system32\a3dapi.dll
2009-07-10 11:26:52 ----A---- C:\WINDOWS\system32\a3d.dll
2009-07-10 11:26:14 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2009-07-10 11:26:09 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-07-10 11:26:03 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-07-10 11:26:03 ----A---- C:\WINDOWS\system32\HSFCISP2.dll
2009-07-10 11:25:44 ----A---- C:\WINDOWS\system32\usbui.dll
2009-07-10 11:24:39 ----A---- C:\WINDOWS\imsins.BAK
2009-07-10 11:24:37 ----SHD---- C:\WINDOWS\Installer
2009-07-10 11:24:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-10 11:24:36 ----D---- C:\Program Files\Common Files\ODBC
2009-07-10 11:24:36 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-10 11:24:32 ----RD---- C:\Program Files
2009-07-10 11:24:32 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-07-10 11:24:32 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-10 11:24:32 ----D---- C:\Program Files\Common Files
2009-07-10 11:24:28 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-07-10 11:24:28 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-07-10 11:24:28 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-07-10 11:24:27 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-07-10 11:24:27 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-07-10 11:24:26 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-07-10 11:24:26 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-07-10 11:24:26 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-07-10 11:24:26 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-07-10 11:24:26 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-07-10 11:24:26 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-07-10 11:24:26 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-07-10 11:24:26 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-07-10 11:24:26 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-07-10 11:24:26 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-07-10 11:24:25 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-07-10 11:24:25 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-07-10 11:24:25 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-07-10 11:24:25 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-07-10 11:24:25 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-07-10 11:24:25 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-07-10 11:24:25 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-07-10 11:24:23 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-07-10 11:24:23 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-07-10 11:24:23 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-07-10 11:24:23 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-07-10 11:24:23 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-07-10 11:24:21 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-07-10 11:24:20 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-07-10 11:24:18 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-10 11:24:18 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-10 11:24:18 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-07-10 11:24:18 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-07-10 11:24:18 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-07-10 11:24:17 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-07-10 11:24:17 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-07-10 11:24:16 ----A---- C:\WINDOWS\system32\batt.dll
2009-07-10 11:24:16 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-07-10 11:24:15 ----A---- C:\WINDOWS\system32\storprop.dll
2009-07-10 11:24:09 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-07-10 11:24:05 ----RA---- C:\WINDOWS\SET8.tmp
2009-07-10 11:24:02 ----RA---- C:\WINDOWS\SET4.tmp
2009-07-10 11:24:01 ----RA---- C:\WINDOWS\SET3.tmp
2009-07-10 11:23:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-10 11:23:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-10 11:23:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-10 11:23:34 ----A---- C:\WINDOWS\setuplog.txt
2009-07-10 11:23:31 ----D---- C:\Documents and Settings
2009-07-10 11:22:35 ----SH---- C:\boot.ini
2009-07-10 11:18:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-10 11:18:17 ----RSD---- C:\WINDOWS\Fonts
2009-07-10 11:18:17 ----RD---- C:\WINDOWS\Web
2009-07-10 11:18:17 ----HD---- C:\WINDOWS\inf
2009-07-10 11:18:17 ----D---- C:\WINDOWS\WinSxS
2009-07-10 11:18:17 ----D---- C:\WINDOWS\twain_32
2009-07-10 11:18:17 ----D---- C:\WINDOWS\Temp
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\wins
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\wbem
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\usmt
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\spool
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\ShellExt
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\Setup
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\ras
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\oobe
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\npp
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\mui
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\IME
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\icsxml
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\ias
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\export
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\drivers
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\dhcp
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\config
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\3com_dmi
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\3076
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\2052
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\1054
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\1042
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\1041
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\1037
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\1033
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\1031
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\1028
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32\1025
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system32
2009-07-10 11:18:17 ----D---- C:\WINDOWS\system
2009-07-10 11:18:17 ----D---- C:\WINDOWS\security
2009-07-10 11:18:17 ----D---- C:\WINDOWS\Resources
2009-07-10 11:18:17 ----D---- C:\WINDOWS\repair
2009-07-10 11:18:17 ----D---- C:\WINDOWS\Provisioning
2009-07-10 11:18:17 ----D---- C:\WINDOWS\PeerNet
2009-07-10 11:18:17 ----D---- C:\WINDOWS\pchealth
2009-07-10 11:18:17 ----D---- C:\WINDOWS\mui
2009-07-10 11:18:17 ----D---- C:\WINDOWS\msapps
2009-07-10 11:18:17 ----D---- C:\WINDOWS\msagent
2009-07-10 11:18:17 ----D---- C:\WINDOWS\Media
2009-07-10 11:18:17 ----D---- C:\WINDOWS\java
2009-07-10 11:18:17 ----D---- C:\WINDOWS\ime
2009-07-10 11:18:17 ----D---- C:\WINDOWS\Help
2009-07-10 11:18:17 ----D---- C:\WINDOWS\ehome
2009-07-10 11:18:17 ----D---- C:\WINDOWS\Driver Cache
2009-07-10 11:18:17 ----D---- C:\WINDOWS\Debug
2009-07-10 11:18:17 ----D---- C:\WINDOWS\Cursors
2009-07-10 11:18:17 ----D---- C:\WINDOWS\Connection Wizard
2009-07-10 11:18:17 ----D---- C:\WINDOWS\Config
2009-07-10 11:18:17 ----D---- C:\WINDOWS\AppPatch
2009-07-10 11:18:17 ----D---- C:\WINDOWS\addins
2009-07-10 11:18:17 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-07-10 11:36:58 ----A---- C:\WINDOWS\win.ini
2009-07-10 11:24:32 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-28 36096]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-10 226832]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\admjoy.sys [2004-08-03 10880]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2001-11-01 243964]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-28 60800]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 327040]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-28 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2006-03-28 63744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-28 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-28 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-28 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-28 17024]
R3 wdm_au8820;Aureal Vortex 8820 Audio Driver (WDM); C:\WINDOWS\system32\drivers\adm8820.sys [2001-08-17 553984]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-10 152984]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-28 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-29 572928]
S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-04-19 823808]

-----------------EOF-----------------















info.txt




info.txt logfile of random's system information tool 1.06 2009-08-08 15:56:59

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Alive YouTube Video Converter (version 1.6.2.2)-->"C:\Program Files\AliveMedia\YouTube Video Converter\unins000.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FastStone Capture 5.8-->C:\Program Files\FastStone Capture\uninst.exe
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0622-->"C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_EA.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
PC Connectivity Solution-->MsiExec.exe /I{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Replay Converter 2.20-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\irunin.ini"
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 1.0.0-git-20080927-0008-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRar\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: Kaspersky Internet Security (disabled)
FW: Kaspersky Internet Security (disabled)

======System event log======

Computer Name: MALIK-1C942A96F
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 40
Source Name: W32Time
Time Written: 20090710120320.000000-420
Event Type: error
User:

Computer Name: MALIK-1C942A96F
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Record Number: 37
Source Name: W32Time
Time Written: 20090710120240.000000-420
Event Type: error
User:

Computer Name: MALIK-1C942A96F
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 36
Source Name: W32Time
Time Written: 20090710120240.000000-420
Event Type: error
User:

Computer Name: MALIK-1C942A96F
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 31
Source Name: W32Time
Time Written: 20090710114734.000000-420
Event Type: error
User:

Computer Name: MALIK-1C942A96F
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 30
Source Name: W32Time
Time Written: 20090710114734.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Edited by syler, 09 August 2009 - 11:27 AM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:26 PM

Posted 09 August 2009 - 11:30 AM

Hi,

I dont see anything to worry about in your logs, can you tell me what problems you are having?

IMPORTANT NOTE:

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Next

Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator
  • Alow it to run when you get a Security Warning
  • A black Command Windows will open saying: "Please Wait..."
  • It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
  • Please post the contents of that log in your next reply

Edited by syler, 09 August 2009 - 11:31 AM.

unite.jpg


#5 Malik.ghaddar

Malik.ghaddar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 09 August 2009 - 02:46 PM

Bro i download a realplayer from a warez site after installing when i try 2 open its crack after clicking crack button my bakground changed automaticily and start showing this pic and it also disable my task manager

Pic = http://i30.tinypic.com/2w5279f.jpg

so i thought im infected i post log here... and other thing after runing "malware bytes" task manager is working now i can open it.....

here is log rooter.txt


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 2 Stepping 7, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5.1 (en-US)
.
A:\ [Removable]
C:\ [Fixed-FAT32] .. ( Total:9 Go - Free:0 Go )
D:\ [Fixed-FAT32] .. ( Total:9 Go - Free:1 Go )
E:\ [Fixed-FAT32] .. ( Total:9 Go - Free:0 Go )
F:\ [Fixed-FAT32] .. ( Total:9 Go - Free:1 Go )
G:\ [CD_Rom]
.
Scan : 12:38.43
Path : C:\Documents and Settings\Malik\Desktop\Rooter.exe
User : Malik ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (784)
______ \??\C:\WINDOWS\system32\csrss.exe (872)
______ \??\C:\WINDOWS\system32\winlogon.exe (896)
______ C:\WINDOWS\system32\services.exe (940)
______ C:\WINDOWS\system32\lsass.exe (952)
______ C:\WINDOWS\system32\svchost.exe (1104)
______ C:\WINDOWS\system32\svchost.exe (1168)
______ C:\WINDOWS\System32\svchost.exe (1264)
______ C:\WINDOWS\system32\svchost.exe (1308)
______ C:\WINDOWS\system32\svchost.exe (1548)
______ C:\WINDOWS\Explorer.EXE (1656)
______ C:\WINDOWS\system32\spoolsv.exe (1812)
Locked AVP.EXE (2020)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2028)
______ C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (2036)
______ C:\WINDOWS\system32\ctfmon.exe (128)
Locked AVP.EXE (468)
______ C:\Program Files\Java\jre6\bin\jqs.exe (504)
______ C:\WINDOWS\system32\svchost.exe (692)
______ C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (1672)
______ C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (708)
______ C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (2316)
______ C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (2628)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3440)
______ C:\Documents and Settings\Malik\Desktop\Rooter.exe (2084)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:10001908224)
\Device\Harddisk0\Partition0 (Start_Offset:10001940480 | Length:30014046720)
\Device\Harddisk0\Partition2 (Start_Offset:10001972736 | Length:10001908224)
\Device\Harddisk0\Partition0 (Start_Offset:20003880960 | Length:10001940480)
\Device\Harddisk0\Partition3 (Start_Offset:20003913216 | Length:10001908224)
\Device\Harddisk0\Partition0 (Start_Offset:30005821440 | Length:10010165760)
\Device\Harddisk0\Partition4 (Start_Offset:30005853696 | Length:10010133504)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 12:38.46
.
C:\Rooter$\Rooter_1.txt - (09/08/2009 | 12:38.46)

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:26 PM

Posted 09 August 2009 - 07:53 PM

Ok, I don't see any thing in your logs, can you tell me if you are currently having any problems?

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 15.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u15-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please run a BitDefender Online Scan

Note: Only works with internet explorer
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop as results.txt and post it in your next reply.
Then please post back with the Bitdefender report and a new Rsit log.

Thanks

unite.jpg


#7 Malik.ghaddar

Malik.ghaddar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 10 August 2009 - 03:20 PM

Bro i m done with jave but having prob with bitdefender when i press start scan a update page pop up but im not able 2 update it as here u can c in pic below
http://i26.tinypic.com/wjayjt.jpg

and after pressing yes this error u can c below in pic

http://i25.tinypic.com/xb0g45.jpg

....what 2 do now

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:26 PM

Posted 10 August 2009 - 06:33 PM

We can try another scanner then.

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Then post back with the report and a new Rsit log.

unite.jpg


#9 Malik.ghaddar

Malik.ghaddar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 12 August 2009 - 08:02 AM

bro 1 thing i should tell before we proceed... when i start scan with this eset ist time . it was scanning E drive ( all others were done) suddenly by my mistake pc got restarted ...and till then i rember it was showing 6 or 7 infected files were found on C drive and 1 in E drive...so i run this online scan again and then this time no infected files detect. i think all were delted alredy when ist time it detect during scan..so showing nothing infected files found

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:26 PM

Posted 12 August 2009 - 11:28 AM

Post a new Rsit log and let me no if you are having any problems?

unite.jpg


#11 Malik.ghaddar

Malik.ghaddar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 12 August 2009 - 03:13 PM

its not giving info.txt just showing log.txt i down prog many times n try but same before it was giving both log n info.txt now just log.txt ...dont know y ...anyways heres log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Malik at 2009-08-12 13:08:27
Microsoft Windows XP Professional Service Pack 2
System drive C: has 825 MB (9%) free of 10 GB
Total RAM: 511 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:28 PM, on 8/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Malik\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Malik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4415 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-10 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-04-19 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-08-12 12:39:46 ----SHD---- C:\FOUND.012
2009-08-12 01:01:39 ----D---- C:\Program Files\ESET
2009-08-10 02:38:50 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-10 02:31:28 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-10 02:31:28 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-10 02:31:28 ----A---- C:\WINDOWS\system32\java.exe
2009-08-10 02:31:11 ----D---- C:\Program Files\Java
2009-08-09 12:38:46 ----D---- C:\Rooter$
2009-08-09 02:29:28 ----SHD---- C:\FOUND.011
2009-08-08 15:56:51 ----D---- C:\rsit
2009-08-08 15:26:48 ----D---- C:\Documents and Settings\Malik\Application Data\Malwarebytes
2009-08-08 15:26:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-08 15:26:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-05 01:17:48 ----SHD---- C:\FOUND.010
2009-07-30 07:12:39 ----D---- C:\Program Files\Trend Micro
2009-07-27 15:22:27 ----D---- C:\YouTubeVideos
2009-07-27 15:17:16 ----D---- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-07-27 15:15:09 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-07-27 15:15:09 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-07-27 15:15:09 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-07-27 15:13:12 ----D---- C:\Program Files\AliveMedia
2009-07-27 11:55:10 ----SHD---- C:\FOUND.009
2009-07-27 07:04:00 ----SHD---- C:\FOUND.008
2009-07-26 05:32:28 ----D---- C:\Documents and Settings\Malik\Application Data\dvdcss
2009-07-26 00:47:02 ----SHD---- C:\FOUND.007
2009-07-25 12:03:16 ----D---- C:\Documents and Settings\Malik\Application Data\FastStone
2009-07-25 12:03:00 ----D---- C:\Program Files\FastStone Capture
2009-07-25 07:08:07 ----D---- C:\Program Files\Common Files\PCSuite
2009-07-25 07:08:06 ----D---- C:\Program Files\Common Files\Nokia
2009-07-25 01:22:05 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-25 01:19:08 ----SHD---- C:\FOUND.006
2009-07-24 15:52:34 ----D---- C:\WINDOWS\WBEM
2009-07-24 15:51:07 ----HD---- C:\WINDOWS\ie8
2009-07-24 15:51:07 ----D---- C:\WINDOWS\system32\en-US
2009-07-24 11:36:38 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-07-24 11:36:34 ----HD---- C:\WINDOWS\$NtUninstallWdf01007$
2009-07-24 11:35:45 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2009-07-24 11:34:06 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-07-24 11:34:06 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-07-24 11:32:55 ----D---- C:\Program Files\MSXML 6.0
2009-07-24 11:21:49 ----HD---- C:\WINDOWS\$NtUninstallWdf01005$
2009-07-24 11:14:17 ----D---- C:\Program Files\PC Connectivity Solution
2009-07-23 03:01:34 ----SHD---- C:\FOUND.005
2009-07-22 07:10:54 ----SHD---- C:\FOUND.004
2009-07-18 11:40:28 ----SHD---- C:\FOUND.003
2009-07-17 14:57:51 ----D---- C:\Documents and Settings\Malik\Application Data\DMCache
2009-07-16 02:35:10 ----D---- C:\Documents and Settings\Malik\Application Data\Samsung
2009-07-16 02:33:14 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-07-16 02:30:25 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-07-16 02:30:07 ----D---- C:\Program Files\Samsung
2009-07-16 02:28:29 ----D---- C:\Program Files\Common Files\Adobe
2009-07-15 01:18:02 ----SHD---- C:\FOUND.002
2009-07-14 12:28:02 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-14 12:27:58 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-14 12:27:52 ----HD---- C:\WINDOWS\$NtUninstallWudf01005$
2009-07-14 12:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2009-07-14 12:26:15 ----D---- C:\Documents and Settings\Malik\Application Data\Nokia
2009-07-14 12:25:16 ----D---- C:\Program Files\DIFX
2009-07-14 12:25:09 ----D---- C:\Documents and Settings\Malik\Application Data\PC Suite
2009-07-14 12:24:48 ----D---- C:\WINDOWS\system32\DRVSTORE
2009-07-14 12:24:36 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-07-14 12:24:34 ----D---- C:\Program Files\Nokia
2009-07-14 12:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-07-13 11:42:36 ----SHD---- C:\FOUND.001

======List of files/folders modified in the last 1 months======

2009-08-12 13:04:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-10 02:31:18 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-24 11:36:46 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-28 36096]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-10 226832]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\admjoy.sys [2004-08-03 10880]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2001-11-01 243964]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-28 60800]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 327040]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-28 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2006-03-28 63744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-28 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-28 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-28 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-28 17024]
R3 wdm_au8820;Aureal Vortex 8820 Audio Driver (WDM); C:\WINDOWS\system32\drivers\adm8820.sys [2001-08-17 553984]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-10 153376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-28 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-29 572928]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-04-19 823808]

-----------------EOF-----------------

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:26 PM

Posted 13 August 2009 - 08:48 AM

let me no if you are having any problems?


Please answer this.

You don't have the latest service pack for windows, The service packs patch security vulnerabilities found in windows. You should
keep these upto date to keep you protected against malware, that can take advantage of these security vulnerabilities to attack
your system.The latest service pack is SP3, Click on Start >> All programs >> Windows update then select Express
and allow it to install all updates including SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.

Then post back with a new Rsit log.txt, it only produces info.txt the first time it runs, I do not need it.

unite.jpg


#13 Malik.ghaddar

Malik.ghaddar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 13 August 2009 - 04:18 PM

well 4 me its running fine no prob...Done with all u said but y in this log its still showing sp2 ..bte heres new log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Malik at 2009-08-13 14:17:04
Microsoft Windows XP Professional Service Pack 2
System drive C: has 662 MB (7%) free of 10 GB
Total RAM: 511 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:08 PM, on 8/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Malik\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Malik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1250193041000
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4654 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-10 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-04-19 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-08-13 14:09:56 ----D---- C:\WINDOWS\system32\PreInstall
2009-08-13 14:09:53 ----HD---- C:\WINDOWS\$NtUninstallKB898461$
2009-08-13 14:09:53 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-13 14:08:56 ----HD---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-08-13 13:47:27 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-13 13:47:27 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-13 13:47:26 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-08-13 13:47:26 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-13 13:47:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-12 12:39:46 ----SHD---- C:\FOUND.012
2009-08-12 01:01:39 ----D---- C:\Program Files\ESET
2009-08-10 02:38:50 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-10 02:31:28 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-10 02:31:28 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-10 02:31:28 ----A---- C:\WINDOWS\system32\java.exe
2009-08-10 02:31:11 ----D---- C:\Program Files\Java
2009-08-09 12:38:46 ----D---- C:\Rooter$
2009-08-09 02:29:28 ----SHD---- C:\FOUND.011
2009-08-08 15:56:51 ----D---- C:\rsit
2009-08-08 15:26:48 ----D---- C:\Documents and Settings\Malik\Application Data\Malwarebytes
2009-08-08 15:26:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-08 15:26:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-05 01:17:48 ----SHD---- C:\FOUND.010
2009-07-30 07:12:39 ----D---- C:\Program Files\Trend Micro
2009-07-27 15:22:27 ----D---- C:\YouTubeVideos
2009-07-27 15:17:16 ----D---- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-07-27 15:15:09 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-07-27 15:15:09 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-07-27 15:15:09 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-07-27 15:13:12 ----D---- C:\Program Files\AliveMedia
2009-07-27 11:55:10 ----SHD---- C:\FOUND.009
2009-07-27 07:04:00 ----SHD---- C:\FOUND.008
2009-07-26 05:32:28 ----D---- C:\Documents and Settings\Malik\Application Data\dvdcss
2009-07-26 00:47:02 ----SHD---- C:\FOUND.007
2009-07-25 12:03:16 ----D---- C:\Documents and Settings\Malik\Application Data\FastStone
2009-07-25 12:03:00 ----D---- C:\Program Files\FastStone Capture
2009-07-25 07:08:07 ----D---- C:\Program Files\Common Files\PCSuite
2009-07-25 07:08:06 ----D---- C:\Program Files\Common Files\Nokia
2009-07-25 01:22:05 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-25 01:19:08 ----SHD---- C:\FOUND.006
2009-07-24 15:52:34 ----D---- C:\WINDOWS\WBEM
2009-07-24 15:51:07 ----HD---- C:\WINDOWS\ie8
2009-07-24 15:51:07 ----D---- C:\WINDOWS\system32\en-US
2009-07-24 11:36:38 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-07-24 11:36:34 ----HD---- C:\WINDOWS\$NtUninstallWdf01007$
2009-07-24 11:35:45 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2009-07-24 11:34:06 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-07-24 11:34:06 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-07-24 11:32:55 ----D---- C:\Program Files\MSXML 6.0
2009-07-24 11:21:49 ----HD---- C:\WINDOWS\$NtUninstallWdf01005$
2009-07-24 11:14:17 ----D---- C:\Program Files\PC Connectivity Solution
2009-07-23 03:01:34 ----SHD---- C:\FOUND.005
2009-07-22 07:10:54 ----SHD---- C:\FOUND.004
2009-07-18 11:40:28 ----SHD---- C:\FOUND.003
2009-07-17 14:57:51 ----D---- C:\Documents and Settings\Malik\Application Data\DMCache
2009-07-16 02:35:10 ----D---- C:\Documents and Settings\Malik\Application Data\Samsung
2009-07-16 02:33:14 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-07-16 02:30:25 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-07-16 02:30:07 ----D---- C:\Program Files\Samsung
2009-07-16 02:28:29 ----D---- C:\Program Files\Common Files\Adobe
2009-07-15 01:18:02 ----SHD---- C:\FOUND.002
2009-07-14 12:28:02 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-14 12:27:58 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-14 12:27:52 ----HD---- C:\WINDOWS\$NtUninstallWudf01005$
2009-07-14 12:26:27 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2009-07-14 12:26:15 ----D---- C:\Documents and Settings\Malik\Application Data\Nokia
2009-07-14 12:25:16 ----D---- C:\Program Files\DIFX
2009-07-14 12:25:09 ----D---- C:\Documents and Settings\Malik\Application Data\PC Suite
2009-07-14 12:24:48 ----D---- C:\WINDOWS\system32\DRVSTORE
2009-07-14 12:24:36 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-07-14 12:24:34 ----D---- C:\Program Files\Nokia
2009-07-14 12:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Installations

======List of files/folders modified in the last 1 months======

2009-08-13 14:10:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-13 14:09:18 ----A---- C:\WINDOWS\imsins.BAK
2009-08-10 02:31:18 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-28 36096]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-10 226832]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 admjoy;Aureal Game Port Enumerator; C:\WINDOWS\system32\DRIVERS\admjoy.sys [2004-08-03 10880]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2001-11-01 243964]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-28 60800]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 327040]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-03-28 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2006-03-28 63744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-28 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-28 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-28 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-28 17024]
R3 wdm_au8820;Aureal Vortex 8820 Audio Driver (WDM); C:\WINDOWS\system32\drivers\adm8820.sys [2001-08-17 553984]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-10 153376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-28 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-29 572928]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-04-19 823808]

-----------------EOF-----------------

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:26 PM

Posted 14 August 2009 - 08:31 AM

It doesn't look like it has been updated to SP3 did you get any error messages when updating?

unite.jpg


#15 Malik.ghaddar

Malik.ghaddar
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 14 August 2009 - 02:47 PM

before i did something wrong i think so it just update some components but not install sp3 i try it again then it bring me 2 a validation page 2 cheak window validity 2 proceed but my window is not valid ...i install some keys 4m warez site 2 make it genuine but its showing
This copy of Windows did not pass genuine validation.
The product key found on this computer is not valid for use in your region....


so wht i can do now

Edited by Malik.ghaddar, 15 August 2009 - 03:58 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users