Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious problems after running Malware Bytes


  • This topic is locked This topic is locked
56 replies to this topic

#1 ops_name

ops_name

  • Banned
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 31 July 2010 - 09:11 AM

Dear Friends,

2 weeks ago I was attacked with some malware going with Anti Malware Doctor which installed itslef and thereafter my browser was opening some pages automatically. I guess there was some attack of virus as well. Browsing web for the problem, I came across this marvelous website and I followed step by step solution to remove the self installed malware as explained on this website (including the rkill etc). However, when i completed the removal of this malware and restarted after the completion of scanning by Malware Byte, all I got was a black screen with blinking cursor. This was last week. All the attempts to get into the windoes failed even the safe mode. Yesterday, I tried booting with Hiren´s boot CD and i was able to log in succesfully using the option ´´Boot with Hard drive (fixed NTLDR)`` or something like this. I downloaded HijackThis and and ran it to generate the log file below.

Also, each time I boot with Hiren´s CD I get a pop up window saying:

´''Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.´´

Clicking on details tab on the above pop up I see these messages:

------------------------------------------------------------------------------------------------
Error signature______________________________________________
szAppName : svchost.exe szAppVer : 5.1.2600.2180 szModName : unknown
szModVer : 0.0.0.0 offset : 62ec0000

----------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
C:\DOCUME~1\User\LOCALS~1\Temp\WERb1ad.dir00\svchost.exe.mdmp
C:\DOCUME~1\User\LOCALS~1\Temp\WERb1ad.dir00\appcompat.txt
------------------------------------------------------------------------------------------

I am ignoring the pop up window and not pressing the DEBUG button on it since last 2-3 times when I did, window was shutdown and I really need to use this laptop.


I would be really grateful if somebody can have a look and let me know what might be the reason of not been able to boot normally and these erroe messages.

Thanks,
Rosario

--------------------HIJACK LOG-------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:29 AM, on 7/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\epoagent\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\nvsvc32.exe
C:\Windows\system32\RunDLL32.exe
C:\Windows\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Jumblo.com\Jumblo\Jumblo.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\CNAB4RPK.EXE
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Windows\system32\dwwin.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [] 1.0.7.0
O4 - HKLM\..\Run: [sta] rundll32 "xbkcp.dll",,Run
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jumblo] "C:\Program Files\Jumblo.com\Jumblo\Jumblo.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [{A7FEA92E-89F7-0727-0441-C3B55D6B6E5A}] "C:\Documents and Settings\User\Application Data\Unagew\alisc.exe"
O4 - HKLM\..\Policies\Explorer\Run: [tcyz46] C:\DOCUME~1\User\LOCALS~1\Temp\l84alx.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/57.11/uploader2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://bollym4u.com/js/vjocx-ch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD7B50F2-266E-4A15-93F3-2FFBECC8FF53}: Domain = vlan-line1.office
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O20 - Winlogon Notify: egypack - egypack.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - c:\epoagent\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VTingWinIe - Unknown owner - C:\Windows\system32\drivers\svchost.exe (file missing)

--
End of file - 11230 bytes

-------------------------------END OF HIJACK THIS LOG-------------------------------------


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:15 PM

Posted 08 August 2010 - 10:31 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 ops_name

ops_name
  • Topic Starter

  • Banned
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 09 August 2010 - 02:13 PM

Thanks Suebaby..

I haven't posted my request anywhere else as I was confident to get a reply here.

Please find below the contects of log file:

*****************************************************************************

Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2010-08-09 20:40:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (9%) free of 40 GB
Total RAM: 2047 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:19 PM, on 8/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\epoagent\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\nvsvc32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\CNAB4RPK.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\RunDLL32.exe
C:\Windows\RTHDCPL.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Jumblo.com\Jumblo\Jumblo.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Rynga.com\Rynga\Rynga.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Windows\system32\dwwin.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Rosario\DOWNLOAD\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [] 1.0.7.0
O4 - HKLM\..\Run: [sta] rundll32 "xbkcp.dll",,Run
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jumblo] "C:\Program Files\Jumblo.com\Jumblo\Jumblo.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [{A7FEA92E-89F7-0727-0441-C3B55D6B6E5A}] "C:\Documents and Settings\User\Application Data\Unagew\alisc.exe"
O4 - HKCU\..\Run: [{67A9F25D-E151-E431-EDE2-CBA28580ECB3}] "C:\Documents and Settings\User\Application Data\Avul\paec.exe"
O4 - HKCU\..\Run: [Rynga] "C:\Program Files\Rynga.com\Rynga\Rynga.exe" -nosplash -minimized
O4 - HKLM\..\Policies\Explorer\Run: [tcyz46] C:\DOCUME~1\User\LOCALS~1\Temp\l84alx.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DesktopEarth AutoStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/57.11/uploader2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://bollym4u.com/js/vjocx-ch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD7B50F2-266E-4A15-93F3-2FFBECC8FF53}: Domain = vlan-LDR.office
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O20 - Winlogon Notify: egypack - egypack.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - c:\epoagent\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VTingWinIe - Unknown owner - C:\Windows\system32\drivers\svchost.exe (file missing)

--
End of file - 12002 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At100.job
C:\Windows\tasks\At101.job
C:\Windows\tasks\At102.job
C:\Windows\tasks\At103.job
C:\Windows\tasks\At104.job
C:\Windows\tasks\At105.job
C:\Windows\tasks\At106.job
C:\Windows\tasks\At107.job
C:\Windows\tasks\At108.job
C:\Windows\tasks\At109.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At110.job
C:\Windows\tasks\At111.job
C:\Windows\tasks\At112.job
C:\Windows\tasks\At113.job
C:\Windows\tasks\At114.job
C:\Windows\tasks\At115.job
C:\Windows\tasks\At116.job
C:\Windows\tasks\At117.job
C:\Windows\tasks\At118.job
C:\Windows\tasks\At119.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At120.job
C:\Windows\tasks\At121.job
C:\Windows\tasks\At122.job
C:\Windows\tasks\At123.job
C:\Windows\tasks\At124.job
C:\Windows\tasks\At125.job
C:\Windows\tasks\At126.job
C:\Windows\tasks\At127.job
C:\Windows\tasks\At128.job
C:\Windows\tasks\At129.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At130.job
C:\Windows\tasks\At131.job
C:\Windows\tasks\At132.job
C:\Windows\tasks\At133.job
C:\Windows\tasks\At134.job
C:\Windows\tasks\At135.job
C:\Windows\tasks\At136.job
C:\Windows\tasks\At137.job
C:\Windows\tasks\At138.job
C:\Windows\tasks\At139.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At140.job
C:\Windows\tasks\At141.job
C:\Windows\tasks\At142.job
C:\Windows\tasks\At143.job
C:\Windows\tasks\At144.job
C:\Windows\tasks\At145.job
C:\Windows\tasks\At146.job
C:\Windows\tasks\At147.job
C:\Windows\tasks\At148.job
C:\Windows\tasks\At149.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At150.job
C:\Windows\tasks\At151.job
C:\Windows\tasks\At152.job
C:\Windows\tasks\At153.job
C:\Windows\tasks\At154.job
C:\Windows\tasks\At155.job
C:\Windows\tasks\At156.job
C:\Windows\tasks\At157.job
C:\Windows\tasks\At158.job
C:\Windows\tasks\At159.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At160.job
C:\Windows\tasks\At161.job
C:\Windows\tasks\At162.job
C:\Windows\tasks\At163.job
C:\Windows\tasks\At164.job
C:\Windows\tasks\At165.job
C:\Windows\tasks\At166.job
C:\Windows\tasks\At167.job
C:\Windows\tasks\At168.job
C:\Windows\tasks\At169.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At170.job
C:\Windows\tasks\At171.job
C:\Windows\tasks\At172.job
C:\Windows\tasks\At173.job
C:\Windows\tasks\At174.job
C:\Windows\tasks\At175.job
C:\Windows\tasks\At176.job
C:\Windows\tasks\At177.job
C:\Windows\tasks\At178.job
C:\Windows\tasks\At179.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At180.job
C:\Windows\tasks\At181.job
C:\Windows\tasks\At182.job
C:\Windows\tasks\At183.job
C:\Windows\tasks\At184.job
C:\Windows\tasks\At185.job
C:\Windows\tasks\At186.job
C:\Windows\tasks\At187.job
C:\Windows\tasks\At188.job
C:\Windows\tasks\At189.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At190.job
C:\Windows\tasks\At191.job
C:\Windows\tasks\At192.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At25.job
C:\Windows\tasks\At26.job
C:\Windows\tasks\At27.job
C:\Windows\tasks\At28.job
C:\Windows\tasks\At29.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At30.job
C:\Windows\tasks\At31.job
C:\Windows\tasks\At32.job
C:\Windows\tasks\At33.job
C:\Windows\tasks\At34.job
C:\Windows\tasks\At35.job
C:\Windows\tasks\At36.job
C:\Windows\tasks\At37.job
C:\Windows\tasks\At38.job
C:\Windows\tasks\At39.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At40.job
C:\Windows\tasks\At41.job
C:\Windows\tasks\At42.job
C:\Windows\tasks\At43.job
C:\Windows\tasks\At44.job
C:\Windows\tasks\At45.job
C:\Windows\tasks\At46.job
C:\Windows\tasks\At47.job
C:\Windows\tasks\At48.job
C:\Windows\tasks\At49.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At50.job
C:\Windows\tasks\At51.job
C:\Windows\tasks\At52.job
C:\Windows\tasks\At53.job
C:\Windows\tasks\At54.job
C:\Windows\tasks\At55.job
C:\Windows\tasks\At56.job
C:\Windows\tasks\At57.job
C:\Windows\tasks\At58.job
C:\Windows\tasks\At59.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At60.job
C:\Windows\tasks\At61.job
C:\Windows\tasks\At62.job
C:\Windows\tasks\At63.job
C:\Windows\tasks\At64.job
C:\Windows\tasks\At65.job
C:\Windows\tasks\At66.job
C:\Windows\tasks\At67.job
C:\Windows\tasks\At68.job
C:\Windows\tasks\At69.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At70.job
C:\Windows\tasks\At71.job
C:\Windows\tasks\At72.job
C:\Windows\tasks\At73.job
C:\Windows\tasks\At74.job
C:\Windows\tasks\At75.job
C:\Windows\tasks\At76.job
C:\Windows\tasks\At77.job
C:\Windows\tasks\At78.job
C:\Windows\tasks\At79.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At80.job
C:\Windows\tasks\At81.job
C:\Windows\tasks\At82.job
C:\Windows\tasks\At83.job
C:\Windows\tasks\At84.job
C:\Windows\tasks\At85.job
C:\Windows\tasks\At86.job
C:\Windows\tasks\At87.job
C:\Windows\tasks\At88.job
C:\Windows\tasks\At89.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\At90.job
C:\Windows\tasks\At91.job
C:\Windows\tasks\At92.job
C:\Windows\tasks\At93.job
C:\Windows\tasks\At94.job
C:\Windows\tasks\At95.job
C:\Windows\tasks\At96.job
C:\Windows\tasks\At97.job
C:\Windows\tasks\At98.job
C:\Windows\tasks\At99.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-362288127-839522115-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-362288127-839522115-1003UA.job
C:\Windows\tasks\User_Feed_Synchronization-{BE343D52-7C24-462C-A664-88B8BAF87107}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45AD732C-2CE2-4666-B366-B2214AD57A49}]
Idea2 SidebarBrowserMonitor Class - C:\Program Files\Desktop Sidebar\sbhelp.dll [2006-07-09 278528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-08-20 430592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-17 8478720]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"RTHDCPL"=C:\Windows\RTHDCPL.EXE [2009-05-21 17881600]
""=1.0.7.0 []
"sta"=rundll32 xbkcp.dll,,Run []
"UserFaultCheck"=C:\Windows\system32\dumprep 0 -u []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"tcyz46"=C:\DOCUME~1\User\LOCALS~1\Temp\l84alx.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Update Service"=C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe [2008-01-10 19456]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\Windows\system32\ctfmon.exe [2008-04-14 15360]
"Jumblo"=C:\Program Files\Jumblo.com\Jumblo\Jumblo.exe [2010-07-17 10610984]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2010-06-17 3233096]
"{A7FEA92E-89F7-0727-0441-C3B55D6B6E5A}"=C:\Documents and Settings\User\Application Data\Unagew\alisc.exe [2010-03-03 115176]
"{67A9F25D-E151-E431-EDE2-CBA28580ECB3}"=C:\Documents and Settings\User\Application Data\Avul\paec.exe []
"Rynga"=C:\Program Files\Rynga.com\Rynga\Rynga.exe [2010-07-14 10607392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12Voip]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2006-02-21 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DirectMessenger]
C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE [2006-10-24 986624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-03 178712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InterVoip]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
c:\epoagent\Common Framework\UdaterUI.exe [2006-11-17 136768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\Windows\RTHDCPL.EXE [2009-05-21 17881600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\Windows\SkyTel.EXE [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service]
C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe [2008-01-10 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^DesktopEarth AutoStart.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^WordWeb.lnk]
C:\PROGRA~1\WordWeb\wweb32.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DesktopEarth AutoStart.lnk - C:\WINDOWS\Installer\{655AE5B5-F796-448E-B463-25D791DA6C3F}\_985DB897DF895EDAB9EBA4.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\egypack]
C:\Windows\system32\egypack.dll [2010-07-21 10244]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\Windows\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{16664848-0E00-11D2-8059-000000000000}"= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NBF]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nbf.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sglfb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tga.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\epoagent\Common Framework\FrameworkService.exe"="C:\epoagent\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Jumblo.com\Jumblo\Jumblo.exe"="C:\Program Files\Jumblo.com\Jumblo\Jumblo.exe:*:Enabled:Jumblo"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Rynga.com\Rynga\Rynga.exe"="C:\Program Files\Rynga.com\Rynga\Rynga.exe:*:Enabled:Rynga"
"C:\Program Files\Jumblo.com\Jumblo\Jumblo .exe"="C:\Program Files\Jumblo.com\Jumblo\Jumblo .exe:*:Enabled:Jumblo"
"C:\Program Files\Rynga.com\Rynga\Rynga .exe"="C:\Program Files\Rynga.com\Rynga\Rynga .exe:*:Enabled:Client to make VoIP calls."
"C:\Program Files\Jumblo.com\Jumblo\Jumblo .exe"="C:\Program Files\Jumblo.com\Jumblo\Jumblo .exe:*:Enabled:Jumblo"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer .exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer .exe:*:Enabled:Veoh Web Player Beta"
"C:\Program Files\Jumblo.com\Jumblo\Jumblo .exe"="C:\Program Files\Jumblo.com\Jumblo\Jumblo .exe:*:Enabled:Jumblo"
"C:\Program Files\Rynga.com\Rynga\Rynga .exe"="C:\Program Files\Rynga.com\Rynga\Rynga .exe:*:Enabled:Rynga"
"\??\C:\Windows\system32\winlogon.exe"="\??\C:\Windows\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"
"C:\Program Files\ActionVoip.com\ActionVoip\ActionVoip.exe"="C:\Program Files\ActionVoip.com\ActionVoip\ActionVoip.exe:*:Disabled:ActionVoip"
"C:\Program Files\ActionVoip.com\ActionVoip\ActionVoip .exe"="C:\Program Files\ActionVoip.com\ActionVoip\ActionVoip .exe:*:Disabled:ActionVoip"
"C:\Program Files\ActionVoip.com\ActionVoip\ActionVoip .exe"="C:\Program Files\ActionVoip.com\ActionVoip\ActionVoip .exe:*:Disabled:ActionVoip"
"C:\Program Files\ActionVoip.com\ActionVoip\ActionVoip .exe"="C:\Program Files\ActionVoip.com\ActionVoip\ActionVoip .exe:*:Disabled:ActionVoip"
"C:\WINDOWS\system32\CNAB4RPK.EXE"="C:\WINDOWS\system32\CNAB4RPK.EXE:*:Disabled:Canon LBP2900 RPC Server Process"
"C:\Documents and Settings\User\Local Settings\Temp\7zS46.tmp\SymNRT.exe"="C:\Documents and Settings\User\Local Settings\Temp\7zS46.tmp\SymNRT.exe:*:Disabled:Norton Removal Tool"
"C:\Documents and Settings\User\Local Settings\Temp\7zS42.tmp\SymNRT.exe"="C:\Documents and Settings\User\Local Settings\Temp\7zS42.tmp\SymNRT.exe:*:Disabled:Norton Removal Tool"
"C:\Windows\TEMP\onwh.tmp\setup.exe"="C:\Windows\TEMP\onwh.tmp\setup.exe:*:Disabled:setup"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager"
"C:\Program Files\VoipGain.com\VoipGain\VoipGain.exe"="C:\Program Files\VoipGain.com\VoipGain\VoipGain.exe:*:Disabled:VoipGain"
"C:\Program Files\VoipGain.com\VoipGain\VoipGain .exe"="C:\Program Files\VoipGain.com\VoipGain\VoipGain .exe:*:Disabled:VoipGain"
"C:\Program Files\VoipGain.com\VoipGain\VoipGain .exe"="C:\Program Files\VoipGain.com\VoipGain\VoipGain .exe:*:Disabled:VoipGain"
"C:\Program Files\VoipGain.com\VoipGain\VoipGain .exe"="C:\Program Files\VoipGain.com\VoipGain\VoipGain .exe:*:Disabled:VoipGain"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="C:\Windows\system32\defk.exe

======List of files/folders created in the last 1 months======

2010-08-09 20:40:08 ----D---- C:\rsit
2010-08-08 21:30:32 ----D---- C:\Windows\Prefetch
2010-08-08 20:56:03 ----D---- C:\Documents and Settings\User\Application Data\TeamViewer
2010-08-08 20:55:46 ----D---- C:\Program Files\TeamViewer
2010-08-08 19:31:58 ----N---- C:\Windows\system32\smtpapi.dll
2010-08-08 19:31:58 ----N---- C:\Windows\system32\rwnh.dll
2010-08-08 19:31:58 ----N---- C:\Windows\system32\drivers\irbus.sys
2010-08-08 19:31:58 ----N---- C:\Windows\system32\comsdupd.exe
2010-08-08 19:31:56 ----N---- C:\Windows\system32\ati3d1ag.dll
2010-08-08 19:31:56 ----N---- C:\Windows\system32\ati2dvag.dll
2010-08-08 19:31:56 ----N---- C:\Windows\system32\ati2dvaa.dll
2010-08-08 19:31:56 ----N---- C:\Windows\system32\ati2cqag.dll
2010-08-08 19:31:56 ----N---- C:\Windows\system32\aaclient.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\dot3ui.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\dot3svc.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\dot3msm.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\dot3gpclnt.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\dot3dlg.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\dot3cfg.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\dot3api.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\dimsroam.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\dimsntfy.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\dhcpqec.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\credssp.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\bitsprx4.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\azroles.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\ativvaxx.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\ativtmxx.dll
2010-08-08 19:31:55 ----N---- C:\Windows\system32\ati3duag.dll
2010-08-08 19:31:54 ----N---- C:\Windows\system32\ieencode.dll
2010-08-08 19:31:54 ----N---- C:\Windows\system32\hsfcisp2.dll
2010-08-08 19:31:54 ----N---- C:\Windows\system32\eapsvc.dll
2010-08-08 19:31:54 ----N---- C:\Windows\system32\eapqec.dll
2010-08-08 19:31:54 ----N---- C:\Windows\system32\eappprxy.dll
2010-08-08 19:31:54 ----N---- C:\Windows\system32\eapphost.dll
2010-08-08 19:31:54 ----N---- C:\Windows\system32\eappgnui.dll
2010-08-08 19:31:54 ----N---- C:\Windows\system32\eappcfg.dll
2010-08-08 19:31:54 ----N---- C:\Windows\system32\eapp3hst.dll
2010-08-08 19:31:54 ----N---- C:\Windows\system32\eapolqec.dll
2010-08-08 19:31:53 ----N---- C:\Windows\system32\mmcperf.exe
2010-08-08 19:31:53 ----N---- C:\Windows\system32\mmcfxcommon.dll
2010-08-08 19:31:53 ----N---- C:\Windows\system32\mmcex.dll
2010-08-08 19:31:53 ----N---- C:\Windows\system32\microsoft.managementconsole.dll
2010-08-08 19:31:53 ----N---- C:\Windows\system32\mdmxsdk.dll
2010-08-08 19:31:53 ----N---- C:\Windows\system32\l2gpstore.dll
2010-08-08 19:31:53 ----N---- C:\Windows\system32\kmsvc.dll
2010-08-08 19:31:53 ----N---- C:\Windows\system32\kbdpash.dll
2010-08-08 19:31:53 ----N---- C:\Windows\system32\kbdnepr.dll
2010-08-08 19:31:53 ----N---- C:\Windows\system32\kbdiultn.dll
2010-08-08 19:31:53 ----N---- C:\Windows\system32\kbdbhc.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\s3gnb.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\rhttpaa.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\rasqec.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\qutil.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\qcliprov.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\qagentrt.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\qagent.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\onex.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\napstat.exe
2010-08-08 19:31:52 ----N---- C:\Windows\system32\napmontr.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\napipsec.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\mtxparhd.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\msshavmsg.dll
2010-08-08 19:31:52 ----N---- C:\Windows\system32\mssha.dll
2010-08-08 19:31:51 ----N---- C:\Windows\system32\tspkg.dll
2010-08-08 19:31:51 ----N---- C:\Windows\system32\tsgqec.dll
2010-08-08 19:31:51 ----N---- C:\Windows\system32\slrundll.exe
2010-08-08 19:31:51 ----N---- C:\Windows\system32\slcoinst.dll
2010-08-08 19:31:51 ----N---- C:\Windows\system32\setupn.exe
2010-08-08 19:31:50 ----N---- C:\Windows\system32\wlanapi.dll
2010-08-08 19:31:47 ----D---- C:\Windows\system32\scripting
2010-08-08 19:31:46 ----D---- C:\Windows\system32\en
2010-08-08 19:31:46 ----D---- C:\Windows\l2schemas
2010-08-08 19:31:45 ----D---- C:\Windows\system32\bits
2010-08-08 19:28:31 ----D---- C:\Windows\ServicePackFiles
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\ati1raxx.sys
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\ati1pdxx.sys
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\ati1mdxx.sys
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\ati1btxx.sys
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\amdagp.sys
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\alim1541.sys
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\agpcpq.sys
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\agp440.sys
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\adv11nt5.dll
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\adv09nt5.dll
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\adv08nt5.dll
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\adv07nt5.dll
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\adv05nt5.dll
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\adv02nt5.dll
2010-08-08 19:25:52 ----N---- C:\Windows\system32\drivers\adv01nt5.dll
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\atinxsxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\atinxbxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\atintuxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\atinttxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\atinsnxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\atinrvxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\atinraxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\atinpdxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\atinmdxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\atinbtxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\ati2mtag.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\ati2mtaa.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\ati1xsxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\ati1xbxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\ati1tuxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\ati1ttxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\ati1snxx.sys
2010-08-08 19:25:51 ----N---- C:\Windows\system32\drivers\ati1rvxx.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\hsfbs2s2.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\hidir.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\hidbth.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\gagp30kx.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\ch7xxnt5.dll
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\bthusb.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\bthprint.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\bthport.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\bthpan.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\bthmodem.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\bthenum.sys
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\atv10nt5.dll
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\atv06nt5.dll
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\atv04nt5.dll
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\atv02nt5.dll
2010-08-08 19:25:50 ----N---- C:\Windows\system32\drivers\atv01nt5.dll
2010-08-08 19:25:49 ----N---- C:\Windows\system32\drivers\mdmxsdk.sys
2010-08-08 19:25:49 ----N---- C:\Windows\system32\drivers\hsfdpsp2.sys
2010-08-08 19:25:49 ----N---- C:\Windows\system32\drivers\hsfcxts2.sys
2010-08-08 19:25:48 ----N---- C:\Windows\system32\drivers\slnt7554.sys
2010-08-08 19:25:48 ----N---- C:\Windows\system32\drivers\sisagp.sys
2010-08-08 19:25:48 ----N---- C:\Windows\system32\drivers\siint5.dll
2010-08-08 19:25:48 ----N---- C:\Windows\system32\drivers\sffp_mmc.sys
2010-08-08 19:25:48 ----N---- C:\Windows\system32\drivers\s3gnbm.sys
2010-08-08 19:25:48 ----N---- C:\Windows\system32\drivers\rndismpx.sys
2010-08-08 19:25:48 ----N---- C:\Windows\system32\drivers\rfcomm.sys
2010-08-08 19:25:48 ----N---- C:\Windows\system32\drivers\recagent.sys
2010-08-08 19:25:48 ----N---- C:\Windows\system32\drivers\mutohpen.sys
2010-08-08 19:25:48 ----N---- C:\Windows\system32\drivers\mtxparhm.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\watv10nt.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\watv06nt.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\wadv11nt.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\wadv09nt.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\wadv08nt.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\wadv07nt.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\wacompen.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\viaagp.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\vchnt5.dll
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\usb8023x.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\uagp35.sys
2010-08-08 19:25:47 ----N---- C:\Windows\system32\drivers\smbali.sys
2010-08-08 19:23:57 ----A---- C:\Windows\003282_.tmp
2010-08-08 19:21:27 ----HDC---- C:\Windows\$NtServicePackUninstall$
2010-08-06 20:29:19 ----D---- C:\Program Files\Lavalys
2010-08-06 17:09:54 ----D---- C:\Program Files\Alwil Software
2010-08-06 17:09:54 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-08-01 11:41:09 ----D---- C:\Documents and Settings\User\Application Data\HD Tune Pro
2010-08-01 11:40:29 ----D---- C:\Program Files\HD Tune Pro
2010-07-31 11:41:35 ----D---- C:\Program Files\Trend Micro
2010-07-27 22:36:39 ----AH---- C:\Windows\system32\nvapcess.dll
2010-07-25 14:14:42 ----AH---- C:\Windows\system32\nvconsta.dll
2010-07-23 17:02:17 ----SHD---- C:\Windows\system32\lowsec
2010-07-23 16:47:42 ----A---- C:\Windows\system32\Dokumente und EinstellungenAll UsersStartmenuProgrammeAutostartoffice.exe
2010-07-22 09:05:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-07-21 21:33:50 ----A---- C:\Windows\system32\egypack.dll
2010-07-21 08:37:41 ----D---- C:\Documents and Settings\User\Application Data\Registry Mechanic
2010-07-21 08:22:16 ----D---- C:\Program Files\Common Files\PC Tools
2010-07-21 08:22:11 ----D---- C:\Program Files\Registry Mechanic
2010-07-21 07:21:13 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-21 07:21:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-21 07:21:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-21 06:29:08 ----D---- C:\Program Files\VS Revo Group
2010-07-20 09:02:44 ----ASH---- C:\pagefile.sys
2010-07-19 23:32:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-19 23:32:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-19 18:36:15 ----A---- C:\mbam-error.txt
2010-07-19 18:26:49 ----A---- C:\Windows\system32\drivers\pmlqr.sys
2010-07-17 22:22:41 ----D---- C:\Program Files\Panda Security
2010-07-17 22:19:12 ----D---- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2010-07-17 22:19:12 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-17 19:00:54 ----A---- C:\Boot.bak
2010-07-17 19:00:47 ----RASHD---- C:\cmdcons
2010-07-17 18:58:37 ----A---- C:\Windows\NIRCMD.exe
2010-07-17 18:58:37 ----A---- C:\Windows\MBR.exe
2010-07-17 18:58:34 ----A---- C:\Windows\zip.exe
2010-07-17 18:58:34 ----A---- C:\Windows\SWXCACLS.exe
2010-07-17 18:58:34 ----A---- C:\Windows\SWSC.exe
2010-07-17 18:58:34 ----A---- C:\Windows\SWREG.exe
2010-07-17 18:58:34 ----A---- C:\Windows\sed.exe
2010-07-17 18:58:34 ----A---- C:\Windows\PEV.exe
2010-07-17 18:58:34 ----A---- C:\Windows\grep.exe
2010-07-17 18:58:15 ----D---- C:\Windows\ERDNT
2010-07-17 18:57:43 ----D---- C:\Qoobox
2010-07-16 14:48:27 ----D---- C:\Windows\system32\drivers\NSS
2010-07-16 14:48:26 ----D---- C:\Program Files\NortonInstaller
2010-07-16 14:48:15 ----D---- C:\Program Files\ActionVoip.com
2010-07-16 13:52:35 ----RA---- C:\Windows\system32\drivers\PHUBMON.sys
2010-07-16 13:52:35 ----RA---- C:\Windows\system32\drivers\PHUBMON(2).sys
2010-07-16 13:52:35 ----A---- C:\Windows\system32\drivers\timntr.sys
2010-07-16 13:52:35 ----A---- C:\Windows\system32\drivers\timntr(2).sys
2010-07-16 13:52:35 ----A---- C:\Windows\system32\drivers\snapman.sys
2010-07-16 13:52:35 ----A---- C:\Windows\system32\drivers\snapman(2).sys
2010-07-16 13:52:35 ----A---- C:\Windows\system32\drivers\s24trans.sys
2010-07-16 13:52:35 ----A---- C:\Windows\system32\drivers\s24trans(2).sys
2010-07-16 13:52:35 ----A---- C:\Windows\system32\drivers\nv4_mini.sys
2010-07-16 13:52:35 ----A---- C:\Windows\system32\drivers\nv4_mini(2).sys
2010-07-16 13:52:34 ----RA---- C:\Windows\system32\drivers\MMIOPORT.SYS
2010-07-16 13:52:34 ----RA---- C:\Windows\system32\drivers\MMIOPORT(2).SYS
2010-07-16 13:52:34 ----RA---- C:\Windows\system32\drivers\iaNvStor.sys
2010-07-16 13:52:34 ----RA---- C:\Windows\system32\drivers\iaNvStor(2).sys
2010-07-16 13:52:34 ----A---- C:\Windows\system32\drivers\AegisP.sys
2010-07-16 13:52:34 ----A---- C:\Windows\system32\drivers\AegisP(2).sys
2010-07-16 07:17:59 ----A---- C:\Windows\SIGVERIF.TXT
2010-07-16 06:49:04 ----D---- C:\Documents and Settings\User\Application Data\Uniblue
2010-07-15 10:53:04 ----D---- C:\Config.Msi
2010-07-15 10:45:40 ----A---- C:\Windows\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2010-08-09 20:40:00 ----A---- C:\Windows\SchedLgU.Txt
2010-08-09 18:11:03 ----D---- C:\Windows\Temp
2010-08-09 13:56:13 ----SHD---- C:\Windows\CSC
2010-08-08 21:52:26 ----A---- C:\Windows\NeroDigital.ini
2010-08-08 21:34:31 ----D---- C:\Windows\system32
2010-08-08 21:34:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-08 21:33:58 ----A---- C:\Windows\system32\HPPDEVX.DLL.log
2010-08-08 21:33:38 ----D---- C:\Windows\Debug
2010-08-08 21:33:35 ----AD---- C:\WINDOWS
2010-08-08 21:33:30 ----A---- C:\Windows\win.ini
2010-08-08 21:33:27 ----D---- C:\Program Files\Windows Media Player
2010-08-08 21:31:55 ----AC---- C:\Windows\OEWABLog.txt
2010-08-08 21:31:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-08 21:31:26 ----D---- C:\Windows\system32\CatRoot2
2010-08-08 21:30:32 ----AC---- C:\Windows\setuplog.txt
2010-08-08 21:29:55 ----D---- C:\Windows\system32\wbem
2010-08-08 21:29:55 ----D---- C:\Windows\system32\Setup
2010-08-08 21:29:55 ----D---- C:\Windows\AppPatch
2010-08-08 21:29:55 ----D---- C:\Program Files\Messenger
2010-08-08 21:29:54 ----D---- C:\Windows\Fonts
2010-08-08 21:29:51 ----D---- C:\Windows\system32\drivers
2010-08-08 20:55:46 ----D---- C:\Program Files
2010-08-08 19:37:26 ----D---- C:\Windows\security
2010-08-08 19:37:19 ----D---- C:\Windows\inf
2010-08-08 19:37:04 ----D---- C:\Windows\system32\CatRoot
2010-08-08 19:32:20 ----D---- C:\Windows\WinSxS
2010-08-08 19:32:16 ----DC---- C:\Windows\system32\dllcache
2010-08-08 19:31:57 ----D---- C:\Windows\system32\inetsrv
2010-08-08 19:31:57 ----D---- C:\Windows\network diagnostic
2010-08-08 19:31:57 ----D---- C:\Windows\ime
2010-08-08 19:31:57 ----D---- C:\Windows\Help
2010-08-08 19:31:48 ----D---- C:\Windows\system32\usmt
2010-08-08 19:31:48 ----D---- C:\Windows\system32\en-US
2010-08-08 19:31:46 ----SHD---- C:\Windows\Installer
2010-08-08 19:31:45 ----D---- C:\Windows\PeerNet
2010-08-08 19:31:45 ----D---- C:\Program Files\Movie Maker
2010-08-08 19:28:19 ----D---- C:\Windows\system32\Restore
2010-08-08 19:28:19 ----D---- C:\Windows\system32\npp
2010-08-08 19:28:19 ----D---- C:\Windows\mui
2010-08-08 19:28:18 ----D---- C:\Windows\msagent
2010-08-08 19:28:17 ----D---- C:\Windows\srchasst
2010-08-08 19:28:16 ----D---- C:\Program Files\NetMeeting
2010-08-08 19:28:15 ----D---- C:\Windows\system32\Com
2010-08-08 19:28:12 ----D---- C:\Program Files\Windows NT
2010-08-08 19:28:12 ----D---- C:\Program Files\Outlook Express
2010-08-08 19:28:09 ----D---- C:\Program Files\Common Files\System
2010-08-08 19:27:51 ----D---- C:\Windows\system32\oobe
2010-08-08 19:27:49 ----D---- C:\Windows\system
2010-08-08 19:25:28 ----A---- C:\NTDETECT.COM
2010-08-08 19:18:45 ----D---- C:\Windows\ehome
2010-08-08 17:57:21 ----D---- C:\QUARANTINE
2010-08-08 16:14:30 ----D---- C:\Documents and Settings\User\Application Data\DivX
2010-08-08 13:24:03 ----D---- C:\Documents and Settings\User\Application Data\ActionVoip
2010-08-07 23:03:14 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2010-08-07 23:01:31 ----D---- C:\Program Files\DivX
2010-08-07 23:01:30 ----D---- C:\Program Files\Common Files\DivX Shared
2010-08-06 20:04:44 ----D---- C:\Documents and Settings\User\Application Data\Avul
2010-08-06 10:32:18 ----D---- C:\Windows\pchealth
2010-08-05 20:40:07 ----D---- C:\Documents and Settings\User\Application Data\Hiahpy
2010-07-30 14:30:15 ----D---- C:\Documents and Settings\User\Application Data\Duefyq
2010-07-25 15:40:44 ----D---- C:\Program Files\Mozilla Firefox
2010-07-23 14:06:11 ----D---- C:\Documents and Settings\User\Application Data\ZoomBrowser EX
2010-07-21 08:40:32 ----D---- C:\Windows\Tasks
2010-07-21 08:30:21 ----D---- C:\Windows\system32\config
2010-07-21 08:22:16 ----D---- C:\Program Files\Common Files
2010-07-21 06:45:18 ----D---- C:\Documents and Settings\User\Application Data\Skype
2010-07-21 06:45:09 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-07-21 06:29:59 ----D---- C:\Program Files\Canon
2010-07-20 11:14:53 ----AC---- C:\Windows\ODBC.INI
2010-07-19 22:41:20 ----DC---- C:\Windows\$NtUninstallKB921503$
2010-07-18 00:44:23 ----D---- C:\Windows\ATK0100
2010-07-18 00:41:27 ----D---- C:\Program Files\QuickTime
2010-07-18 00:41:26 ----D---- C:\Program Files\Desktop Sidebar
2010-07-17 19:00:55 ----RASH---- C:\BOOT.INI
2010-07-17 15:30:21 ----D---- C:\Documents and Settings\User\Application Data\Desktop Sidebar
2010-07-16 14:48:43 ----D---- C:\Windows\Registration
2010-07-16 14:48:17 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-07-16 14:48:15 ----D---- C:\Program Files\Chess3D
2010-07-16 14:47:47 ----D---- C:\Program Files\Real
2010-07-16 14:47:19 ----D---- C:\Program Files\Microsoft Silverlight
2010-07-16 14:11:14 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-16 13:55:52 ----D---- C:\Windows\system32\drivers\UMDF
2010-07-15 11:23:19 ----D---- C:\Program Files\Common Files\Ahead

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-30 308248]
R0 JGOGO;JMicron Hot-Plug Driver; C:\Windows\system32\DRIVERS\JGOGO.sys [2007-12-14 6912]
R0 Jraid;Jraid; C:\Windows\system32\DRIVERS\jraid.sys [2007-12-14 48000]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\Windows\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-06-10 45648]
R0 risdptsk;risdptsk; C:\Windows\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2007-12-19 63808]
R0 timounter;Acronis TrueImage Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2007-12-19 95744]
R1 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\Windows\system32\drivers\mfetdik.sys [2006-11-30 52136]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\Windows\system32\DRIVERS\AegisP.sys [2007-12-17 21419]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 s24trans;WLAN Transport; C:\Windows\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R3 Arp1394;1394 ARP Client Protocol; C:\Windows\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RtkHDAud.sys [2009-06-02 5085184]
R3 mfeapfk;McAfee Inc.; C:\Windows\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\Windows\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys [2007-02-22 170408]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\Windows\system32\DRIVERS\NETw5x32.sys [2010-01-13 6598656]
R3 NIC1394;1394 Net Driver; C:\Windows\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\Windows\system32\DRIVERS\nv4_mini.sys [2007-08-17 6842208]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\Windows\system32\DRIVERS\Rtenicxp.sys [2007-08-07 98944]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-03-21 889472]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-05-25 1743232]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 pmlqr;pmlqr; C:\Windows\system32\drivers\pmlqr.sys [2010-07-28 766976]
S1 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 COPYLOCK;COPYLOCK NT Driver; \??\C:\BusyWin\COPYLOCK.SYS []
S2 Sentry;Sentry; \??\C:\WINDOWS\system32\sentry.sys []
S3 Ambfilt;Ambfilt; C:\Windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Closed Caption Decoder; C:\Windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPFXBULK;HPFXBULK; C:\Windows\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys []
S3 MMIOPORT;MMIOPORT; \??\C:\WINDOWS\system32\drivers\MMIOPORT.sys []
S3 Monfilt;Monfilt; C:\Windows\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Mouse HID Driver; C:\Windows\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 msdvdDrv;msdvdDrv; \??\C:\Windows\system32\msdvdr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\Windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\Windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NETw4x32;Intel® Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\Windows\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\Windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\Windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\Windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\Windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-05-15 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-03 358936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 McAfeeFramework;McAfee Framework Service; c:\epoagent\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-22 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-22 54872]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nlsX86cc;NLS Service; C:\Windows\system32\NLSSRV32.EXE [2010-02-02 65856]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvsvc32.exe [2007-08-17 155716]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-14 135664]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\PEV.cfxxe EXEC /i C:\ComboFix\HIDEC.exe C:\ComboFix\SWREG.EXE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q []
S2 VTingWinIe;VTingWinIe; C:\Windows\system32\drivers\svchost.exe -a []
S2 vvdsvc;VJVodClientServices; C:\Windows\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 BrlAPI;BrlAPI; C:\cygwin\bin\cygrunsrv.exe [2006-06-19 43008]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-15 658432]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\Windows\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
**************************************************************************

Unfortunately, I didn't checked this forum yesterday and updated my windows xp SP2 to SP3. Also I ran a registry update from following website in the hope of geting the safe mode boot back but with no luck.

http://blog.didierstevens.com/2007/02/19/r...ith-a-reg-file/

Apart from this everything is more or less same and yeah also installed Teamviewer to help my mother in using Gmail for video chat.


But few more items that I have observed and may be helpful in troubleshooting:

1. When I run Malwarebytes it detects 4 malware and runs fine until it starts scanning C:/Windows/System32 , in that folder it crashes.

2. McCafee also crashed in same folder but not before deleting some viruses from :
a)C:\System Volume Information\_restore
cool.gif Don´t remember the folder but it was Sun/Java ...something and virus names were like phonbook etc

3. xbkcp.dll error pop up shows up the moment I login.

4. Blinking screen is persisting but when I press F9, I see a message which says boot sector write virus:(continue y/n). However nothing happens if I press n

5. Bootsector antivirus is enabled though.

6. Since 2 days the PC doesnt shuts down. It keeps on showing Logging off or Closing network connection window. Therefore, I have to do hard shutdown.

Since, I have no other PC than this affected one I am finding workaround to work on it which might be bad but this is the only option right now for me.

Thanks for your patience and help. really appreciate it

Rosario

Edited by ops_name, 09 August 2010 - 02:20 PM.


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:15 PM

Posted 09 August 2010 - 04:30 PM

Is this a business computer?
If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?

I ask because I do not help in cleaning business or corporate computers or Windows Server editions, like Windows 2003, for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 ops_name

ops_name
  • Topic Starter

  • Banned
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 10 August 2010 - 06:31 AM

Hi,

This laptop is infact provided to me by my company but there is nothing like company data etc. I have been given to use this as a standalone piece of equipment. I have not yet informed the IT guy as he is on vacation otherwise I would have asked him to reformat the PC.

Please guide me on cleaning I assure you that there are no legal implication.

Thanks,
Rosario


#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:15 PM

Posted 10 August 2010 - 01:55 PM

Do you have permission to reformat the computer yourself?
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 ops_name

ops_name
  • Topic Starter

  • Banned
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 10 August 2010 - 03:34 PM

I guess I can but I wont do it unless the IT guy comes back.

Add on: When I started Internet explorer today (normally I use Chrome), AntiMalware Doctor installed itself again and started scanning. I performed the removal steps as explained on this website but MBAM crashed again thoughj it detected 48 infected files.

Thanks
Rosario

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:15 PM

Posted 11 August 2010 - 09:01 AM

I am sorry but I will not work on business computers. You need to wait until your IT comes back. If you like, I will post your log to see if someone else will work it for you.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 ops_name

ops_name
  • Topic Starter

  • Banned
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 12 August 2010 - 01:36 PM

Hi SueBaby,

However unfortunate your decision may be but I accept it and thank you for the help in last few days. Could you please pass on the logs to people who might be willing to help.

Thanks

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:15 PM

Posted 13 August 2010 - 06:23 PM

I listed your log so that other HJT Team Members could pick it up. Should not be too long.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:15 AM

Posted 14 August 2010 - 08:33 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.


It seems that you have picked up a nasty rootkit so we should first test its strength.


Run Combofix, as below

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


If this fails, and it might, then please download and run TDSSKiller below. Do not run if Combofix completes.
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#12 ops_name

ops_name
  • Topic Starter

  • Banned
  • 29 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 16 August 2010 - 04:24 AM

Hi Mole

Thanks for helping me out. Actually none o the above scanned worked. Each time scanning started succesfully but the the opc crashed witha blue screen error saying somethings like memory read out error. And ever since the pc has failed to boot up despite repeated attempts.

As you might have ead in my above posts that my nominal nomnal boot up was nayways lost and as a workaround I was using Hiren's boot up CD and using the '' windows XP using NT '' to log in each time. Niow even that is lost.

So to sum up: #

1.This blue screen error happened each time I scanned the pc with anti viru/ or MBAM but I was able to restart and login using the workaround mentioned above.

2. I started scanning using Combifix, blue screen occcured but restart was succesful.

3. Scanning with TDSS started well (it found a root kit) but then pc crashed with blue screena nd reboot to windows have failed since and each time I see a black screen after applying the option I mentioned above from Hires's boot CD

Please guide me on way forward

Thanks,
Rosario

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:15 AM

Posted 16 August 2010 - 05:56 PM

We can't use Hirens on Bleeping Computer but we do have something such as that which uses UBCD4Win and OTLPE.

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

1. Download and Run Ultimate Boot CD for Windows
  • Save it to your Desktop.
  • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
    NOTES:
    • Do not install to a folder with spaces in it's name.
    • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  • Click "I agree" to the Builders License.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)
        • Enter the path to the drive where your XP CD is located.
        • You can click on the "..." button on the right to navigate to the path as well.
      • Custom: (include files and folders from this directory)
        • No information is necessary, leave blank.
      • Output: (C:\ubcd4win\BartPE)
        • Keep the default BartPE
    • Media output
      • Choose Create ISO image
      • Do not choose Burn to CD/DVD


        Please note: If your XP install disc is SP1 then please .....
        1. Disable- DComLaunch Service
        2. Enable- LargeIDE Fix

          This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

      Also note: If you have a Dell XP install disc you will need to follow the instructions here
      http://www.ubcd4win.com/faq.htm#dell

    3. Click on the "Build" button
    • You will see the Windows EULA message. Click on I Agree
    • You will now see the Build Screen. Let it run it's course
    • When the Build is finished you can click close, then exit


    4. Burn your ISO file to CD
    • Please see HERE on how to burn an ISO to CD.

    ==========

    Next........

    From your clean computer..

    Please download OTLPE.zip and save it to a flash drive.
    http://oldtimer.geekstogo.com/OTLPE.zip
    http://www.itxassociates.com/OT-Tools/OTLPE.zip

    Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

    ==========

    Plug your flash drive into your sick computer now and do as instructed below..

    ==========

    1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
    • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
    • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
      • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
      • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
    • You should now have a desktop that looks like this:

    ==========

    Single click My computer from your UBCD4W desktop to navigate to the OTLPE folder that you saved to your flash drive.

    Open the OTLPE folder and double click Start.bat.
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTLPE should now start

      Change the following settings
      • Change Services, Drivers, Standard and Extra Registry to All

    • Copy and Paste the following code into the textbox. Do not include the word "Code"

      CODE
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      /md5start
      userinit.exe
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT

    • Push
    • A report will open. Save that log to your flash drive. Copy and Paste that report in your next reply.

    =========

    With your next post please provide:

    * OTLPE.txt
    Posted Image
    m0le is a proud member of UNITE

    #14 ops_name

    ops_name
    • Topic Starter

    • Banned
    • 29 posts
    • OFFLINE
    •  
    • Local time:07:15 PM

    Posted 18 August 2010 - 10:42 AM

    Dear Friend,

    I request you to be bit patient with me as I have got no other spare PC on hand available and I am trying to arrange one from a friend. I would try to post you the result or deltas as recieved upon verbatim execution of your recommendation as soon as possible.

    Thanks
    Rosarios

    #15 m0le

    m0le

      Can U Dig It?


    • Malware Response Team
    • 34,527 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:London, UK
    • Local time:12:15 AM

    Posted 18 August 2010 - 02:14 PM

    That's okay. It is a tricky stage to complete. I will bump the topic in a couple of days. thumbup2.gif
    Posted Image
    m0le is a proud member of UNITE




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users