# Infected computer



## adilshaikh (Aug 28, 2009)

hi, two people have looked at my hjt log and told me that my computer is infected they told me to post in this part of the forums so a malware expert can look at it. so can someone please tell me whats wrong with my computer and how to get rid of it. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:40, on 30/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetdownloadmanager.com/welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: {d6620e09-f47c-65b9-6bd4-429525cb9ca3} - {3ac9bc52-5924-4db6-9b56-c74f90e0266d} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: (no name) - {7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {C6B4B6A8-FB68-4468-AD1F-0854EF2C9910} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [{64e7cef3-b48e-9faf-acf1-124b47a3f471}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll" DllInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A6511C7-4112-4785-BDD0-3BD32CE5EDED}: NameServer = 193.36.79.100 80.10.246.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9f5b1a2c085f4) (gupdate1c9f5b1a2c085f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10213 bytes


----------



## adilshaikh (Aug 28, 2009)

bump


----------



## adilshaikh (Aug 28, 2009)

bump


----------



## adilshaikh (Aug 28, 2009)

still waiting after a day. Please help


----------



## dvk01 (Dec 14, 2002)

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​
Download ComboFix from *Here* to your Desktop.

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this 
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything unless told to do so while we are fixing your problem. *


----------



## adilshaikh (Aug 28, 2009)

i have some bad news. whilst i was running the combofix scan it got up to about process 52 then all of a sudden a black screen came up, i cant remember exactly what is said but it was saying something like windows is going to shut down to prevent any damage to your computer and underneath that it said BAD_POOL_HEADER and it went on sayin if this is your first time seeing this message then restart your computer, thats all i can remember. and then i restarted my computer and then it said windows has recovered from a serious error and it gave me two options, one to send an error report and one not to, i clicked not to. please help me i dont know whats wrong with my computer and im starting to get worried


----------



## dvk01 (Dec 14, 2002)

sounds like a rootkit

download gmer rootkit detector from http://gmer.net

unzip it & double click the gmer.exe file

it will do a quick scan automatically, when that finishes,

select the rootkit tab & press scan

when it has finished press copy & post back the log it makes


----------



## adilshaikh (Aug 28, 2009)

hi dvk01, I downloaded the gmer rootkit detector and then when i opened it the exact same screen came up as in post #6. please help me


----------



## dvk01 (Dec 14, 2002)

try this one but if you get that error on access to the malware file then it is going to be hard to fix & will almopst certainly result in you formatting & reinstalling windows
but lets see if this will run & show exactly what we are dealing with

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.


Click on the Log tab.
 In the Write to log box select all items.
 Click on the Create Log button on the bottom right.
 After a few seconds a new Window should appear.
 Make sure Scan all drives is selected and click on the Start button.
 When it is complete a new Window will appear to indicate that the scan is finished.
 The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.


----------



## adilshaikh (Aug 28, 2009)

hi, sorry i took so long to reply.
Here is the sysprotlog:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: SYSTEM
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 512
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 816
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 840
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 884
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 896
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 1064
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1116
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1172
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1208
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1416
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1568
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1632
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1716
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1784
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PID: 1824
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\FsUsbExService.Exe
PID: 1932
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 124
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 164
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PnkBstrA.exe
PID: 200
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 240
Hidden: No
Window Visible: No

Name: C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PID: 696
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 716
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 732
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PID: 752
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\rundll32.exe
PID: 984
Hidden: No
Window Visible: No

Name: C:\WINDOWS\stsystra.exe
PID: 1276
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET Smart Security\egui.exe
PID: 1392
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 1484
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Download Manager\IDMan.exe
PID: 1544
Hidden: No
Window Visible: No

Name: C:\Program Files\Messenger\msmsgs.exe
PID: 1564
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2344
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Download Manager\IEMonitor.exe
PID: 2656
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\notepad.exe
PID: 2800
Hidden: No
Window Visible: Yes

Name: C:\Documents and Settings\SHAIKH\Desktop\SysProt\SysProt.exe
PID: 2848
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\SHAIKH\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B1FB5000
Module End: B1FC0000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806CEA80
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806CF000
Module End: 806EF280
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: B85A8000
Module End: B85AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: B84B8000
Module End: B84BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B7F79000
Module End: B7FA7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: B85AA000
Module End: B85AC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B7F68000
Module End: B7F79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: B80A8000
Module End: B80B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: B8670000
Module End: B8671000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: B8328000
Module End: B832F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: B80B8000
Module End: B80C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B7F49000
Module End: B7F68000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: B8330000
Module End: B8335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: B80C8000
Module End: B80D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B7F31000
Module End: B7F49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\nvgts.sys
Service Name: nvgts
Module Base: B7F0C000
Module End: B7F31000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Service Name: ---
Module Base: B7EF4000
Module End: B7F0C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: B80D8000
Module End: B80E1000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: B80E8000
Module End: B80F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: B7ED4000
Module End: B7EF4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B7EC2000
Module End: B7ED4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\DRVMCDB.SYS
Service Name: DRVMCDB
Module Base: B7EAC000
Module End: B7EC2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: B80F8000
Module End: B8101000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B7E95000
Module End: B7EAC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: B7E82000
Module End: B7E95000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B7DF5000
Module End: B7E82000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B7DC8000
Module End: B7DF5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B7DAD000
Module End: B7DC8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Service Name: AmdK8
Module Base: B8128000
Module End: B8136000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: B7970000
Module End: B7D37000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B795C000
Module End: B7970000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: B83A0000
Module End: B83A5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B7939000
Module End: B795C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: B83D0000
Module End: B83D7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: B8138000
Module End: B8143000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Service Name: DLACDBHM
Module Base: B85B2000
Module End: B85B4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: B8148000
Module End: B8155000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: B8158000
Module End: B8167000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: B7916000
Module End: B7939000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GearAspiWDM.SYS
Service Name: GearAspiWDM
Module Base: B855C000
Module End: B855F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
Service Name: bcm4sbxp
Module Base: B8168000
Module End: B8178000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B78F0000
Module End: B7916000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
Service Name: Epfwndis
Module Base: B8178000
Module End: B8183000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: B86C1000
Module End: B86C2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: B8188000
Module End: B8195000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: B8580000
Module End: B8583000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B78D9000
Module End: B78F0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: B8198000
Module End: B81A3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: B81A8000
Module End: B81B4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: B84B0000
Module End: B84B5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B78C8000
Module End: B78D9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: B81B8000
Module End: B81C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: B8370000
Module End: B8375000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: B8380000
Module End: B8385000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: B81C8000
Module End: B81D2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: B8398000
Module End: B839E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: B83B0000
Module End: B83B6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: B85BC000
Module End: B85BE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B7894000
Module End: B78C8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: B8598000
Module End: B859C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sthda.sys
Service Name: STHDA
Module Base: B7781000
Module End: B7894000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B775F000
Module End: B7781000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: B81D8000
Module End: B81E7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: B81E8000
Module End: B81F2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: B81F8000
Module End: B8207000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: B85CC000
Module End: B85CE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: B85D6000
Module End: B85D8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: B85DA000
Module End: B85DC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: B8785000
Module End: B8786000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: B85DE000
Module End: B85E0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
Service Name: DLARTL_N
Module Base: B8428000
Module End: B842E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Service Name: ehdrv
Module Base: B50B5000
Module End: B50D2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: B8478000
Module End: B847F000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: B8488000
Module End: B848E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: B85E6000
Module End: B85E8000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: B85EA000
Module End: B85EC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: B8498000
Module End: B849D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: B84A8000
Module End: B84B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: B853C000
Module End: B853F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: B5082000
Module End: B5095000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: B502A000
Module End: B5082000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
Service Name: epfwtdi
Module Base: B5017000
Module End: B502A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: B4FF6000
Module End: B5017000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: B4FCE000
Module End: B4FF6000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: B4FAC000
Module End: B4FCE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: B8218000
Module End: B8221000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: B4F81000
Module End: B4FAC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: B4F12000
Module End: B4F81000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: B8248000
Module End: B8251000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: B8278000
Module End: B8288000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: B5127000
Module End: B512A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: B8298000
Module End: B82A1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
Service Name: alcaudsl
Module Base: B82A8000
Module End: B82B8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\alcawh.sys
Service Name: ---
Module Base: B85FE000
Module End: B8600000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\alcacr.sys
Service Name: ---
Module Base: B86FE000
Module End: B86FF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Service Name: usbprint
Module Base: B8430000
Module End: B8437000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: B511F000
Module End: B5123000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: B5117000
Module End: B511A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: B82B8000
Module End: B82C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
Service Name: alcan5wn
Module Base: B76EF000
Module End: B76FC000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: B4EEE000
Module End: B4EF2000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_nvgts.sys
Service Name: ---
Module Base: B4DCF000
Module End: B4DF4000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: B5133000
Module End: B5136000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: B8368000
Module End: B836D000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: B87CD000
Module End: B87CE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\eamon.sys
Service Name: eamon
Module Base: B3D04000
Module End: B3DC0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Service Name: DRVNDDM
Module Base: B4E62000
Module End: B4E6C000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLADResN.SYS
Service Name: DLADResN
Module Base: B8775000
Module End: B8776000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Service Name: DLAIFS_M
Module Base: B3CEE000
Module End: B3D04000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Service Name: DLAOPIOM
Module Base: B3DDC000
Module End: B3DE0000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Service Name: DLAPoolM
Module Base: B85C4000
Module End: B85C6000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Service Name: DLABOIOM
Module Base: B83F0000
Module End: B83F7000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Service Name: DLAUDFAM
Module Base: B3436000
Module End: B344E000
Hidden: No

Module Name: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Service Name: DLAUDF_M
Module Base: B3420000
Module End: B3436000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\epfw.sys
Service Name: epfw
Module Base: B33D5000
Module End: B33F8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
Service Name: hnmwrlspkt
Module Base: B33B1000
Module End: B33B5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\packet.sys
Service Name: Packet
Module Base: B3414000
Module End: B3418000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
Service Name: wsppkt
Module Base: B340C000
Module End: B3410000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B33A5000
Module End: B33A9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: B2979000
Module End: B29A5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
Service Name: ASCTRM
Module Base: B8616000
Module End: B8618000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B2914000
Module End: B2929000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B2A5D000
Module End: B2A6C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: B26E7000
Module End: B2739000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B1EF4000
Module End: B1F35000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
Service Name: FsUsbExDisk
Module Base: B2337000
Module End: B2340000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: AEA4B000
Module End: AEA76000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: EDWARD:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: EDWARD:5152
Remote Address: LOCALHOST:1660
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: EDWARD:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: EDWARD:1030
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: EDWARD:2011
Remote Address: 72.26.193.130:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:2010
Remote Address: 72.26.193.130:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:2007
Remote Address: 72.26.193.130:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1993
Remote Address: WY-IN-F154.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1990
Remote Address: 64.225.158.192:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1982
Remote Address: WY-IN-F167.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1980
Remote Address: WY-IN-F154.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1979
Remote Address: WY-IN-F154.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1978
Remote Address: WY-IN-F154.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1972
Remote Address: 64.225.158.192:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1970
Remote Address: WY-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1969
Remote Address: HB-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1968
Remote Address: HB-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1967
Remote Address: HB-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1966
Remote Address: WY-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1965
Remote Address: WY-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1960
Remote Address: WW-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1950
Remote Address: 89.213.252.222:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1919
Remote Address: WY-IN-F147.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1915
Remote Address: A92-123-144-20.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1851
Remote Address: EY-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1850
Remote Address: EY-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:1849
Remote Address: EY-IN-F102.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: EDWARD:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: EDWARD:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: SYSTEM
State: LISTENING

Local Address: EDWARD:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: EDWARD:44301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\PnkBstrA.exe
State: NA

Local Address: EDWARD:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: EDWARD:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: EDWARD:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: EDWARD:138
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: EDWARD:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: EDWARD:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: EDWARD:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: EDWARD:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: EDWARD:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: SYSTEM
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}
Status: Access denied

Object: C:\Documents and Settings\SHAIKH\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{CF5D50BE-EF9E-013F-43AD-67156BB5342F}\01\10-{CF5D50BE-EF9E-013F-43AD-67156BB5342F}-v1-{11E
Status: Hidden

Object: C:\Documents and Settings\shaikh.tmp\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{D0839120-BABD-B631-F13D-688DAF91D08B}\14\114-{326A815B-FCDA-4EEC-9BCD-B6B91699DC07}
Status: Hidden

Object: C:\Documents and Settings\shaikh.tmp\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{7FE2AE09-D8C4-2C8A-85C6-D4663960BDB1}\52\152-{326A815B-FCDA-4EEC-9BCD-B6B91699DC07}-v
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}
Status: Access denied


----------



## dvk01 (Dec 14, 2002)

I don't know what infections they saw on the general security forum

I think all your problems are being caused by a bad install of ESET and you need to speak to their support about that

as suggested previously seek help from ESET support forum http://www.wilderssecurity.com/forumdisplay.php?f=89


----------



## adilshaikh (Aug 28, 2009)

would it helped if i just removed eset smart security and got another antivirus software


----------



## adilshaikh (Aug 28, 2009)

also i dont know whether or not this has any thing to do with an infection but whenever my computer startsup i allways get this error message:

error loading C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll

the specified module could not be found

i made a thread about in here http://forums.techguy.org/malware-r.../856303-specified-module-could-not-found.html but they told me i had an infectin on my computer


----------



## dvk01 (Dec 14, 2002)

uninstall eset ( if it wil uninstall

reboot & see if combofix runs so we can fix the left over entries that tell the malware to run ( the malware file is missing) 

I suspect it is eset blocking combofix & gmer from running


----------



## adilshaikh (Aug 28, 2009)

hello again dvk01, when i ran combofix it got up to stage 50 and then the sam happend as in post #6


----------



## dvk01 (Dec 14, 2002)

there is a new version of combofix that has just been released that might fix this

when you download the new version please rename it on download to adil.exe

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​
Download ComboFix from *Here* to your Desktop.

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this 
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything unless told to do so while we are fixing your problem. *


----------



## adilshaikh (Aug 28, 2009)

hi dvk01, i followed your instruction and the same thing happend. i wanted to ask would it help if i ran the scan in safe mode?


----------



## dvk01 (Dec 14, 2002)

no combofix doesn't run well in safe mode

lets see if this works

download trial version of trojan remover from http://thespykiller.co.uk/index.php?page=24 see what that fixes

post back its log and a new HJT log after it finishes please


----------



## adilshaikh (Aug 28, 2009)

hello again sorry i took so long to reply back. i ran the scan and it had completed it say: No active malicious files were found and no changes were made.


----------



## adilshaikh (Aug 28, 2009)

oops sorry i think this is what your we looking for. (the log is too long so i am going to post it in parts)

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2588. For information, email [email protected]
[Unregistered version]
Scan started at: 15:54:40 02 Sep 2009
Using Database v7385
Operating System: Windows XP Home Edition (SP2) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\SHAIKH\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SHAIKH\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
15:54:40: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
15:54:40: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\WINDOWS\explorer.exe
1033216 bytes
Created: 10/08/2004 13:51
Modified: 13/06/2007 11:23
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\SYSTEM32\userinit.exe,]
File: C:\WINDOWS\SYSTEM32\userinit.exe
C:\WINDOWS\SYSTEM32\userinit.exe
24576 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SpeedTouch USB Diagnostics
Value Data: "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
866816 bytes
Created: 08/12/2007 12:08
Modified: 26/01/2004 12:38
Company: THOMSON Telecom Belgium
--------------------
Value Name: NPSStartup
Value Data: 
Blank entry: []
--------------------
Value Name: {64e7cef3-b48e-9faf-acf1-124b47a3f471}
Value Data: C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll" DllInit
C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll - [file not found to scan]
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 14/12/2008 13:43
Modified: 14/12/2008 13:43
Company: Sun Microsystems, Inc.
--------------------
Value Name: ISUSScheduler
Value Data: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
81920 bytes
Created: 27/07/2004 17:50
Modified: 27/07/2004 17:50
Company: InstallShield Software Corporation
--------------------
Value Name: ISUSPM Startup
Value Data: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
221184 bytes
Created: 27/07/2004 17:50
Modified: 27/07/2004 17:50
Company: InstallShield Software Corporation
--------------------
Value Name: DLA
Value Data: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
122940 bytes
Created: 23/12/2006 17:45
Modified: 08/09/2005 06:20
Company: Sonic Solutions
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1617920 bytes
Created: 23/12/2006 17:19
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7630848 bytes
Created: 14/07/2009 13:34
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 14/07/2009 13:34
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
Value Name: SigmatelSysTrayApp
Value Data: stsystra.exe
C:\WINDOWS\stsystra.exe
282624 bytes
Created: 20/08/2009 17:40
Modified: 15/08/2006 10:38
Company: SigmaTel, Inc.
--------------------
Value Name: MSKDetectorExe
Value Data: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
1121280 bytes
Created: 21/05/2008 19:26
Modified: 07/11/2006 14:49
Company: McAfee, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1069448 bytes
Created: 02/09/2009 15:51
Modified: 31/08/2009 17:27
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
Value Name: IDMan
Value Data: C:\Program Files\Internet Download Manager\IDMan.exe /onboot
C:\Program Files\Internet Download Manager\IDMan.exe
2794928 bytes
Created: 03/04/2009 14:24
Modified: 04/04/2009 01:20
Company: Tonec Inc.
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1694208 bytes
Created: 10/08/2004 14:01
Modified: 13/10/2004 17:24
Company: Microsoft Corporation
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3882312 bytes
Created: 02/12/2008 23:41
Modified: 02/12/2008 23:41
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
15:54:43: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
15:54:43: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
15:54:43: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\sstext3d.scr
C:\WINDOWS\system32\sstext3d.scr
679936 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------

************************************************************
15:54:43: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
15:54:43: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
170496 bytes
Created: 10/08/2004 14:02
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
Key: wuauserv
Path: C1\WINDOWS\system32\wuauserv.dll
C1\WINDOWS\system32\wuauserv.dll - [file not found to scan]
--------------------

************************************************************
15:54:44: Scanning ----- SERVICES REGISTRY KEYS -----
Key: alcan5wn
ImagePath: system32\DRIVERS\alcan5wn.sys
C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
53600 bytes
Created: 18/11/2007 12:48
Modified: 08/12/2003 12:53
Company: THOMSON
----------
Key: Avgfwdx
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
29208 bytes
Created: 01/09/2009 21:17
Modified: 01/09/2009 21:17
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgfwfd
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
29208 bytes
Created: 01/09/2009 21:17
Modified: 01/09/2009 21:17
Company: AVG Technologies CZ, s.r.o.
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\SHAIKH\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: DSproct
ImagePath: \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
4864 bytes
Created: 10/01/2006 12:07
Modified: 10/01/2006 12:07
Company: GTek Technologies Ltd.
----------
Key: EagleNT
ImagePath: \??\C:\WINDOWS\system32\drivers\EagleNT.sys
C:\WINDOWS\system32\drivers\EagleNT.sys - [file not found to scan]
----------
Key: FsUsbExDisk
ImagePath: \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
C:\WINDOWS\system32\FsUsbExDisk.SYS
36608 bytes
Created: 30/05/2009 21:05
Modified: 31/03/2009 09:39
Company: [no info]
----------
Key: FsUsbExService
ImagePath: C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\FsUsbExService.Exe
233472 bytes
Created: 30/05/2009 21:05
Modified: 31/03/2009 09:39
Company: Teruten
----------
Key: hnmwrlspkt
ImagePath: system32\DRIVERS\hnm_wrls_pkt.sys
C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
13696 bytes
Created: 12/01/2006 23:27
Modified: 12/01/2006 23:27
Company: SingleClick Systems
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
Key: nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
145952 bytes
Created: 12/11/2008 16:58
Modified: 12/11/2008 16:58
Company: NVIDIA Corporation
----------
Key: Packet
ImagePath: system32\DRIVERS\packet.sys
C:\WINDOWS\system32\DRIVERS\packet.sys
13312 bytes
Created: 12/01/2006 23:26
Modified: 12/01/2006 23:26
Company: SingleClick Systems
----------
Key: pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21632 bytes
Created: 30/05/2009 21:07
Modified: 17/09/2007 15:53
Company: Nokia
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
75064 bytes
Created: 11/08/2009 11:06
Modified: 11/08/2009 11:06
Company: [no info]
----------
Key: s1018bus
ImagePath: system32\DRIVERS\s1018bus.sys
C:\WINDOWS\system32\DRIVERS\s1018bus.sys
86696 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018mdfl
ImagePath: system32\DRIVERS\s1018mdfl.sys
C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
15016 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018mdm
ImagePath: system32\DRIVERS\s1018mdm.sys
C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
114472 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018mgmt
ImagePath: system32\DRIVERS\s1018mgmt.sys
C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
108200 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018nd5
ImagePath: system32\DRIVERS\s1018nd5.sys
C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
26024 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018obex
ImagePath: system32\DRIVERS\s1018obex.sys
C:\WINDOWS\system32\DRIVERS\s1018obex.sys
104616 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018unic
ImagePath: system32\DRIVERS\s1018unic.sys
C:\WINDOWS\system32\DRIVERS\s1018unic.sys
109736 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
240512 bytes
Created: 19/05/2009 11:36
Modified: 19/05/2009 11:36
Company: Microsoft Corporation
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
430592 bytes
Created: 07/04/2008 09:17
Modified: 07/04/2008 09:17
Company: Nokia.
----------
Key: ss_bbus
ImagePath: system32\DRIVERS\ss_bbus.sys
C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
90112 bytes
Created: 30/05/2009 21:06
Modified: 20/03/2009 10:01
Company: MCCI
----------
Key: ss_bmdfl
ImagePath: system32\DRIVERS\ss_bmdfl.sys
C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
14976 bytes
Created: 30/05/2009 21:06
Modified: 20/03/2009 10:01
Company: MCCI Corporation
----------
Key: ss_bmdm
ImagePath: system32\DRIVERS\ss_bmdm.sys
C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
121856 bytes
Created: 30/05/2009 21:06
Modified: 20/03/2009 10:01
Company: MCCI Corporation
----------
Key: STHDA
ImagePath: system32\drivers\sthda.sys
C:\WINDOWS\system32\drivers\sthda.sys
1171464 bytes
Created: 23/12/2006 17:19
Modified: 15/08/2006 10:38
Company: SigmaTel, Inc.
----------
Key: USB_RNDIS
ImagePath: system32\DRIVERS\usb8023.sys
C:\WINDOWS\system32\DRIVERS\usb8023.sys
12672 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 21:00
Modified: 18/10/2006 21:00
Company: Microsoft Corporation
----------
Key: wsppkt
ImagePath: system32\DRIVERS\wsp_pkt.sys
C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
13568 bytes
Created: 12/01/2006 23:29
Modified: 12/01/2006 23:29
Company: SingleClick Systems
----------

************************************************************
15:54:52: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 28/12/2006 17:10
Modified: 28/02/2003 17:54
Company: [no info]
VxD Key = JAVASUP
----------
----------


----------



## adilshaikh (Aug 28, 2009)

************************************************************
15:54:52: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
15:54:52: Scanning ----- CONTEXTMENUHANDLERS -----

************************************************************
15:54:52: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
15:54:52: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {0055C089-8582-441B-A0BF-17B458C2A3A8}
BHO: C:\Program Files\Internet Download Manager\IDMIECC.dll
C:\Program Files\Internet Download Manager\IDMIECC.dll
169392 bytes
Created: 03/04/2009 14:24
Modified: 02/04/2009 12:22
Company: Tonec Inc.
----------
Key: {053F9267-DC04-4294-A72C-58F732D338C0}
BHO: C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
-R- 177768 bytes
Created: 02/03/2007 16:52
Modified: 02/03/2007 16:52
Company: Hewlett-Packard Co.
----------
Key: {5C255C8A-E604-49b4-9D64-90988571CECB}
BHO: C:\Program Files\Windows Live\Messenger\wlchtc.dll
C:\Program Files\Windows Live\Messenger\wlchtc.dll
73072 bytes
Created: 06/02/2009 19:21
Modified: 06/02/2009 19:21
Company: Microsoft Corporation
----------
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
137600 bytes
Created: 19/05/2009 11:36
Modified: 19/05/2009 11:36
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar2.dll
c:\program files\google\googletoolbar2.dll
-R- 2403392 bytes
Created: 07/09/2007 18:26
Modified: 19/01/2007 23:55
Company: Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 25/06/2009 17:24
Modified: 25/06/2009 17:24
Company: Google Inc.
----------

************************************************************
15:54:54: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
15:54:54: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
15:54:54: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
15:54:54: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check

************************************************************
15:54:54: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
15:54:54: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 10/08/2004 13:57
Modified: 10/08/2004 14:04
Company: [no info]
--------------------

************************************************************
15:54:54: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 14/05/2008 22:12
Modified: 10/08/2004 14:04
Company: [no info]
----------
--------------------
Checking Startup Group for: SHAIKH
[C:\Documents and Settings\SHAIKH\START MENU\PROGRAMS\STARTUP]
The Startup Group for SHAIKH attempts to load the following file(s):
C:\Documents and Settings\SHAIKH\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 21/05/2008 20:56
Modified: 10/08/2004 14:04
Company: [no info]
----------
--------------------
Checking Startup Group for: shaikh.tmp
[C:\Documents and Settings\shaikh.tmp\START MENU\PROGRAMS\STARTUP]
The Startup Group for shaikh.tmp attempts to load the following file(s):
C:\Documents and Settings\shaikh.tmp\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 28/12/2006 16:44
Modified: 10/08/2004 14:04
Company: [no info]
----------

************************************************************
15:54:55: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Parameters: update all silent
Schedule: At 17:02 every Mon of every week, starting 26/01/2009
Next Run Time: 07/09/2009 17:02:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe - [file not found to scan]
----------
Taskname: DriverCure
File: C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
2922064 bytes
Created: 27/02/2009 20:07
Modified: 20/08/2009 14:36
Company: ParetoLogic
Parameters: -scan
Schedule: At 01:28 every Wed, Sun of every week, starting 20/08/2009
Next Run Time: 06/09/2009 01:28:00
Status: Has not run
Status: SHAIKH
Comments: DriverCure
----------
Taskname: Google Software Updater
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 13/03/2007 20:04
Modified: 25/06/2009 17:24
Company: Google
Parameters: scheduled_start
Schedule: Multiple schedule times
Next Run Time: 03/09/2009 12:39:00
Status: Has not run
Status: SYSTEM
Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 25/06/2009 17:26
Modified: 25/06/2009 17:25
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 03/09/2009 13:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 25/06/2009 17:26
Modified: 25/06/2009 17:25
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Every 1 hour(s) from 13:30 for 24 hour(s) every day, starting 01/07/2009
Next Run Time: 02/09/2009 16:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: ParetoLogic Registration
File: C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
417792 bytes
Created: 13/01/2009 15:59
Modified: 13/01/2009 15:59
Company: 
Parameters: "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Schedule: At 18:00 every day, starting 17/08/2009
Next Run Time: 02/09/2009 18:00:00
Status: Ready
Status: SHAIKH
Comments: 
----------
Taskname: ParetoLogic Update Version2
File: C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
189808 bytes
Created: 13/01/2009 15:59
Modified: 13/01/2009 15:59
Company: 
Schedule: At 00:33 every day, starting 17/08/2009
Next Run Time: 03/09/2009 00:33:00
Status: Ready
Status: SHAIKH
Comments: ParetoLogic Update
----------
Taskname: Schedule Task Weekly
File: C:\Program Files\Registry Easy\RE.exe
C:\Program Files\Registry Easy\RE.exe
7548928 bytes
Created: 20/08/2009 14:19
Modified: 18/08/2009 13:13
Company: 
Parameters: -Scan
Schedule: At 12:00 every Thu of every week, starting 20/08/2009
Next Run Time: 03/09/2009 12:00:00
Status: Ready
Status: SHAIKH
Comments: Runs Registry Easy at Scheduled Time.
----------

************************************************************
15:54:56: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
15:54:56: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
683520 bytes
Created: 11/06/2008 01:03
Modified: 11/06/2008 01:03
Company: DivX, Inc.
----------
Value: vidc.yv12
File: DivX.dll
C:\WINDOWS\system32\DivX.dll - file already scanned
----------
Value: VIDC.FPS1
File: frapsvid.dll
C:\WINDOWS\system32\frapsvid.dll
81920 bytes
Created: 03/01/2009 12:24
Modified: 03/01/2009 12:24
Company: Beepa P/L
----------
Value: vidc.tscc
File: tsccvid.dll
C:\WINDOWS\system32\tsccvid.dll
107864 bytes
Created: 09/08/2009 19:18
Modified: 10/07/2008 13:56
Company: TechSmith Corporation
----------

************************************************************
15:54:56: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\SHAIKH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\SHAIKH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
8294454 bytes
Created: 16/11/2008 23:28
Modified: 18/02/2009 15:29
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\SHAIKH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
8294454 bytes
Created: 16/11/2008 23:28
Modified: 18/02/2009 15:29
Company: [no info]
----------
DNS Server information:
Interface: 
NameServers: 193.36.79.100 80.10.246.1
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
15:54:57: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 10/08/2004 13:50
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
502272 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 10/08/2004 13:51
Modified: 06/02/2009 11:22
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\nvsvc32.exe
155715 bytes
Created: 14/07/2009 13:34
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 10/08/2004 13:51
Modified: 11/06/2005 00:53
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
110592 bytes
Created: 15/01/2008 03:40
Modified: 15/01/2008 03:40
Company: Apple, Inc.
--------------------
C:\WINDOWS\system32\FsUsbExService.Exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 14/12/2008 13:43
Modified: 14/12/2008 13:43
Company: Sun Microsystems, Inc.
--------------------
C:\WINDOWS\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe - file already scanned
--------------------
C:\WINDOWS\System32\DLA\DLACTRLW.EXE - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
33280 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\stsystra.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Internet Download Manager\IDMan.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 10/08/2004 13:50
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\Program Files\Messenger\msmsgs.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - file already scanned
--------------------
C:\Program Files\Internet Download Manager\IEMonitor.exe
251312 bytes
Created: 03/04/2009 14:24
Modified: 18/02/2008 14:01
Company: Tonec Inc.
--------------------
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
307704 bytes
Created: 13/04/2008 13:11
Modified: 03/08/2009 00:02
Company: Mozilla Corporation
--------------------
C:\Documents and Settings\SHAIKH\Application Data\Simply Super Software\Trojan Remover\lkbC6.exe
FileSize: 3093368
[This is a Trojan Remover component]
--------------------


----------



## adilshaikh (Aug 28, 2009)

************************************************************
15:55:01: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.orange.co.uk

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:55:01 02 Sep 2009
Total Scan time: 00:00:21
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2588. For information, email [email protected]
[Unregistered version]
Scan started at: 15:52:22 02 Sep 2009
Using Database v7385
Operating System: Windows XP Home Edition (SP2) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\SHAIKH\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SHAIKH\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
15:52:22: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
15:52:23: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\WINDOWS\explorer.exe
1033216 bytes
Created: 10/08/2004 13:51
Modified: 13/06/2007 11:23
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\SYSTEM32\userinit.exe,]
File: C:\WINDOWS\SYSTEM32\userinit.exe
C:\WINDOWS\SYSTEM32\userinit.exe
24576 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SpeedTouch USB Diagnostics
Value Data: "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
866816 bytes
Created: 08/12/2007 12:08
Modified: 26/01/2004 12:38
Company: THOMSON Telecom Belgium
--------------------
Value Name: NPSStartup
Value Data: 
Blank entry: []
--------------------
Value Name: {64e7cef3-b48e-9faf-acf1-124b47a3f471}
Value Data: C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll" DllInit
C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll - [file not found to scan]
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 14/12/2008 13:43
Modified: 14/12/2008 13:43
Company: Sun Microsystems, Inc.
--------------------
Value Name: ISUSScheduler
Value Data: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
81920 bytes
Created: 27/07/2004 17:50
Modified: 27/07/2004 17:50
Company: InstallShield Software Corporation
--------------------
Value Name: ISUSPM Startup
Value Data: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
221184 bytes
Created: 27/07/2004 17:50
Modified: 27/07/2004 17:50
Company: InstallShield Software Corporation
--------------------
Value Name: DLA
Value Data: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
122940 bytes
Created: 23/12/2006 17:45
Modified: 08/09/2005 06:20
Company: Sonic Solutions
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1617920 bytes
Created: 23/12/2006 17:19
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7630848 bytes
Created: 14/07/2009 13:34
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 14/07/2009 13:34
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
Value Name: SigmatelSysTrayApp
Value Data: stsystra.exe
C:\WINDOWS\stsystra.exe
282624 bytes
Created: 20/08/2009 17:40
Modified: 15/08/2006 10:38
Company: SigmaTel, Inc.
--------------------
Value Name: MSKDetectorExe
Value Data: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
1121280 bytes
Created: 21/05/2008 19:26
Modified: 07/11/2006 14:49
Company: McAfee, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1069448 bytes
Created: 02/09/2009 15:51
Modified: 31/08/2009 17:27
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
Value Name: IDMan
Value Data: C:\Program Files\Internet Download Manager\IDMan.exe /onboot
C:\Program Files\Internet Download Manager\IDMan.exe
2794928 bytes
Created: 03/04/2009 14:24
Modified: 04/04/2009 01:20
Company: Tonec Inc.
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1694208 bytes
Created: 10/08/2004 14:01
Modified: 13/10/2004 17:24
Company: Microsoft Corporation
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3882312 bytes
Created: 02/12/2008 23:41
Modified: 02/12/2008 23:41
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
15:52:25: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
15:52:25: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
15:52:25: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\sstext3d.scr
C:\WINDOWS\system32\sstext3d.scr
679936 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------

************************************************************
15:52:25: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
15:52:25: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
170496 bytes
Created: 10/08/2004 14:02
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
Key: wuauserv
Path: C1\WINDOWS\system32\wuauserv.dll
C1\WINDOWS\system32\wuauserv.dll - [file not found to scan]
--------------------

************************************************************
15:52:26: Scanning ----- SERVICES REGISTRY KEYS -----
Key: alcan5wn
ImagePath: system32\DRIVERS\alcan5wn.sys
C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
53600 bytes
Created: 18/11/2007 12:48
Modified: 08/12/2003 12:53
Company: THOMSON
----------
Key: Avgfwdx
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
29208 bytes
Created: 01/09/2009 21:17
Modified: 01/09/2009 21:17
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgfwfd
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
29208 bytes
Created: 01/09/2009 21:17
Modified: 01/09/2009 21:17
Company: AVG Technologies CZ, s.r.o.
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\SHAIKH\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: DSproct
ImagePath: \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
4864 bytes
Created: 10/01/2006 12:07
Modified: 10/01/2006 12:07
Company: GTek Technologies Ltd.
----------
Key: EagleNT
ImagePath: \??\C:\WINDOWS\system32\drivers\EagleNT.sys
C:\WINDOWS\system32\drivers\EagleNT.sys - [file not found to scan]
----------
Key: FsUsbExDisk
ImagePath: \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
C:\WINDOWS\system32\FsUsbExDisk.SYS
36608 bytes
Created: 30/05/2009 21:05
Modified: 31/03/2009 09:39
Company: [no info]
----------
Key: FsUsbExService
ImagePath: C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\FsUsbExService.Exe
233472 bytes
Created: 30/05/2009 21:05
Modified: 31/03/2009 09:39
Company: Teruten
----------
Key: hnmwrlspkt
ImagePath: system32\DRIVERS\hnm_wrls_pkt.sys
C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
13696 bytes
Created: 12/01/2006 23:27
Modified: 12/01/2006 23:27
Company: SingleClick Systems
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
Key: nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
145952 bytes
Created: 12/11/2008 16:58
Modified: 12/11/2008 16:58
Company: NVIDIA Corporation
----------
Key: Packet
ImagePath: system32\DRIVERS\packet.sys
C:\WINDOWS\system32\DRIVERS\packet.sys
13312 bytes
Created: 12/01/2006 23:26
Modified: 12/01/2006 23:26
Company: SingleClick Systems
----------
Key: pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21632 bytes
Created: 30/05/2009 21:07
Modified: 17/09/2007 15:53
Company: Nokia
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
75064 bytes
Created: 11/08/2009 11:06
Modified: 11/08/2009 11:06
Company: [no info]
----------
Key: s1018bus
ImagePath: system32\DRIVERS\s1018bus.sys
C:\WINDOWS\system32\DRIVERS\s1018bus.sys
86696 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018mdfl
ImagePath: system32\DRIVERS\s1018mdfl.sys
C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
15016 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018mdm
ImagePath: system32\DRIVERS\s1018mdm.sys
C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
114472 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018mgmt
ImagePath: system32\DRIVERS\s1018mgmt.sys
C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
108200 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018nd5
ImagePath: system32\DRIVERS\s1018nd5.sys
C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
26024 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018obex
ImagePath: system32\DRIVERS\s1018obex.sys
C:\WINDOWS\system32\DRIVERS\s1018obex.sys
104616 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018unic
ImagePath: system32\DRIVERS\s1018unic.sys
C:\WINDOWS\system32\DRIVERS\s1018unic.sys
109736 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
240512 bytes
Created: 19/05/2009 11:36
Modified: 19/05/2009 11:36
Company: Microsoft Corporation
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
430592 bytes
Created: 07/04/2008 09:17
Modified: 07/04/2008 09:17
Company: Nokia.
----------
Key: ss_bbus
ImagePath: system32\DRIVERS\ss_bbus.sys
C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
90112 bytes
Created: 30/05/2009 21:06
Modified: 20/03/2009 10:01
Company: MCCI
----------
Key: ss_bmdfl
ImagePath: system32\DRIVERS\ss_bmdfl.sys
C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
14976 bytes
Created: 30/05/2009 21:06
Modified: 20/03/2009 10:01
Company: MCCI Corporation
----------
Key: ss_bmdm
ImagePath: system32\DRIVERS\ss_bmdm.sys
C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
121856 bytes
Created: 30/05/2009 21:06
Modified: 20/03/2009 10:01
Company: MCCI Corporation
----------
Key: STHDA
ImagePath: system32\drivers\sthda.sys
C:\WINDOWS\system32\drivers\sthda.sys
1171464 bytes
Created: 23/12/2006 17:19
Modified: 15/08/2006 10:38
Company: SigmaTel, Inc.
----------
Key: USB_RNDIS
ImagePath: system32\DRIVERS\usb8023.sys
C:\WINDOWS\system32\DRIVERS\usb8023.sys
12672 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 21:00
Modified: 18/10/2006 21:00
Company: Microsoft Corporation
----------
Key: wsppkt
ImagePath: system32\DRIVERS\wsp_pkt.sys
C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
13568 bytes
Created: 12/01/2006 23:29
Modified: 12/01/2006 23:29
Company: SingleClick Systems
----------

************************************************************
15:52:32: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 28/12/2006 17:10
Modified: 28/02/2003 17:54
Company: [no info]
VxD Key = JAVASUP
----------
----------

************************************************************
15:52:33: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
15:52:33: Scanning ----- CONTEXTMENUHANDLERS -----

************************************************************
15:52:33: Scanning ----- FOLDER\COLUMNHANDLERS -----


----------



## adilshaikh (Aug 28, 2009)

i think ive messed this up

************************************************************
15:52:40: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.orange.co.uk

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:52:40 02 Sep 2009
Total Scan time: 00:00:17
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.1.2588. For information, email [email protected]
[Unregistered version]
Scan started at: 15:51:52 02 Sep 2009
Using Database v7385
Operating System: Windows XP Home Edition (SP2) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\SHAIKH\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\SHAIKH\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
15:51:52: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
15:51:53: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\WINDOWS\explorer.exe
1033216 bytes
Created: 10/08/2004 13:51
Modified: 13/06/2007 11:23
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\SYSTEM32\userinit.exe,]
File: C:\WINDOWS\SYSTEM32\userinit.exe
C:\WINDOWS\SYSTEM32\userinit.exe
24576 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SpeedTouch USB Diagnostics
Value Data: "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
866816 bytes
Created: 08/12/2007 12:08
Modified: 26/01/2004 12:38
Company: THOMSON Telecom Belgium
--------------------
Value Name: NPSStartup
Value Data: 
Blank entry: []
--------------------
Value Name: {64e7cef3-b48e-9faf-acf1-124b47a3f471}
Value Data: C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll" DllInit
C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll - [file not found to scan]
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 14/12/2008 13:43
Modified: 14/12/2008 13:43
Company: Sun Microsystems, Inc.
--------------------
Value Name: ISUSScheduler
Value Data: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
81920 bytes
Created: 27/07/2004 17:50
Modified: 27/07/2004 17:50
Company: InstallShield Software Corporation
--------------------
Value Name: ISUSPM Startup
Value Data: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
221184 bytes
Created: 27/07/2004 17:50
Modified: 27/07/2004 17:50
Company: InstallShield Software Corporation
--------------------
Value Name: DLA
Value Data: C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
122940 bytes
Created: 23/12/2006 17:45
Modified: 08/09/2005 06:20
Company: Sonic Solutions
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1617920 bytes
Created: 23/12/2006 17:19
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7630848 bytes
Created: 14/07/2009 13:34
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 14/07/2009 13:34
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
Value Name: SigmatelSysTrayApp
Value Data: stsystra.exe
C:\WINDOWS\stsystra.exe
282624 bytes
Created: 20/08/2009 17:40
Modified: 15/08/2006 10:38
Company: SigmaTel, Inc.
--------------------
Value Name: MSKDetectorExe
Value Data: C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe
1121280 bytes
Created: 21/05/2008 19:26
Modified: 07/11/2006 14:49
Company: McAfee, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1069448 bytes
Created: 02/09/2009 15:51
Modified: 31/08/2009 17:27
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
Value Name: IDMan
Value Data: C:\Program Files\Internet Download Manager\IDMan.exe /onboot
C:\Program Files\Internet Download Manager\IDMan.exe
2794928 bytes
Created: 03/04/2009 14:24
Modified: 04/04/2009 01:20
Company: Tonec Inc.
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1694208 bytes
Created: 10/08/2004 14:01
Modified: 13/10/2004 17:24
Company: Microsoft Corporation
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3882312 bytes
Created: 02/12/2008 23:41
Modified: 02/12/2008 23:41
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
15:51:56: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
15:51:56: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
15:51:56: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\sstext3d.scr
C:\WINDOWS\system32\sstext3d.scr
679936 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------

************************************************************
15:51:56: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
15:51:56: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: srservice
Path: %SystemRoot%\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
170496 bytes
Created: 10/08/2004 14:02
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
Key: wuauserv
Path: C1\WINDOWS\system32\wuauserv.dll
C1\WINDOWS\system32\wuauserv.dll - [file not found to scan]
--------------------

************************************************************
15:51:57: Scanning ----- SERVICES REGISTRY KEYS -----
Key: alcan5wn
ImagePath: system32\DRIVERS\alcan5wn.sys
C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
53600 bytes
Created: 18/11/2007 12:48
Modified: 08/12/2003 12:53
Company: THOMSON
----------
Key: Avgfwdx
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
29208 bytes
Created: 01/09/2009 21:17
Modified: 01/09/2009 21:17
Company: AVG Technologies CZ, s.r.o.
----------
Key: Avgfwfd
ImagePath: system32\DRIVERS\avgfwdx.sys
C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
29208 bytes
Created: 01/09/2009 21:17
Modified: 01/09/2009 21:17
Company: AVG Technologies CZ, s.r.o.
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\SHAIKH\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: DSproct
ImagePath: \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
4864 bytes
Created: 10/01/2006 12:07
Modified: 10/01/2006 12:07
Company: GTek Technologies Ltd.
----------
Key: EagleNT
ImagePath: \??\C:\WINDOWS\system32\drivers\EagleNT.sys
C:\WINDOWS\system32\drivers\EagleNT.sys - [file not found to scan]
----------
Key: FsUsbExDisk
ImagePath: \??\C:\WINDOWS\system32\FsUsbExDisk.SYS
C:\WINDOWS\system32\FsUsbExDisk.SYS
36608 bytes
Created: 30/05/2009 21:05
Modified: 31/03/2009 09:39
Company: [no info]
----------
Key: FsUsbExService
ImagePath: C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\FsUsbExService.Exe
233472 bytes
Created: 30/05/2009 21:05
Modified: 31/03/2009 09:39
Company: Teruten
----------
Key: hnmwrlspkt
ImagePath: system32\DRIVERS\hnm_wrls_pkt.sys
C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
13696 bytes
Created: 12/01/2006 23:27
Modified: 12/01/2006 23:27
Company: SingleClick Systems
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
Key: nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
145952 bytes
Created: 12/11/2008 16:58
Modified: 12/11/2008 16:58
Company: NVIDIA Corporation
----------
Key: Packet
ImagePath: system32\DRIVERS\packet.sys
C:\WINDOWS\system32\DRIVERS\packet.sys
13312 bytes
Created: 12/01/2006 23:26
Modified: 12/01/2006 23:26
Company: SingleClick Systems
----------
Key: pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21632 bytes
Created: 30/05/2009 21:07
Modified: 17/09/2007 15:53
Company: Nokia
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
75064 bytes
Created: 11/08/2009 11:06
Modified: 11/08/2009 11:06
Company: [no info]
----------
Key: s1018bus
ImagePath: system32\DRIVERS\s1018bus.sys
C:\WINDOWS\system32\DRIVERS\s1018bus.sys
86696 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018mdfl
ImagePath: system32\DRIVERS\s1018mdfl.sys
C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
15016 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018mdm
ImagePath: system32\DRIVERS\s1018mdm.sys
C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
114472 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018mgmt
ImagePath: system32\DRIVERS\s1018mgmt.sys
C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
108200 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018nd5
ImagePath: system32\DRIVERS\s1018nd5.sys
C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
26024 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018obex
ImagePath: system32\DRIVERS\s1018obex.sys
C:\WINDOWS\system32\DRIVERS\s1018obex.sys
104616 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: s1018unic
ImagePath: system32\DRIVERS\s1018unic.sys
C:\WINDOWS\system32\DRIVERS\s1018unic.sys
109736 bytes
Created: 11/05/2009 18:31
Modified: 04/11/2008 02:45
Company: MCCI Corporation
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
240512 bytes
Created: 19/05/2009 11:36
Modified: 19/05/2009 11:36
Company: Microsoft Corporation
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
430592 bytes
Created: 07/04/2008 09:17
Modified: 07/04/2008 09:17
Company: Nokia.
----------
Key: ss_bbus
ImagePath: system32\DRIVERS\ss_bbus.sys
C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
90112 bytes
Created: 30/05/2009 21:06
Modified: 20/03/2009 10:01
Company: MCCI
----------
Key: ss_bmdfl
ImagePath: system32\DRIVERS\ss_bmdfl.sys
C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
14976 bytes
Created: 30/05/2009 21:06
Modified: 20/03/2009 10:01
Company: MCCI Corporation
----------
Key: ss_bmdm
ImagePath: system32\DRIVERS\ss_bmdm.sys
C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
121856 bytes
Created: 30/05/2009 21:06
Modified: 20/03/2009 10:01
Company: MCCI Corporation
----------
Key: STHDA
ImagePath: system32\drivers\sthda.sys
C:\WINDOWS\system32\drivers\sthda.sys
1171464 bytes
Created: 23/12/2006 17:19
Modified: 15/08/2006 10:38
Company: SigmaTel, Inc.
----------
Key: USB_RNDIS
ImagePath: system32\DRIVERS\usb8023.sys
C:\WINDOWS\system32\DRIVERS\usb8023.sys
12672 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 21:00
Modified: 18/10/2006 21:00
Company: Microsoft Corporation
----------
Key: wsppkt
ImagePath: system32\DRIVERS\wsp_pkt.sys
C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
13568 bytes
Created: 12/01/2006 23:29
Modified: 12/01/2006 23:29
Company: SingleClick Systems
----------

************************************************************
15:52:05: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 28/12/2006 17:10
Modified: 28/02/2003 17:54
Company: [no info]
VxD Key = JAVASUP
----------
----------


----------



## adilshaikh (Aug 28, 2009)

************************************************************
15:52:06: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
15:52:06: Scanning ----- CONTEXTMENUHANDLERS -----

************************************************************
15:52:06: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
15:52:06: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {0055C089-8582-441B-A0BF-17B458C2A3A8}
BHO: C:\Program Files\Internet Download Manager\IDMIECC.dll
C:\Program Files\Internet Download Manager\IDMIECC.dll
169392 bytes
Created: 03/04/2009 14:24
Modified: 02/04/2009 12:22
Company: Tonec Inc.
----------
Key: {053F9267-DC04-4294-A72C-58F732D338C0}
BHO: C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
-R- 177768 bytes
Created: 02/03/2007 16:52
Modified: 02/03/2007 16:52
Company: Hewlett-Packard Co.
----------
Key: {5C255C8A-E604-49b4-9D64-90988571CECB}
BHO: C:\Program Files\Windows Live\Messenger\wlchtc.dll
C:\Program Files\Windows Live\Messenger\wlchtc.dll
73072 bytes
Created: 06/02/2009 19:21
Modified: 06/02/2009 19:21
Company: Microsoft Corporation
----------
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
137600 bytes
Created: 19/05/2009 11:36
Modified: 19/05/2009 11:36
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar2.dll
c:\program files\google\googletoolbar2.dll
-R- 2403392 bytes
Created: 07/09/2007 18:26
Modified: 19/01/2007 23:55
Company: Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 25/06/2009 17:24
Modified: 25/06/2009 17:24
Company: Google Inc.
----------

************************************************************
15:52:07: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
15:52:07: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
15:52:07: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
15:52:07: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check

************************************************************
15:52:07: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
15:52:07: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 10/08/2004 13:57
Modified: 10/08/2004 14:04
Company: [no info]
--------------------

************************************************************
15:52:07: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 14/05/2008 22:12
Modified: 10/08/2004 14:04
Company: [no info]
----------
--------------------
Checking Startup Group for: SHAIKH
[C:\Documents and Settings\SHAIKH\START MENU\PROGRAMS\STARTUP]
The Startup Group for SHAIKH attempts to load the following file(s):
C:\Documents and Settings\SHAIKH\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 21/05/2008 20:56
Modified: 10/08/2004 14:04
Company: [no info]
----------
--------------------
Checking Startup Group for: shaikh.tmp
[C:\Documents and Settings\shaikh.tmp\START MENU\PROGRAMS\STARTUP]
The Startup Group for shaikh.tmp attempts to load the following file(s):
C:\Documents and Settings\shaikh.tmp\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 28/12/2006 16:44
Modified: 10/08/2004 14:04
Company: [no info]
----------

************************************************************
15:52:08: Scanning ----- SCHEDULED TASKS -----
Taskname: Ad-Aware Update (Weekly)
File: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Parameters: update all silent
Schedule: At 17:02 every Mon of every week, starting 26/01/2009
Next Run Time: 07/09/2009 17:02:00
Status: Has not run
Status: SYSTEM
Comments: This will perform a scheduled update with Ad-Aware
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe - [file not found to scan]
----------
Taskname: DriverCure
File: C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
2922064 bytes
Created: 27/02/2009 20:07
Modified: 20/08/2009 14:36
Company: ParetoLogic
Parameters: -scan
Schedule: At 01:28 every Wed, Sun of every week, starting 20/08/2009
Next Run Time: 06/09/2009 01:28:00
Status: Has not run
Status: SHAIKH
Comments: DriverCure
----------
Taskname: Google Software Updater
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 13/03/2007 20:04
Modified: 25/06/2009 17:24
Company: Google
Parameters: scheduled_start
Schedule: Multiple schedule times
Next Run Time: 03/09/2009 12:39:00
Status: Has not run
Status: SYSTEM
Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 25/06/2009 17:26
Modified: 25/06/2009 17:25
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 03/09/2009 13:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 25/06/2009 17:26
Modified: 25/06/2009 17:25
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Every 1 hour(s) from 13:30 for 24 hour(s) every day, starting 01/07/2009
Next Run Time: 02/09/2009 16:30:00
Status: Ready
Status: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise can't be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: ParetoLogic Registration
File: C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll
417792 bytes
Created: 13/01/2009 15:59
Modified: 13/01/2009 15:59
Company: 
Parameters: "C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Schedule: At 18:00 every day, starting 17/08/2009
Next Run Time: 02/09/2009 18:00:00
Status: Ready
Status: SHAIKH
Comments: 
----------
Taskname: ParetoLogic Update Version2
File: C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
189808 bytes
Created: 13/01/2009 15:59
Modified: 13/01/2009 15:59
Company: 
Schedule: At 00:33 every day, starting 17/08/2009
Next Run Time: 03/09/2009 00:33:00
Status: Ready
Status: SHAIKH
Comments: ParetoLogic Update
----------
Taskname: Schedule Task Weekly
File: C:\Program Files\Registry Easy\RE.exe
C:\Program Files\Registry Easy\RE.exe
7548928 bytes
Created: 20/08/2009 14:19
Modified: 18/08/2009 13:13
Company: 
Parameters: -Scan
Schedule: At 12:00 every Thu of every week, starting 20/08/2009
Next Run Time: 03/09/2009 12:00:00
Status: Ready
Status: SHAIKH
Comments: Runs Registry Easy at Scheduled Time.
----------

************************************************************
15:52:09: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
15:52:09: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
683520 bytes
Created: 11/06/2008 01:03
Modified: 11/06/2008 01:03
Company: DivX, Inc.
----------
Value: vidc.yv12
File: DivX.dll
C:\WINDOWS\system32\DivX.dll - file already scanned
----------
Value: VIDC.FPS1
File: frapsvid.dll
C:\WINDOWS\system32\frapsvid.dll
81920 bytes
Created: 03/01/2009 12:24
Modified: 03/01/2009 12:24
Company: Beepa P/L
----------
Value: vidc.tscc
File: tsccvid.dll
C:\WINDOWS\system32\tsccvid.dll
107864 bytes
Created: 09/08/2009 19:18
Modified: 10/07/2008 13:56
Company: TechSmith Corporation
----------

************************************************************
15:52:09: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\SHAIKH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\SHAIKH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
8294454 bytes
Created: 16/11/2008 23:28
Modified: 18/02/2009 15:29
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\SHAIKH\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
8294454 bytes
Created: 16/11/2008 23:28
Modified: 18/02/2009 15:29
Company: [no info]
----------
DNS Server information:
Interface: 
NameServers: 193.36.79.100 80.10.246.1
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
15:52:10: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 10/08/2004 13:50
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
502272 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
110592 bytes
Created: 10/08/2004 13:51
Modified: 06/02/2009 11:22
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\nvsvc32.exe
155715 bytes
Created: 14/07/2009 13:34
Modified: 23/08/2006 14:12
Company: NVIDIA Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 10/08/2004 13:51
Modified: 11/06/2005 00:53
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
110592 bytes
Created: 15/01/2008 03:40
Modified: 15/01/2008 03:40
Company: Apple, Inc.
--------------------
C:\WINDOWS\system32\FsUsbExService.Exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 14/12/2008 13:43
Modified: 14/12/2008 13:43
Company: Sun Microsystems, Inc.
--------------------
C:\WINDOWS\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
--------------------
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe - file already scanned
--------------------
C:\WINDOWS\System32\DLA\DLACTRLW.EXE - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
33280 bytes
Created: 10/08/2004 13:51
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\WINDOWS\stsystra.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Internet Download Manager\IDMan.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 10/08/2004 13:50
Modified: 04/08/2004 06:00
Company: Microsoft Corporation
--------------------
C:\Program Files\Messenger\msmsgs.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - file already scanned
--------------------
C:\Program Files\Internet Download Manager\IEMonitor.exe
251312 bytes
Created: 03/04/2009 14:24
Modified: 18/02/2008 14:01
Company: Tonec Inc.
--------------------
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
307704 bytes
Created: 13/04/2008 13:11
Modified: 03/08/2009 00:02
Company: Mozilla Corporation
--------------------
C:\Documents and Settings\SHAIKH\Application Data\Simply Super Software\Trojan Remover\lkbC6.exe
FileSize: 3093368
[This is a Trojan Remover component]
--------------------

************************************************************
15:52:14: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.orange.co.uk

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:52:14 02 Sep 2009
Total Scan time: 00:00:21
************************************************************


----------



## adilshaikh (Aug 28, 2009)

and finally here is the new hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:27, on 02/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetdownloadmanager.com/welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: {d6620e09-f47c-65b9-6bd4-429525cb9ca3} - {3ac9bc52-5924-4db6-9b56-c74f90e0266d} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: (no name) - {7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {C6B4B6A8-FB68-4468-AD1F-0854EF2C9910} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [{64e7cef3-b48e-9faf-acf1-124b47a3f471}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll" DllInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A6511C7-4112-4785-BDD0-3BD32CE5EDED}: NameServer = 193.36.79.100 80.10.246.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9f5b1a2c085f4) (gupdate1c9f5b1a2c085f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9802 bytes


----------



## dvk01 (Dec 14, 2002)

I have no idea why combofix still won't run

Run hijackthis, put a tick in the box beside these entries listed below and *ONLY these entries*, double check to make sure, then make sure all browser & email windows are closed and press fix checked

O2 - BHO: {d6620e09-f47c-65b9-6bd4-429525cb9ca3} - {3ac9bc52-5924-4db6-9b56-c74f90e0266d} - (no file)

O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: (no name) - {7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30} - (no file)
O2 - BHO: (no name) - {C6B4B6A8-FB68-4468-AD1F-0854EF2C9910} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [{64e7cef3-b48e-9faf-acf1-124b47a3f471}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll" DllInit

then I think we should do an online antivirus check

* Run Kaspersky online virus scan *Kaspersky Online Scanner*.

After the updates have downloaded, click on the "Scan Settings" button.
select the *(b)"Spyware, Adware, Dialers and other potentially dangerous programs" *for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from


----------



## adilshaikh (Aug 28, 2009)

hi dvk01, i fix the items you wanted me to and ran the kaspersky scan. It didnt detect any thing. also i just wanted you to know that i got rid of eset and download avg just incase that affects anything.
Here is the scan results:

Thursday, September 3, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 03, 2009 17:12:58
Records in database: 2742587

*Scan settings* scan using the following database extended Scan archives yes Scan e-mail databases yes 
*Scan area* My Computer C:\
D:\
E:\ 
*Scan statistics* Objects scanned 90087 Threats found 0 Infected objects found 0 Suspicious objects found 0 Scan duration 02:11:13 
*No threats found. Scanned area is clean.* * Selected area has been scanned.*


----------



## adilshaikh (Aug 28, 2009)

sorry all the information wast in that. Here it is again.

Thursday, September 3, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 03, 2009 17:12:58
Records in database: 2742587

Scan settings:

Scan using the following databases - Extended
Scan archives - Yes
Scan E-mail databases - Yes

Scan area: My Computer:

C:\
D:\
E:\

Scan statistics:

Objects scanned - 90087
Threats found - 0
Infected objects found - 0
Suspicious objects found - 0
Scan duration - 02:11:13

No threats found. Scanned area is clean.
Selected area has been scanned.


----------



## adilshaikh (Aug 28, 2009)

Should i try combofix again?


----------



## dvk01 (Dec 14, 2002)

try combofix again as nothing is showing any malware so far but the badpool header with both Combofix & gmer does suggest rootkit activity with a bad or hidden driver


----------



## adilshaikh (Aug 28, 2009)

hello again, i tried both combofix and the gmer rootkit detector and again i got the bad_pool_header message again with both. Is there anything else i can try?


----------



## dvk01 (Dec 14, 2002)

I am asking the combofix developer if he has any ideas but as it affects combofix & gmer, I suspect it is a new rootkit or clash with an existing driver that won't be fixable 

I'll get back to you later


----------



## dvk01 (Dec 14, 2002)

lets see if this shows anything

Download *RSIT* (random's system information tool) from here to your desktop, then click on the *RSIT.exe* to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

*RSIT will also create a second log*, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can use separate posts here when replying and posting the log files if needed.


----------



## adilshaikh (Aug 28, 2009)

hi dvk01, im having to split the log and info into parts. ill post the info.txt in the 4th post.

Logfile of random's system information tool 1.06 (written by random/random)
Run by SHAIKH at 2009-09-04 18:42:55
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 58 GB (52%) free of 111 GB
Total RAM: 1470 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:09, on 04/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Documents and Settings\SHAIKH\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\SHAIKH.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetdownloadmanager.com/welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A6511C7-4112-4785-BDD0-3BD32CE5EDED}: NameServer = 193.36.79.100 80.10.246.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9f5b1a2c085f4) (gupdate1c9f5b1a2c085f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11166 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\DriverCure.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-04-02 169392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-02 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"NPSStartup"= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-14 136600]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-23 7630848]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-23 86016]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-08-15 282624]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-08-31 1069448]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-02 2007832]
"AVGIDS"=C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe [2009-07-22 1600008]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-04-04 2794928]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2006-08-14 462336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2006-06-05 749568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-17 28738]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-12-23 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-20 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2001-08-24 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-12-23 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^SHAIKH^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2007-11-27 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-02 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\yaywtQhi

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoResolveTrack"=1
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=


----------



## adilshaikh (Aug 28, 2009)

Log Continued:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabledell Network Assistant"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Documents and Settings\SHAIKH\Local Settings\Temporary Internet Files\Content.IE5\JVLAE6JB\CabalTemp\ESTdnheadless.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temporary Internet Files\Content.IE5\JVLAE6JB\CabalTemp\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Documents and Settings\SHAIKH\Desktop\CabalTemp\ESTdnheadless.exe"="C:\Documents and Settings\SHAIKH\Desktop\CabalTemp\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsr86.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsr86.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsj31.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsj31.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsb11.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsb11.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsq23.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsq23.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsfE5.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsfE5.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsfB9.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsfB9.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Documents and Settings\SHAIKH\My Documents\Adils Folder\WoW-2.0.0-enUS-Installer-downloader.exe"="C:\Documents and Settings\SHAIKH\My Documents\Adils Folder\WoW-2.0.0-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsg105.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsg105.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsx119.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsx119.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsg31.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsg31.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsz106.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsz106.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsw66.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsw66.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsh6A.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsh6A.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsd16C.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsd16C.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsg17F.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsg17F.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsp4F.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsp4F.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsmB8.tmp\utorrent.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\nsmB8.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\SHAIKH\Desktop\CabalTemp\ESTSetupLoader.exe"="C:\Documents and Settings\SHAIKH\Desktop\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\rld11.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\rld11.exe:*:Enabled:UK Provider"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"F:\LimeWire\LimeWire.exe"="F:\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\SHAIKH\Desktop\SRO_NEW_Full-Client_Downloader.exe"="C:\Documents and Settings\SHAIKH\Desktop\SRO_NEW_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader"
"C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin"="C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion"
"C:\Program Files\Silkroad\Silkroad.exe"="C:\Program Files\Silkroad\Silkroad.exe:*:Enabled:Silkroad"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabledelivery Manager Service"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB"
"C:\Documents and Settings\SHAIKH\Local Settings\Temp\7zSBF9C.tmp\SymNRT.exe"="C:\Documents and Settings\SHAIKH\Local Settings\Temp\7zSBF9C.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-09-04 18:42:55 ----D---- C:\rsit
2009-09-04 15:58:55 ----SD---- C:\adil
2009-09-04 15:58:53 ----A---- C:\WINDOWS\system32\CF17590.exe
2009-09-04 15:57:43 ----A---- C:\WINDOWS\system32\CF18866.exe
2009-09-04 15:57:15 ----A---- C:\WINDOWS\system32\CF6779.exe
2009-09-02 16:55:19 ----HD---- C:\$AVG8.VAULT$
2009-09-02 16:22:49 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-09-02 16:22:36 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-09-02 16:22:11 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-09-02 16:21:53 ----D---- C:\Program Files\AVG
2009-09-02 16:21:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-09-02 15:51:23 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-09-02 15:51:23 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-09-02 15:51:23 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-09-02 15:51:23 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-09-02 15:51:23 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-09-02 15:51:22 ----D---- C:\Program Files\Trojan Remover
2009-09-02 15:51:22 ----D---- C:\Documents and Settings\SHAIKH\Application Data\Simply Super Software
2009-09-02 15:51:22 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-09-01 21:17:59 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2009-09-01 20:56:34 ----D---- C:\AVGTemp
2009-09-01 20:42:40 ----A---- C:\WINDOWS\system32\CF2618.exe
2009-09-01 19:43:08 ----SD---- C:\ComboFix
2009-09-01 19:43:08 ----A---- C:\WINDOWS\system32\CF2135.exe
2009-09-01 19:42:13 ----A---- C:\WINDOWS\system32\CF1320.exe
2009-09-01 14:53:00 ----D---- C:\Documents and Settings\SHAIKH\Application Data\AVG8
2009-08-31 18:59:30 ----A---- C:\Boot.bak
2009-08-31 18:59:24 ----RASHD---- C:\cmdcons
2009-08-31 18:58:29 ----A---- C:\WINDOWS\system32\CF15054.exe
2009-08-31 17:49:48 ----A---- C:\WINDOWS\system32\CF1188.exe
2009-08-31 17:48:11 ----A---- C:\WINDOWS\zip.exe
2009-08-31 17:48:11 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-31 17:48:11 ----A---- C:\WINDOWS\SWSC.exe
2009-08-31 17:48:11 ----A---- C:\WINDOWS\SWREG.exe
2009-08-31 17:48:11 ----A---- C:\WINDOWS\sed.exe
2009-08-31 17:48:11 ----A---- C:\WINDOWS\PEV.exe
2009-08-31 17:48:11 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-31 17:48:11 ----A---- C:\WINDOWS\grep.exe
2009-08-31 17:48:06 ----D---- C:\WINDOWS\ERDNT
2009-08-31 17:48:05 ----A---- C:\WINDOWS\system32\CF30234.exe
2009-08-31 17:48:02 ----D---- C:\Qoobox
2009-08-29 19:03:27 ----D---- C:\Program Files\Kaspersky Lab
2009-08-29 19:00:11 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-29 16:11:08 ----D---- C:\Documents and Settings\SHAIKH\Application Data\ESET
2009-08-29 15:46:21 ----D---- C:\Program Files\VS Revo Group
2009-08-28 18:45:41 ----D---- C:\Program Files\Trend Micro
2009-08-27 19:16:37 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-08-27 19:16:37 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-08-27 19:16:35 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-08-27 19:16:33 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-08-27 19:16:33 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-08-27 19:16:31 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-08-27 19:16:29 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-08-27 19:16:27 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-08-27 19:16:27 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-08-27 19:16:25 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-08-27 19:16:23 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-08-27 19:16:23 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-08-27 19:16:21 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-08-27 19:16:19 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-08-27 00:11:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-20 17:40:02 ----A---- C:\WINDOWS\system32\stlang.dll
2009-08-20 17:40:02 ----A---- C:\WINDOWS\stsystra.exe
2009-08-20 17:29:21 ----D---- C:\Program Files\IDT
2009-08-20 15:31:13 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-08-20 15:31:00 ----D---- C:\cabs
2009-08-20 14:35:45 ----D---- C:\Program Files\Common Files\ParetoLogic
2009-08-20 14:35:44 ----D---- C:\Program Files\ParetoLogic
2009-08-20 14:19:36 ----D---- C:\Program Files\Registry Easy
2009-08-20 14:13:23 ----D---- C:\Documents and Settings\SHAIKH\Application Data\IObit
2009-08-20 14:13:22 ----D---- C:\Program Files\IObit
2009-08-19 14:09:32 ----D---- C:\Program Files\RegCure
2009-08-17 16:01:04 ----D---- C:\Documents and Settings\SHAIKH\Application Data\DriverCure
2009-08-17 15:59:51 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-08-17 15:59:51 ----D---- C:\Documents and Settings\All Users\Application Data\DriverCure
2009-08-17 12:11:02 ----D---- C:\Documents and Settings\SHAIKH\Application Data\HP
2009-08-13 20:13:22 ----D---- C:\Documents and Settings\SHAIKH\Application Data\GetRightToGo
2009-08-12 23:04:27 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-11 11:06:37 ----D---- C:\Documents and Settings\SHAIKH\Application Data\id Software
2009-08-11 11:06:37 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-08-11 11:06:33 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-08-11 11:06:32 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-08-11 11:06:24 ----D---- C:\Documents and Settings\All Users\Application Data\id Software
2009-08-10 16:09:10 ----D---- C:\Program Files\NVIDIA Corporation
2009-08-10 16:09:01 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2009-08-10 16:05:55 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-08-10 16:05:55 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-08-10 14:23:08 ----D---- C:\Program Files\QuickTime
2009-08-10 14:20:11 ----D---- C:\Program Files\Apple Software Update
2009-08-09 19:20:23 ----A---- C:\RecorderSDKLog.txt
2009-08-09 19:18:08 ----A---- C:\WINDOWS\system32\tsccvid.dll
2009-08-09 19:17:51 ----D---- C:\Documents and Settings\All Users\Application Data\TechSmith
2009-08-09 19:17:26 ----D---- C:\Program Files\Common Files\TechSmith Shared
2009-08-09 19:17:08 ----D---- C:\Program Files\TechSmith
2009-08-09 18:38:48 ----D---- C:\Documents and Settings\SHAIKH\Application Data\iolo
2009-08-09 18:34:21 ----D---- C:\Program Files\iolo
2009-08-09 18:34:21 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
2009-08-08 12:49:53 ----D---- C:\Program Files\RamBooster 2.0
2009-08-06 23:36:10 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-06 23:36:05 ----D---- C:\Program Files\MSBuild
2009-08-06 23:35:56 ----D---- C:\Program Files\Reference Assemblies
2009-08-06 23:35:04 ----D---- C:\680e5a4bdd639c8293
2009-08-06 18:34:42 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2009-08-06 18:32:05 ----A---- C:\WINDOWS\BricoPackUninst.txt
2009-08-06 18:32:05 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2009-08-06 18:31:31 ----D---- C:\WINDOWS\BricoPacks
2009-08-05 20:17:48 ----D---- C:\Program Files\NaturalSoft
2009-08-05 14:14:29 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 months======

2009-09-04 18:43:03 ----D---- C:\WINDOWS\Temp
2009-09-04 17:41:29 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 5
2009-09-04 16:14:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-04 16:14:21 ----SD---- C:\WINDOWS\Tasks
2009-09-04 16:14:01 ----D---- C:\WINDOWS\system32
2009-09-04 16:13:46 ----D---- C:\Documents and Settings\SHAIKH\Application Data\DMCache
2009-09-04 16:13:23 ----D---- C:\WINDOWS\Minidump
2009-09-04 16:13:23 ----D---- C:\WINDOWS
2009-09-04 16:04:38 ----D---- C:\WINDOWS\system32\drivers
2009-09-04 16:04:38 ----D---- C:\WINDOWS\AppPatch
2009-09-04 16:04:17 ----D---- C:\Program Files\Common Files
2009-09-04 15:59:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-04 15:57:51 ----D---- C:\WINDOWS\Prefetch
2009-09-02 17:50:36 ----D---- C:\Program Files\Conquer 2.0
2009-09-02 16:23:19 ----SHD---- C:\WINDOWS\Installer
2009-09-02 16:23:18 ----HD---- C:\Config.Msi
2009-09-02 16:21:53 ----RD---- C:\Program Files
2009-09-01 21:18:03 ----HD---- C:\WINDOWS\inf
2009-09-01 21:08:26 ----SD---- C:\Documents and Settings\SHAIKH\Application Data\Microsoft
2009-09-01 17:48:32 ----D---- C:\Documents and Settings\SHAIKH\Application Data\LimeWire
2009-08-31 18:59:30 ----RASH---- C:\boot.ini
2009-08-29 23:58:05 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-29 19:02:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-29 19:02:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-29 19:01:44 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-29 16:08:45 ----D---- C:\Program Files\ESET
2009-08-29 14:16:05 ----D---- C:\WINDOWS\system32\config
2009-08-29 14:15:41 ----D---- C:\WINDOWS\system32\wbem
2009-08-29 14:15:41 ----D---- C:\WINDOWS\Registration
2009-08-29 14:11:56 ----D---- C:\WINDOWS\system32\dllcache
2009-08-29 14:11:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-29 13:22:29 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-08-28 19:37:48 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-08-28 19:37:19 ----D---- C:\Program Files\McAfee
2009-08-28 17:10:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-28 12:13:04 ----D---- C:\Documents and Settings\SHAIKH\Application Data\Corel
2009-08-27 19:16:39 ----D---- C:\WINDOWS\system32\DirectX
2009-08-27 19:16:08 ----HD---- C:\WINDOWS\msdownld.tmp
2009-08-21 12:44:17 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-21 11:27:33 ----D---- C:\Documents and Settings\SHAIKH\Application Data\IDM
2009-08-20 17:41:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-20 17:36:48 ----D---- C:\Program Files\Internet Download Manager
2009-08-20 17:30:36 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-20 15:49:33 ----D---- C:\Program Files\Free Download Manager
2009-08-20 15:40:21 ----D---- C:\Program Files\LimeWire
2009-08-20 15:18:34 ----D---- C:\WINDOWS\nview
2009-08-20 15:18:34 ----D---- C:\WINDOWS\Help
2009-08-20 15:15:08 ----D---- C:\NVIDIA
2009-08-20 15:13:58 ----D---- C:\dell
2009-08-20 14:45:37 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-20 14:26:33 ----D---- C:\i386
2009-08-20 13:47:26 ----A---- C:\WINDOWS\win.ini
2009-08-20 13:47:26 ----A---- C:\WINDOWS\system.ini
2009-08-20 13:47:25 ----D---- C:\WINDOWS\pss
2009-08-17 16:00:47 ----D---- C:\Program Files\Silkroad
2009-08-12 23:05:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-12 23:04:43 ----D---- C:\Program Files\Outlook Express
2009-08-10 16:08:42 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-09 19:18:06 ----D---- C:\WINDOWS\system32\quicktime
2009-08-09 19:03:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-07 13:11:19 ----RSD---- C:\WINDOWS\assembly
2009-08-06 23:41:08 ----D---- C:\WINDOWS\WinSxS
2009-08-06 23:36:07 ----D---- C:\WINDOWS\system32\en-US
2009-08-06 23:36:02 ----RSD---- C:\WINDOWS\Fonts
2009-08-06 23:32:48 ----D---- C:\Program Files\Internet Explorer
2009-08-06 19:11:02 ----D---- C:\Program Files\Movie Maker
2009-08-06 19:11:01 ----D---- C:\WINDOWS\system32\usmt
2009-08-06 18:34:41 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-08-06 18:33:39 ----D---- C:\WINDOWS\Cursors
2009-08-06 18:33:31 ----D---- C:\WINDOWS\Media
2009-08-05 14:17:29 ----D---- C:\WINDOWS\Debug
2009-08-05 10:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======


----------



## adilshaikh (Aug 28, 2009)

Log Continued:

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-02 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-02 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-09-02 108552]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-12-23 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 13696]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-01-12 13312]
R2 wsppkt;Wireless Security Protocol; C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-12 13568]
R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-09-01 29208]
R3 AVGIDSDriver;AVGIDSDriver; \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilter;AVGIDSFilter; \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShim;AVGIDSShim; \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-14 44544]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-23 3959712]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-08-15 1171464]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-09-01 29208]
S3 catchme;catchme; \??\C:\DOCUME~1\SHAIKH\LOCALS~1\Temp\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-02 297752]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-09-02 1370488]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2009-07-22 5641736]
R2 AVGIDSWatcher;AVGIDSWatcher; C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2009-07-22 571912]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-14 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-23 155715]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-08-11 75064]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 gupdate1c9f5b1a2c085f4;Google Update Service (gupdate1c9f5b1a2c085f4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-25 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


----------



## adilshaikh (Aug 28, 2009)

Info.txt:

info.txt logfile of random's system information tool 1.06 2009-09-04 18:43:11

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ARTEuro-->MsiExec.exe /I{1D3C662A-F6C6-4767-A788-7AA43A9A1317}
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVG Identity Protection-->MsiExec.exe /X{F314EA69-9590-4876-8E2B-44CBEE7FFAA1}
Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Camtasia Studio 6-->MsiExec.exe /I{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.3-->"C:\Program Files\Cheat Engine\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conquer 2.0-->C:\Program Files\InstallShield Installation Information\{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}\setup.exe -runfromtemp -l0x0009 -removeonly
Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Corel Snapfire Plus-->MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Coupon Printer-->"C:\Program Files\Coupon Printer\uninstall.exe" "/U:C:\Program Files\Coupon Printer\Uninstall\uninstall.xml"
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Favorit-->"c:\documents and settings\shaikh\local settings\application data\mqaiegc.exe" -uninstall
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free NaturalReader-->MsiExec.exe /I{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}
Golden Axe-->"C:\Documents and Settings\SHAIKH\My Documents\Adils Folder\Golden Axe\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.43\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Driver Software 9.0-->C:\Program Files\HP\Digital Imaging\{F5936267-D467-4e7b-8940-A7D9F0398EF3}\setup\hpzscr01.exe -datfile hphscr15.dat -showdisconnect -forcereboot
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iolo Memory Mechanic-->"C:\Program Files\iolo\Memory Mechanic\unins000.exe"
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033 
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 5.2.13-->"C:\Program Files\LimeWire\uninstall.exe"
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2002 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe E:\
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Orange Preload-->MsiExec.exe /I{38496EC2-78B7-412A-9398-FC6B7DB8E182}
ParetoLogic DriverCure-->C:\Program Files\ParetoLogic\DriverCure\uninstall.exe
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
Picture Package Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x0009 -removeonly
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{7D0AA8B9-8568-4527-B3F4-91846F921E90}
Quake Live Mozilla Plugin-->MsiExec.exe /I{D9B3B577-26BD-4CB2-9072-8029AE097AFE}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RamBooster-->C:\Program Files\RamBooster 2.0\Uninst.exe /pid:{ADE3CACC-EC31-480C-83A0-587EE60CE8DF} /asd
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Easy v5.6-->"C:\Program Files\Registry Easy\unins000.exe"
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x0809 -removeonly
Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0809 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
Samsung USB Driver-->"C:\Program Files\InstallShield Installation Information\{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}\Setup.exe" -runfromtemp -l0x0009 anything -removeonly
SAMSUNG USB Mobile Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{8CD0B297-122D-4718-9CE1-B72E796F7B21}
Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0009 -removeonly
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Tiscali Internet-->MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
Trojan Remover 6.8.1-->"C:\Program Files\Trojan Remover\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====


----------



## adilshaikh (Aug 28, 2009)

Info.txt Continued:

O2 - BHO: (no name) - {7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30} - (no file) [2009-09-03]
O4 - HKLM\..\Run: [{64e7cef3-b48e-9faf-acf1-124b47a3f471}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{836a35c6-f38d-e0ad-8c22-a4a526793a96}.dll" DllInit [2009-09-03]
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) [2009-09-03]
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file) [2009-09-03]
O2 - BHO: {d6620e09-f47c-65b9-6bd4-429525cb9ca3} - {3ac9bc52-5924-4db6-9b56-c74f90e0266d} - (no file) [2009-09-03]
O2 - BHO: (no name) - {C6B4B6A8-FB68-4468-AD1F-0854EF2C9910} - (no file) [2009-09-03]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Internet Security
FW: AVG Firewall

======System event log======

Computer Name: EDWARD
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 1490
Source Name: Cdrom
Time Written: 20090819133733.000000+060
Event Type: error
User:

Computer Name: EDWARD
Event Code: 15
Message: The device, \Device\Ide\IdePort1, is not ready for access yet.

Record Number: 1489
Source Name: atapi
Time Written: 20090819133733.000000+060
Event Type: error
User:

Computer Name: EDWARD
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 1488
Source Name: Cdrom
Time Written: 20090819133553.000000+060
Event Type: error
User:

Computer Name: EDWARD
Event Code: 15
Message: The device, \Device\Ide\IdePort1, is not ready for access yet.

Record Number: 1487
Source Name: atapi
Time Written: 20090819133553.000000+060
Event Type: error
User:

Computer Name: EDWARD
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 1486
Source Name: Cdrom
Time Written: 20090819133413.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: EDWARD
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 19596
Source Name: Microsoft Fax
Time Written: 20090710115830.000000+060
Event Type: warning
User:

Computer Name: EDWARD
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 19576
Source Name: Microsoft Fax
Time Written: 20090709110952.000000+060
Event Type: warning
User:

Computer Name: EDWARD
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 19575
Source Name: Microsoft Fax
Time Written: 20090709110952.000000+060
Event Type: warning
User:

Computer Name: EDWARD
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 19554
Source Name: Microsoft Fax
Time Written: 20090708113257.000000+060
Event Type: warning
User:

Computer Name: EDWARD
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 19553
Source Name: Microsoft Fax
Time Written: 20090708113257.000000+060
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


----------



## dvk01 (Dec 14, 2002)

download the attached lsafix.zip

unzip it to desktop & right click the lsafix.reg and select merge, say yes to any prompts

reboot & see if combofix will run so we can deal with the rest ( if the files listed still exist and aren't just registry references


----------



## adilshaikh (Aug 28, 2009)

i merged the file to the registry and i still got the same error message when i ran combofix.


----------



## dvk01 (Dec 14, 2002)

lets see if we can fix it with this

Download *OTS.exe *to your Desktop 

Close any open browsers.
Double-click on *OTS.exe* to start the program.
If your Real protection or Antivirus intervenes with OTS, allow it to run.
In the *Processes * group click *ALL* 
In the * Services * group click *Safe List* 
In the *Drivers* group click *Safe List* 
In the *Registry * group click *ALL*
In the *Files Age* drop down box click *90 days* 
Make sure use white list and include all unicode names boxes are checked
 In the Files created and Files modified groups select *whitelist/file age *
in the *Additional scans sections* please select * Everything *and make sure safe list box is checked
Now on the toolbar at the top select "Scan all users" then click the *Run Scan* button
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file 
Use the * Reply* button and *attach the notepad file here*. I will review it when it comes in. 

It will be much too big so you will need to zip the file before it will be able to be uploaded


----------



## adilshaikh (Aug 28, 2009)

i got another problem. I checked all the boxes you told me to and then about 20 seconds into the scan this error message comes ups:

Access viaolation at adress 00537000 in module 'OTS.exe' Read of adress 00000000. 

and when i click ok i think thats where the scan stops working. At the bottom it get stuck at 'Scanning HKEY_LOCAL_MACHINE\ ActiveX stub Path Settings...'. Do you think if i unhecked the 'REG - ActiveX stubpath' box underneath the 'Additional Scans' section the scan would work start working, or do i have to tick that box.


----------



## dvk01 (Dec 14, 2002)

uncheck that box & see if it works


----------



## adilshaikh (Aug 28, 2009)

well it did work, the scan ran for about a minute longer but then a new error message came up and the scan stopped at 'HKEY_LOCAL_MACHINE\ Shell extentions...'. So i ran the scan again and unchecked the 'Reg - Approved Shell Extentions' box underneath the additional scans section and ran the scan again. But then again a new error message can up again and the scan stopped at 'HKLM Ext\Preapproved Settings...'. So again like lastime i unchecked the 'Reg - Exit' box. And it worked again, basically i kept getting the same problems 8 times until i thougt to my self that i should try and run the scan without anything checked in the additional scans section and that worked perfectly fine so i just wanted to know do i have to check anything in the additional scans section or does it not matter if i do. because the scan only took about 5 minutes and i have the error report.


----------



## adilshaikh (Aug 28, 2009)

Here is the log without anything checked in the additional scans section.


----------



## dvk01 (Dec 14, 2002)

Please download Navilog1 by IL-MAFIOSO:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

* Extract its contents to the desktop.
* Double click on navilog1.exe to install it on your computer.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time)
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)


----------



## adilshaikh (Aug 28, 2009)

hi again dvk01, again i got some bad news, i got the same bad poolheader error message while i was using this program just like in combofix. I think any program with the appperance of combofix my computer just dosnt like.


----------



## dvk01 (Dec 14, 2002)

in that case the only safe fix is format & install windows from fresh 
there is definitely a rootkit at work that is affecting security tools and their drivers

trying to track down & find teh bad driver will be almost impossible


----------



## adilshaikh (Aug 28, 2009)

dvk01 said:


> in that case the only safe fix is format & install windows from fresh
> there is definitely a rootkit at work that is affecting security tools and their drivers
> 
> trying to track down & find teh bad driver will be almost impossible


what do you mean by this??


----------



## adilshaikh (Aug 28, 2009)

'format & install windows from fresh'. what does this mean


----------



## adilshaikh (Aug 28, 2009)

my AVG anti rootkit detects nothing


----------



## dvk01 (Dec 14, 2002)

adilshaikh said:


> 'format & install windows from fresh'. what does this mean


it means exactly what it says

format the computer & install windiows again so it is like a brand new computer


----------



## adilshaikh (Aug 28, 2009)

i cant do that its not an option for me. Isnt there anyway to go around this i dont want to reset my computer. What would happpen if i let this rootkit on my computer? Is it able to access information of my computer like passwords and bank details? please reply soon.


----------



## dvk01 (Dec 14, 2002)

it has to be an option because there is no fix for this one


----------

