Solved Unknown virus

mayank240 · 2009/08/27

[Resolved] Unknown virus

Hi. I am using Dell Latitude D610 XP,Till yesterday everything was fine and my PC was working super speedy,after i installed HP hosts immediately my speed slowed down, I uninstalled it did system restore to one day before but problem not solved.I went to safe mode and did restore for 3-4 days before but it gives the message operation can't be done.Now my CPU usage is 100% always and svchost.exe using 90-100 % RAM.No virus found with MBAM,McAfee,Adaware, Super Antispyware,Housecall.Also ran ccleaner and Disk defragmentar and error checking.I can't even use internet to solve problems because it is very very slow.Did everything i could,I am posting dds log,I am sorry if i made any mistake in scanning.please let me know,I am helpless with my slow computer.

DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 12:26:13.56 on Wed 08/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.458 [GMT 4:00]

AV: Total Protection *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINNT\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINNT\system32\IoctlSvc.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://in.yahoo.com/
uSearch Page = www.google.de
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6173\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: India Radio TV Toolbar: {48f081da-c563-4c45-8413-dae38ec5cf1d} - c:\program files\india_radio_tv\tbInd1.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6173\SiteAdv.dll
TB: India Radio TV Toolbar: {48f081da-c563-4c45-8413-dae38ec5cf1d} - c:\program files\india_radio_tv\tbInd1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\winnt\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\winnt\system32\hkcmd.exe
mRun: [igfxpers] c:\winnt\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe "
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\agent\Splash.exe "
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe "
mRun: [SiteAdvisor] c:\program files\siteadvisor\6173\SiteAdv.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
dRun: [CTFMON.EXE] c:\winnt\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printc~1.lnk - c:\documents and settings\administrator.lisec\application data\microsoft\installer\{311ced86-3cdb-4cdc-bf30-7609d67c1a81}\NewShortcut10_FBB862E34F8F4C7C8D151A9FB16A3E41.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoStrCmpLogica = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 1
mPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.566.dll
Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6173\SiteAdv.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxsrvc.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\bfcdn2rq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 AW_HOST;AW_HOST;c:\winnt\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
R1 awlegacy;awlegacy;c:\winnt\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
R1 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
R1 mfehidk;McAfee Inc. mfehidk;c:\winnt\system32\drivers\mfehidk.sys [2008-8-2 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
R1 xlkfs;xlkfs;c:\winnt\system32\drivers\xlkfs.sys [2009-6-18 18432]
R2 CP_OMDRV;Check Point Office Mode Module;c:\winnt\system32\drivers\omdrv.sys [2005-6-19 36400]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-8-2 14144]
R2 KeyP;KeyP;c:\winnt\system32\drivers\KeyP.sys [2008-5-14 14232]
R2 McShield;McShield;c:\progra~1\mcafee\manage~1\vscan\McShield.exe [2008-8-2 144704]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-8-2 169280]
R2 PBUS;PBUS;c:\winnt\system32\drivers\PBus.sys [2007-1-26 3904]
R2 Peakcan;Peakcan;c:\winnt\system32\drivers\PEAKCAN.SYS [2007-1-26 177296]
R2 SIGMA16;SIGMA16;c:\winnt\system32\drivers\Sigma16.sys [2007-1-26 3444]
R2 Sigma32;Sigma32;c:\winnt\system32\drivers\Sigma32.SYS [2007-1-26 25344]
R2 sprtsvc_etisalat;SupportSoft Sprocket Service (etisalat);c:\program files\etisalat\esupport\bin\sprtsvc.exe [2009-8-4 200384]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\winnt\system32\drivers\vnasc.sys [2005-6-19 109072]
R2 VPN-1;VPN-1 Module;c:\winnt\system32\drivers\vpn.sys [2005-6-19 671408]
R3 CANLPT;CANLPT;c:\winnt\system32\drivers\canlpt2.sys [2005-7-13 40704]
R3 FW1;SecuRemote Miniport;c:\winnt\system32\drivers\fw.sys [2005-6-19 2234320]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\winnt\system32\drivers\hssdrv.sys [2009-7-10 33840]
R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\winnt\system32\drivers\MfeAVFK.sys [2008-8-2 79304]
R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\winnt\system32\drivers\MfeBOPK.sys [2008-8-2 35240]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]
R3 SIGMA;SIGMA;c:\winnt\system32\drivers\sigma.sys [2003-4-30 20979]
R3 tap0901;TAP-Win32 Adapter V9;c:\winnt\system32\drivers\tap0901.sys [2009-7-15 28592]
S2 CanIpcNT1;CanIpcNT1;c:\winnt\system32\drivers\CanIpcNT1.sys [2003-4-30 37016]
S2 Com+ Event System Log;Com+ Event System Log;c:\program files\common files\microsoft shared\msinfo\twunk_64.aaa [2008-6-4 0]
S2 gupdate1c9eb41d0a2c6a0;Google Update Service (gupdate1c9eb41d0a2c6a0);c:\program files\google\update\GoogleUpdate.exe [2009-6-12 133104]
S2 HssSrv;Hotspot Shield Helper Service;c:\mayank\hotspot shield\hsswpr\hsssrv.exe --> c:\mayank\hotspot shield\hsswpr\hsssrv.exe [?]
S3 awhost32;pcAnywhere Host-Modul;c:\program files\symantec\pcanywhere\awhost32.exe [2004-11-5 106496]
S3 DIASIPC;DIASIPC;c:\winnt\system32\drivers\diasipc.sys [2004-4-13 16896]
S3 GTIPCI21;GTIPCI21;c:\winnt\system32\drivers\gtipci21.sys [2007-1-25 88192]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-8-11 57640]
S3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [2006-10-23 36352]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\winnt\system32\drivers\MfeRKDK.sys [2008-8-2 33832]
S3 OKAMAI;OKAMAI Service;c:\winnt\system32\cmd.exe [2007-1-26 389120]
S3 Ssfdcstk;Ssfdcstk;c:\winnt\system32\drivers\ssfdcstk.sys [2003-9-10 20736]
S4 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\common files\siemens\s7iepg\s7oiehsx.exe [2004-7-7 200769]

=============== Created Last 30 ================

2009-08-25 23:00 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-08-25 18:47 <DIR> --d----- c:\winnt\system32\wbem\Repository
2009-08-25 14:55 <DIR> --d----- c:\program files\Nero
2009-08-25 14:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-08-25 11:02 <DIR> --d----- c:\program files\hpHosts
2009-08-24 22:25 <DIR> --d----- c:\docume~1\admin\applic~1\gnupg
2009-08-24 12:53 <DIR> --d----- c:\program files\Safer Networking
2009-08-22 22:32 <DIR> --d----- c:\docume~1\admin\applic~1\Malwarebytes
2009-08-22 22:32 38,160 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-08-22 22:32 19,096 a------- c:\winnt\system32\drivers\mbam.sys
2009-08-22 22:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 22:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-21 22:59 <DIR> --d----- c:\documents and settings\admin\.housecall6.6
2009-08-21 18:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nokia
2009-08-21 17:28 <DIR> --d----- c:\winnt\Globalization
2009-08-19 15:21 <DIR> --d----- c:\program files\NT Registry Optimizer
2009-08-19 15:07 <DIR> --d----- c:\docume~1\admin\applic~1\RoamDrive
2009-08-17 14:49 <DIR> --d----- c:\program files\Audacity 1.3 Beta (Unicode)
2009-08-16 22:34 <DIR> --d----- C:\oldver
2009-08-15 16:35 <DIR> --dsh--- c:\documents and settings\admin\IECompatCache
2009-08-15 16:32 <DIR> --dsh--- c:\documents and settings\admin\PrivacIE
2009-08-15 16:30 <DIR> --dsh--- c:\documents and settings\admin\IETldCache
2009-08-15 13:47 <DIR> --d----- c:\winnt\ie8updates
2009-08-15 13:35 <DIR> -cd-h--- c:\winnt\ie8
2009-08-15 13:33 <DIR> --d-h--- c:\winnt\msdownld.tmp
2009-08-15 13:23 246,272 -c------ c:\winnt\system32\dllcache\ieproxy.dll
2009-08-15 13:23 12,800 -c------ c:\winnt\system32\dllcache\xpshims.dll
2009-08-15 13:21 101,376 -c------ c:\winnt\system32\dllcache\iecompat.dll
2009-08-14 14:26 <DIR> --d----- c:\docume~1\admin\applic~1\HouseCall 6.6
2009-08-11 21:39 <DIR> --d----- c:\documents and settings\admin\DoctorWeb
2009-08-11 11:59 244 a---h--- C:\sqmnoopt05.sqm
2009-08-11 11:59 232 a---h--- C:\sqmdata05.sqm
2009-08-10 21:27 25 a------- c:\winnt\cdplayer.ini
2009-08-09 19:25 0 a---h--- c:\winnt\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-09 16:09 54,156 a---h--- c:\winnt\QTFont.qfn
2009-08-09 16:09 1,409 a------- c:\winnt\QTFont.for
2009-08-09 09:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\71F
2009-08-09 08:51 <DIR> --d----- c:\docume~1\admin\applic~1\ICAClient
2009-08-09 08:49 <DIR> --d----- c:\docume~1\admin\applic~1\CoCreate
2009-08-08 22:26 483,328 a------- c:\winnt\system32\actskn45.ocx
2009-08-08 19:56 0 a---h--- c:\winnt\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-08-08 19:56 0 a---h--- c:\winnt\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-08 19:54 26,112 ac------ c:\winnt\system32\dllcache\usbser.sys
2009-08-08 19:54 26,112 a------- c:\winnt\system32\drivers\usbser.sys
2009-08-08 19:54 0 a---h--- c:\winnt\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-08 19:54 0 a---h--- c:\winnt\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-08 19:53 14,640 -------- c:\winnt\system32\spmsgXP_2k3.dll
2009-08-08 19:41 <DIR> --d----- c:\program files\common files\PCSuite
2009-08-08 19:40 <DIR> --d----- c:\program files\common files\Nokia
2009-08-08 19:40 18,816 a------- c:\winnt\system32\drivers\pccsmcfd.sys
2009-08-08 19:40 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-08-08 19:39 7,808 a------- c:\winnt\system32\drivers\usbser_lowerfltj.sys
2009-08-08 19:39 7,808 a------- c:\winnt\system32\drivers\usbser_lowerflt.sys
2009-08-08 19:39 22,016 a------- c:\winnt\system32\drivers\ccdcmbo.sys
2009-08-08 19:39 659,968 a------- c:\winnt\system32\nmwcdcocls.dll
2009-08-08 19:39 17,664 a------- c:\winnt\system32\drivers\ccdcmb.sys
2009-08-08 19:39 1,112,288 a------- c:\winnt\system32\wdfcoinstaller01007.dll
2009-08-08 19:17 0 a---h--- c:\winnt\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-08 09:41 114 a------- c:\winnt\wininit.ini
2009-08-07 20:18 120,056 -------- c:\winnt\system32\pxcpyi64.exe
2009-08-07 20:18 118,520 -------- c:\winnt\system32\pxinsi64.exe
2009-08-04 23:27 5,214 a------- c:\winnt\opera.ini
2009-08-04 22:00 <DIR> --d----- c:\program files\common files\SupportSoft
2009-08-04 21:58 <DIR> --d----- c:\program files\Etisalat
2009-08-04 21:41 2,702 a------- C:\WirelessDiagLog.csv
2009-08-04 20:22 155 a------- C:\version.ini
2009-08-04 20:21 21,425 a------- c:\winnt\system32\drivers\AegisP.sys
2009-08-04 20:16 <DIR> --d----- c:\docume~1\admin\applic~1\Intel
2009-08-03 17:44 <DIR> --d----- c:\docume~1\admin\applic~1\Canneverbe_Limited
2009-08-03 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-08-03 16:05 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-03 16:05 <DIR> --d----- c:\docume~1\admin\applic~1\SUPERAntiSpyware.com
2009-08-03 11:08 2,560 a------- c:\winnt\_MSRSTRT.EXE
2009-08-03 10:34 <DIR> --d----- c:\program files\Hotspot_Shield
2009-08-02 13:51 283,648 a------- c:\winnt\uninst.exe
2009-08-02 10:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-08-02 10:05 <DIR> --d----- c:\docume~1\admin\applic~1\Uniblue
2009-08-02 10:03 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-08-01 16:02 3,840 a------- c:\winnt\system32\drivers\BANTExt.sys
2009-08-01 15:29 53,248 a------- c:\winnt\system32\IoctlSvc.exe
2009-08-01 13:57 <DIR> --d----- c:\docume~1\admin\applic~1\Transcend
2009-07-31 17:04 <DIR> --d----- c:\program files\Mozilla Firefox 3 Beta 5
2009-07-31 01:46 <DIR> --d----- c:\program files\ATI Technologies
2009-07-31 01:46 <DIR> --d----- c:\program files\common files\Siemens
2009-07-31 01:41 <DIR> --d----- C:\ATI
2009-07-30 19:13 <DIR> --d----- c:\program files\Belarc
2009-07-30 15:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel(3)
2009-07-30 15:24 <DIR> --d----- c:\docume~1\admin\applic~1\Intel(3)
2009-07-30 14:11 <DIR> --d----- c:\winnt\pss
2009-07-29 23:26 <DIR> --d----- C:\Hotspot Shield
2009-07-29 23:25 <DIR> --d----- c:\program files\Hotspot Shield
2009-07-29 23:23 <DIR> --d----- c:\docume~1\admin\applic~1\MiniDm
2009-07-29 21:42 <DIR> --d----- c:\program files\IEPro

==================== Find3M ====================

2009-08-26 07:27 2,484 a------- c:\winnt\bthservsdp.dat
2009-07-24 22:44 23,552 a------- c:\winnt\xlkfs.dll
2009-07-22 23:13 28,592 a------- c:\winnt\system32\drivers\tap0901.sys
2009-07-03 21:09 915,456 a------- c:\winnt\system32\wininet.dll
2009-07-02 06:34 33,840 a------- c:\winnt\system32\drivers\hssdrv.sys
2007-01-25 16:38 457 ac------ c:\program files\INSTALL.LOG

============= FINISH: 12:28:20.92 ===============

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/26 12:40
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINNT\System32\Drivers\dump_atapi.sys
Address: 0xF4A04000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINNT\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BE3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINNT\system32\drivers\rootrepeal.sys
Address: 0xF28AE000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\admin\Recent\Formats (2).lnk
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\admin\local settings\temp\etilqs_kiv0znmumllqkftzwu92
Status: Allocation size mismatch (API: 16384, Raw: 8192)

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\admin\Local Settings\Apps\2.0\PG2YNH8Y.H8G\327ER44C.774\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\sinhamay\Local Settings\Apps\2.0\AT7KCKMY.M58\GRM2K06A.L77\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\sinhamay\Local Settings\Apps\2.0\AT7KCKMY.M58\GRM2K06A.L77\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf6093df0

==EOF==

mayank240 · 2009/08/27

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/26/2007 12:37:58 AM
System Uptime: 8/26/2009 8:44:35 AM (4 hours ago)

Motherboard: Dell Inc. | | 0C4708
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 335/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 52 GiB total, 14.334 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 4.138 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_5460&SUBSYS_20061028&REV_00\4&27EA4097&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_5460&SUBSYS_20061028&REV_00\4&27EA4097&0&0008
Service:

Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_104C&DEV_8038&SUBSYS_01821028&REV_00\4&2FA23535&0&0DF0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_104C&DEV_8038&SUBSYS_01821028&REV_00\4&2FA23535&0&0DF0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: TAP VPN Provider
Name: TAP VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: tapvpn

Class GUID: {338A7CC0-8FEE-11D5-BBB3-00104B4E7F72}
Description: DIAS-IPC Hardware
Device ID: ROOT\SIGMATEK\0002
Manufacturer: SIGMATEK GmbH & Co KG
Name: DIAS-IPC Hardware
PNP Device ID: ROOT\SIGMATEK\0002
Service: DIASIPC

Class GUID: {338A7CC0-8FEE-11D5-BBB3-00104B4E7F72}
Description: IPC Smartmedia-Hardware
Device ID: ROOT\SIGMATEK\0004
Manufacturer: SIGMATEK GmbH & Co KG
Name: IPC Smartmedia-Hardware
PNP Device ID: ROOT\SIGMATEK\0004
Service: Ssfdcstk

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 7610 Supernova
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP352: 7/26/2009 7:18:48 AM - Removed Driver Detective.
RP353: 7/26/2009 9:49:41 PM - Removed GroupWise
RP354: 7/28/2009 8:37:59 AM - System Checkpoint
RP355: 7/29/2009 7:39:17 PM - System Checkpoint
RP356: 7/30/2009 11:34:15 AM - Removed NetWaiting
RP357: 7/30/2009 3:21:38 PM - Restore Operation
RP358: 7/30/2009 3:38:58 PM - Restore Operation
RP359: 7/30/2009 3:55:52 PM - Removed Driver Detective.
RP360: 7/30/2009 4:06:10 PM - Installed Broadcom Gigabit Integrated Controller
RP361: 7/30/2009 4:27:23 PM - Installed Sonic DLA
RP362: 7/30/2009 9:48:08 PM - Removed STEP 7-Micro/WIN
RP363: 7/30/2009 9:48:46 PM - Removed Communications
RP364: 7/31/2009 1:44:53 AM - Restore Operation
RP365: 7/31/2009 9:55:38 AM - Removed GroupWise
RP366: 7/31/2009 3:09:12 PM - Configured C-Major Audio
RP367: 8/1/2009 3:49:23 PM - System Checkpoint
RP368: 8/2/2009 10:03:24 AM - Installed Uniblue DriverScanner v1.0
RP369: 8/2/2009 10:21:24 AM - Restore Operation
RP370: 8/2/2009 11:22:07 AM - Installed Uniblue DriverScanner v1.0
RP371: 8/3/2009 12:21:20 PM - System Checkpoint
RP372: 8/3/2009 4:05:27 PM - Installed SUPERAntiSpyware Free Edition
RP373: 8/4/2009 8:55:22 PM - System Checkpoint
RP374: 8/4/2009 11:26:05 PM - Removed Disc2Phone
RP375: 8/4/2009 11:27:53 PM - Removed GroupWise
RP376: 8/4/2009 11:40:42 PM - Removed innovaphone SoftwarePhone
RP377: 8/4/2009 11:42:13 PM - Removed Microsoft Windows Journal Viewer
RP378: 8/6/2009 6:58:13 AM - System Checkpoint
RP379: 8/7/2009 10:42:18 PM - Removed OpenOffice.org 2.0
RP380: 8/7/2009 11:41:16 PM - Removed Adobe® Photoshop® Album Starter Edition 3.0
RP381: 8/8/2009 6:48:05 PM - Removed AVG 8.5
RP382: 8/8/2009 6:53:14 PM - Installed AVG 8.5
RP383: 8/8/2009 7:16:42 PM - Installed Windows XP Wdf01005.
RP384: 8/8/2009 7:53:25 PM - Installed Windows XP Wdf01007.
RP385: 8/8/2009 7:55:37 PM - Installed Windows XP Wudf01007.
RP386: 8/8/2009 7:56:39 PM - Removed SUPERAntiSpyware Free Edition
RP387: 8/10/2009 9:11:20 AM - System Checkpoint
RP388: 8/11/2009 9:16:36 AM - System Checkpoint
RP389: 8/12/2009 1:11:28 PM - System Checkpoint
RP390: 8/13/2009 4:00:17 PM - System Checkpoint
RP391: 8/14/2009 4:27:07 PM - System Checkpoint
RP392: 8/15/2009 2:11:00 AM - Installed SUPERAntiSpyware Free Edition
RP393: 8/15/2009 1:26:35 PM - Software Distribution Service 3.0
RP394: 8/15/2009 1:38:52 PM - Installed Windows Internet Explorer 8.
RP395: 8/15/2009 1:44:44 PM - Software Distribution Service 3.0
RP396: 8/15/2009 5:25:57 PM - Removed Adobe Reader 9.
RP397: 8/15/2009 5:26:34 PM - Installed Adobe Reader 9.1.
RP398: 8/16/2009 5:47:23 PM - System Checkpoint
RP399: 8/17/2009 6:22:10 PM - System Checkpoint
RP400: 8/18/2009 8:48:16 PM - System Checkpoint
RP401: 8/18/2009 10:21:50 PM - Removed SUPERAntiSpyware Free Edition
RP402: 8/21/2009 12:55:33 PM - System Checkpoint
RP403: 8/21/2009 6:47:59 PM - Restore Operation
RP404: 8/21/2009 11:38:29 PM - Installed DropMyRights
RP405: 8/22/2009 2:37:12 PM - Installed Opera 9.64
RP406: 8/23/2009 3:21:32 PM - System Checkpoint
RP407: 8/24/2009 3:21:46 PM - System Checkpoint
RP408: 8/24/2009 5:59:15 PM - Restore Operation
RP409: 8/25/2009 2:51:50 PM - Installed Nero 9 Trial 4.4.8.1
RP410: 8/25/2009 6:22:27 PM - Restore Operation
RP411: 8/25/2009 6:37:12 PM - Restore Operation
RP412: 8/25/2009 11:01:06 PM - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

.print Client Windows (TCP/IP)
7-Zip 4.23
Acrobat.com
ActivePerl 5.8.7 Build 813
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
AT&T Labs' Natural Voices 1.4 - Desktop Runtime
ATI - Software Uninstall Utility
Audacity 1.3.8 (Unicode)
AutoCAD 2008 - English
B&R Automation
Belarc Advisor 8.1
Broadcom 440x 10/100 Integrated Controller
Broadcom Gigabit Integrated Controller
Bruce's Unusual Typing Wizard, Version 1.5.0
Burn4Free CD and DVD
C-Major Audio
CDBurnerXP Pro 3
Check Point VPN-1 SecuRemote/SecureClient NGX R60
CoCreate OneSpace Designer 2DAccess 2005
Conexant D110 MDC V.9x Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager
Dell ResourceCD
DropMyRights
Easy File Locker 1.1
Etisalat eSupport 1.0
Extended Language Support Fonts Package
FileAlyzer
Fingerprint Sensor Minimum Install
Global Drive Control Uninstall
Global Drive Control V4.10
GMail Drive Shell Extension
GnuPT Version 2.7.4 / 23.11.2005
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPGee 1.2.1a
GPS.opt
GroupWise Messenger
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotspot Shield 1.22
HouseCall 6.6
HP Integrated Module with Bluetooth wireless technology
HP LaserJet P2010 Series
HP ProtectTools Security Manager 2.00 C3
HP Quick Launch Buttons 6.00 D2
India_Radio_TV Toolbar
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 13
Lenze Communication
LiveReg (Symantec Corporation)
LVSIM-HYD & PNEU
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
McAfee Virus and Spyware Protection Service
mCore
mDriver
mDrWiFi
MetaFrame Presentation Server Client
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.53
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0b5)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
mToolkit
mWlsSafe
mWMI
mZConfig
Nero - Burning Rom
NetAlyzer
Nokia Connectivity Cable Driver
Nokia MTP driver
Nokia Nseries Skin for Microsoft Windows Media Player
Nokia PC Suite
Norton Ghost
NTREGOPT 1.1j
Opera 9.64
OPTIONEN
Param Version 6.0
PC Connectivity Solution
PDFCreator
QuickTime
RealPlayer
RoamDrive 1.0.2292.14902
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SIMATIC Device Drivers
SIMATIC Industrial Ethernet PG
SIMATIC STEP 7-Micro/WIN V4.0.0.81E
Skype 2.5
SUPERAntiSpyware Free Edition
Symantec pcAnywhere
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VBA (2627.01)
VLC media player 1.0.0
VMware Player
WebFldrs XP
Winamp
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB892313
Windows Media Player 11
Windows NT Messaging
Windows XP Service Pack 3
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

8/26/2009 8:45:37 AM, error: Dhcp [1002] - The IP address lease 192.168.254.6 for the Network Card with network address 001422D6C8B5 has been denied by the DHCP server 10.112.255.1 (The DHCP Server sent a DHCPNACK message).
8/26/2009 6:05:46 AM, error: Dhcp [1002] - The IP address lease 192.168.254.4 for the Network Card with network address 00166F4A2AB1 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
8/25/2009 6:29:35 PM, error: Service Control Manager [7022] - The Windows Time service hung on starting.
8/25/2009 6:20:26 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
8/25/2009 6:16:38 PM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070005.
8/25/2009 11:10:59 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
8/24/2009 5:48:01 PM, error: Dhcp [1002] - The IP address lease 192.168.254.3 for the Network Card with network address 00166F4A2AB1 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
8/24/2009 4:30:14 PM, error: Service Control Manager [7034] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s).
8/24/2009 4:29:10 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
8/23/2009 6:47:06 PM, error: Dhcp [1002] - The IP address lease 192.168.254.2 for the Network Card with network address 00166F4A2AB1 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
8/22/2009 3:56:49 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
8/22/2009 2:20:26 PM, error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
8/22/2009 2:04:53 PM, error: NetBT [4321] - The name "LISECDUBAI :1d" could not be registered on the Interface with IP address 192.168.254.2. The machine with the IP address 192.168.254.2 did not allow the name to be claimed by this machine.
8/22/2009 11:49:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ACPIEC iaStor IntelIde
8/22/2009 11:48:57 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/22/2009 10:01:44 PM, error: Service Control Manager [7034] - The McShield service terminated unexpectedly. It has done this 1 time(s).
8/22/2009 1:59:43 PM, error: NetBT [4321] - The name "LISECDUBAI :1d" could not be registered on the Interface with IP address 192.168.254.2. The machine with the IP address 192.168.254.4 did not allow the name to be claimed by this machine.
8/21/2009 9:44:24 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'pdcat1,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/21/2009 9:14:20 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'pdcat1,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/21/2009 9:00:54 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer KULKAANA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0E773D5B-5361-4DCC-. The master browser is stopping or an election is being forced.
8/21/2009 8:59:20 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'pdcat1,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/21/2009 8:46:08 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer NAIRSUHA that believes that it is the master browser for the domain on transport Nbf_{0E773D5B-5361-4DCC-86F8. The master browser is stopping or an election is being forced.
8/21/2009 6:52:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VMware Virtual Mount Manager Extended service to connect.
8/21/2009 6:52:50 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/21/2009 6:52:50 PM, error: Service Control Manager [7000] - The Hotspot Shield Helper Service service failed to start due to the following error: The system cannot find the file specified.
8/21/2009 6:52:50 PM, error: Service Control Manager [7000] - The CanIpcNT1 service failed to start due to the following error: The system cannot find the device specified.
8/21/2009 5:35:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
8/21/2009 4:05:45 PM, error: Dhcp [1002] - The IP address lease 10.11.96.173 for the Network Card with network address 00FFB7F386F7 has been denied by the DHCP server 10.11.31.254 (The DHCP Server sent a DHCPNACK message).
8/21/2009 2:30:21 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'pdcat1,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/21/2009 12:50:40 AM, error: Dhcp [1002] - The IP address lease 10.19.97.71 for the Network Card with network address 00FFB7F386F7 has been denied by the DHCP server 10.11.111.254 (The DHCP Server sent a DHCPNACK message).
8/21/2009 12:49:39 AM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 00166F4A2AB1 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
8/21/2009 12:01:17 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SEBASLIJ that believes that it is the master browser for the domain on transport Nbf_{0E773D5B-5361-4DCC-86F8. The master browser is stopping or an election is being forced.
8/21/2009 11:30:13 PM, error: NETLOGON [5719] - No Domain Controller is available for domain LISECDUBAI due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
8/21/2009 10:56:14 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer NAIRSUHA that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0E773D5B-5361-4DCC-. The master browser is stopping or an election is being forced.
8/21/2009 10:44:56 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'pdcat1,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/21/2009 10:44:20 AM, error: Dhcp [1002] - The IP address lease 192.168.254.5 for the Network Card with network address 00166F4A2AB1 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
8/20/2009 9:00:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
8/19/2009 3:33:14 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'pdcat1,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

broni · 2009/08/27

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

mayank240 · 2009/08/29

Hi Broni,I ran Combofix everything ran fine except got a message could not download MS recovery console.I am sorry but i did a major mistake my using ccleaner after finishing with combofix and before running HJT,Still i am posting these logs.Please guide me if i have to do it again.Will take care of this in future.Now Internet is somewhat fast.SVCHOST.exe,user-Network services remains between 80 to 100%.I have backup of registry changes made by ccleaner.

ComboFix 09-08-28.01 - admin 08/29/2009 8:40.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.596 [GMT 4:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\recycler\S-1-5-21-1715313796-7248717908-691389710-6438
c:\recycler\S-1-5-21-1851764822-9487124947-738305357-9703
c:\recycler\S-1-5-21-4468729854-7941751202-955984003-2735
c:\recycler\S-1-5-21-7919992569-0678630051-874981374-5383
C:\System
c:\winnt\Fonts\AcadEref.ttf
c:\winnt\system32\mdm.exe
c:\winnt\system32\setting.ini
c:\winnt\system32\win.ini
c:\winnt\system32\winspool.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))
.

2009-08-27 10:28 . 2009-08-27 10:28 -------- d-----w- c:\program files\PFPortChecker
2009-08-27 08:17 . 2009-08-29 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-27 05:03 . 2009-08-27 10:27 -------- d-----w- c:\program files\Windows Defender
2009-08-26 17:42 . 2009-08-26 17:42 -------- d-----w- c:\program files\CCleaner
2009-08-25 14:47 . 2009-08-25 14:47 -------- d-----w- c:\winnt\system32\wbem\Repository
2009-08-25 11:44 . 2009-08-25 11:45 -------- d-----w- c:\documents and settings\admin\Application Data\Nero
2009-08-25 11:44 . 2009-08-25 11:45 -------- d-----w- c:\docume~1\admin\APPLIC~1\Nero
2009-08-25 11:39 . 2009-08-25 11:39 -------- d-----w- c:\program files\Windows Sidebar
2009-08-25 10:55 . 2009-08-25 14:46 -------- d-----w- c:\program files\Nero
2009-08-25 10:54 . 2009-08-25 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-25 10:54 . 2009-08-25 14:46 -------- d-----w- c:\program files\Common Files\Nero
2009-08-25 08:46 . 2009-08-25 14:46 -------- d-----w- c:\program files\CDBurnerXP
2009-08-25 07:02 . 2009-08-25 07:22 -------- d-----w- c:\program files\hpHosts
2009-08-24 18:25 . 2009-08-24 18:25 -------- d-----w- c:\documents and settings\admin\Application Data\gnupg
2009-08-24 18:25 . 2009-08-24 18:25 -------- d-----w- c:\docume~1\admin\APPLIC~1\gnupg
2009-08-24 08:53 . 2009-08-24 09:39 -------- d-----w- c:\program files\Safer Networking
2009-08-22 18:32 . 2009-08-22 18:32 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2009-08-22 18:32 . 2009-08-22 18:32 -------- d-----w- c:\docume~1\admin\APPLIC~1\Malwarebytes
2009-08-22 18:32 . 2009-08-03 09:36 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-08-22 18:32 . 2009-08-22 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 18:32 . 2009-08-22 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-22 18:32 . 2009-08-03 09:36 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-08-22 10:37 . 2009-08-22 10:37 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Opera
2009-08-22 10:37 . 2009-08-22 10:37 -------- d-----w- c:\program files\Opera
2009-08-21 18:59 . 2009-08-21 19:32 -------- d-----w- c:\documents and settings\admin\.housecall6.6
2009-08-21 14:41 . 2009-08-21 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-08-21 14:19 . 2009-08-21 14:19 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\PCHealth
2009-08-21 13:30 . 2009-08-21 13:30 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\IsolatedStorage
2009-08-21 13:28 . 2009-08-21 13:28 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Nokia
2009-08-21 13:28 . 2009-08-21 13:28 -------- d-----w- c:\winnt\Globalization
2009-08-19 11:21 . 2009-08-19 11:21 -------- d-----w- c:\program files\NT Registry Optimizer
2009-08-19 11:07 . 2009-08-19 11:08 -------- d-----w- c:\documents and settings\admin\Application Data\RoamDrive
2009-08-19 11:07 . 2009-08-19 11:08 -------- d-----w- c:\docume~1\admin\APPLIC~1\RoamDrive
2009-08-17 10:50 . 2009-08-17 19:13 -------- d-----w- c:\documents and settings\admin\Application Data\Audacity
2009-08-17 10:50 . 2009-08-17 19:13 -------- d-----w- c:\docume~1\admin\APPLIC~1\Audacity
2009-08-17 10:49 . 2009-08-17 10:49 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-08-16 18:34 . 2009-08-16 18:34 -------- d-----w- C:\oldver
2009-08-16 06:37 . 2009-08-16 06:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-15 12:35 . 2009-08-15 12:35 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
2009-08-15 12:32 . 2009-08-15 12:32 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2009-08-15 12:30 . 2009-08-15 12:30 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2009-08-15 10:02 . 2009-08-15 10:02 -------- d-sh--w- c:\documents and settings\sinhamay\IECompatCache
2009-08-15 10:00 . 2009-08-15 10:00 -------- d-sh--w- c:\documents and settings\sinhamay\PrivacIE
2009-08-15 09:59 . 2009-08-15 09:59 -------- d-sh--w- c:\documents and settings\sinhamay\IETldCache
2009-08-15 09:47 . 2009-08-15 09:51 -------- d-----w- c:\winnt\ie8updates
2009-08-15 09:35 . 2009-08-15 09:43 -------- dc-h--w- c:\winnt\ie8
2009-08-15 09:33 . 2009-08-15 09:53 -------- d--h--w- c:\winnt\msdownld.tmp
2009-08-15 09:23 . 2009-07-03 17:09 12800 -c----w- c:\winnt\system32\dllcache\xpshims.dll
2009-08-15 09:23 . 2009-07-03 17:09 246272 -c----w- c:\winnt\system32\dllcache\ieproxy.dll
2009-08-15 09:21 . 2009-07-01 07:08 101376 -c----w- c:\winnt\system32\dllcache\iecompat.dll
2009-08-14 10:30 . 2009-08-14 10:30 90183 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\TmEngDrv.dll
2009-08-14 10:30 . 2009-08-14 10:30 69632 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\mfcm80.dll
2009-08-14 10:30 . 2009-08-14 10:30 626688 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\msvcr80.dll
2009-08-14 10:30 . 2009-08-14 10:30 57344 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\mfcm80u.dll
2009-08-14 10:30 . 2009-08-14 10:30 548864 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\msvcp80.dll
2009-08-14 10:30 . 2009-08-14 10:30 479232 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\msvcm80.dll
2009-08-14 10:30 . 2009-08-14 10:30 1079808 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\mfc80u.dll
2009-08-14 10:29 . 2009-08-14 10:30 1093632 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\mfc80.dll
2009-08-14 10:29 . 2009-08-14 10:29 98304 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\getMac.exe
2009-08-14 10:28 . 2009-08-14 10:28 218736 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\patch.exe
2009-08-14 10:28 . 2009-08-14 10:28 170512 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\PATCHW32.DLL
2009-08-14 10:28 . 2009-08-14 10:28 189968 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\ciussi32.dll
2009-08-14 10:28 . 2009-08-14 10:28 1267320 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\TmUpdate.dll
2009-08-14 10:27 . 2009-08-14 10:27 61440 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\Toolkit.dll
2009-08-14 10:27 . 2009-08-14 10:27 832776 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\lea.dll
2009-08-14 10:27 . 2009-08-14 10:27 439560 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\jlea.dll
2009-08-14 10:27 . 2009-08-14 10:27 42320 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\dsvout.dll
2009-08-14 10:27 . 2009-08-14 10:27 183356 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\Uninstaller.exe
2009-08-14 10:26 . 2009-08-14 10:39 -------- d-----w- c:\documents and settings\admin\Application Data\HouseCall 6.6
2009-08-14 10:26 . 2009-08-14 10:39 -------- d-----w- c:\docume~1\admin\APPLIC~1\HouseCall 6.6
2009-08-11 17:39 . 2009-08-11 17:39 -------- d-----w- c:\documents and settings\admin\DoctorWeb
2009-08-09 07:11 . 2009-08-09 07:11 -------- d-----w- c:\documents and settings\sinhamay\Application Data\Nokia
2009-08-09 05:49 . 2009-08-09 05:50 -------- d-----w- c:\documents and settings\sinhamay\Local Settings\Application Data\Temp
2009-08-09 05:46 . 2009-08-09 05:46 -------- d-----w- c:\documents and settings\sinhamay\Local Settings\Application Data\India_Radio_TV
2009-08-09 05:42 . 2009-08-09 05:47 -------- d-----w- c:\documents and settings\sinhamay\Application Data\imeshmediabartb
2009-08-09 05:38 . 2009-08-09 05:38 -------- d-----w- c:\documents and settings\sinhamay\Local Settings\Application Data\SupportSoft
2009-08-09 05:26 . 2009-08-09 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\71F
2009-08-09 04:51 . 2009-08-09 04:51 -------- d-----w- c:\documents and settings\admin\Application Data\ICAClient
2009-08-09 04:51 . 2009-08-09 04:51 -------- d-----w- c:\docume~1\admin\APPLIC~1\ICAClient
2009-08-09 04:49 . 2009-08-09 04:49 -------- d-----w- c:\documents and settings\admin\Application Data\CoCreate
2009-08-09 04:49 . 2009-08-09 04:49 -------- d-----w- c:\docume~1\admin\APPLIC~1\CoCreate
2009-08-08 15:54 . 2008-04-13 18:45 26112 -c--a-w- c:\winnt\system32\dllcache\usbser.sys
2009-08-08 15:54 . 2008-04-13 18:45 26112 ----a-w- c:\winnt\system32\drivers\usbser.sys
2009-08-08 15:53 . 2008-03-21 09:57 14640 ------w- c:\winnt\system32\spmsgXP_2k3.dll
2009-08-08 15:47 . 2009-08-21 14:37 -------- d-----w- c:\documents and settings\admin\Application Data\Nokia
2009-08-08 15:47 . 2009-08-21 14:37 -------- d-----w- c:\docume~1\admin\APPLIC~1\Nokia
2009-08-08 15:41 . 2009-08-08 15:41 -------- d-----w- c:\program files\Common Files\PCSuite
2009-08-08 15:40 . 2009-08-21 14:41 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-08 15:40 . 2008-08-26 06:26 18816 ----a-w- c:\winnt\system32\drivers\pccsmcfd.sys
2009-08-08 15:40 . 2009-08-08 15:40 -------- d-----w- c:\program files\PC Connectivity Solution
2009-08-08 15:39 . 2009-02-09 04:37 7808 ----a-w- c:\winnt\system32\drivers\usbser_lowerfltj.sys
2009-08-08 15:39 . 2009-02-09 04:37 7808 ----a-w- c:\winnt\system32\drivers\usbser_lowerflt.sys
2009-08-08 15:39 . 2009-02-09 04:37 22016 ----a-w- c:\winnt\system32\drivers\ccdcmbo.sys
2009-08-08 15:39 . 2009-02-09 04:37 659968 ----a-w- c:\winnt\system32\nmwcdcocls.dll
2009-08-08 15:39 . 2009-02-09 04:37 17664 ----a-w- c:\winnt\system32\drivers\ccdcmb.sys
2009-08-08 15:39 . 2009-02-09 04:32 1112288 ----a-w- c:\winnt\system32\wdfcoinstaller01007.dll
2009-08-08 15:35 . 2009-08-08 15:34 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-08-08 15:34 . 2009-08-08 15:34 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-08-08 15:34 . 2009-08-08 15:34 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-08-08 15:34 . 2009-08-08 15:34 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-08-08 15:34 . 2009-08-08 15:34 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-08-08 15:34 . 2009-08-21 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-08-07 16:37 . 2009-08-24 14:50 -------- d-----w- c:\documents and settings\admin\Application Data\vlc
2009-08-07 16:37 . 2009-08-24 14:50 -------- d-----w- c:\docume~1\admin\APPLIC~1\vlc
2009-08-07 16:22 . 2009-08-07 16:22 -------- d-----w- c:\documents and settings\admin\Application Data\DivX
2009-08-07 16:22 . 2009-08-07 16:22 -------- d-----w- c:\docume~1\admin\APPLIC~1\DivX
2009-08-07 16:18 . 2009-05-01 21:03 120056 ------w- c:\winnt\system32\pxcpyi64.exe
2009-08-07 16:18 . 2009-05-01 21:03 118520 ------w- c:\winnt\system32\pxinsi64.exe
2009-08-04 18:05 . 2009-08-04 18:05 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\SupportSoft
2009-08-04 18:00 . 2009-08-04 18:01 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-08-04 17:58 . 2009-08-04 17:58 -------- d-----w- c:\program files\Etisalat
2009-08-04 17:58 . 2009-08-04 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-08-04 16:22 . 2009-08-04 16:22 -------- d-----w- c:\documents and settings\McAfeeMVSUser\Application Data\Intel
2009-08-04 16:22 . 2009-08-04 16:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2009-08-04 16:21 . 2009-08-04 16:21 21425 ----a-w- c:\winnt\system32\drivers\AegisP.sys
2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\Administrator.LISEC\Application Data\Intel
2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\sinhamay\Application Data\Intel
2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\bruckgeo\Application Data\Intel
2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-08-04 16:19 . 2009-08-04 16:19 -------- d-----w- c:\documents and settings\Administrator.LISECDUBAI\Application Data\Intel
2009-08-04 16:16 . 2009-08-04 16:16 -------- d-----w- c:\documents and settings\admin\Application Data\Intel
2009-08-04 16:16 . 2009-08-04 16:16 -------- d-----w- c:\docume~1\admin\APPLIC~1\Intel
2009-08-03 13:44 . 2009-08-03 13:44 -------- d-----w- c:\documents and settings\admin\Application Data\Canneverbe_Limited

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-29 03:33 . 2007-01-25 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-08-29 03:33 . 2007-01-25 12:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-08-29 03:30 . 2007-03-21 12:35 2484 ----a-w- c:\winnt\bthservsdp.dat
2009-08-27 05:04 . 2009-03-18 07:41 53272 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 04:52 . 2008-08-02 08:10 -------- d-----w- c:\program files\SiteAdvisor
2009-08-22 09:41 . 2009-04-18 17:38 664 ----a-w- c:\winnt\system32\d3d9caps.dat
2009-08-21 14:48 . 2009-07-18 20:00 121440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-21 14:41 . 2007-08-03 07:08 -------- d-----w- c:\program files\Nokia
2009-08-17 19:14 . 2008-07-18 08:13 968 ----a-w- c:\winnt\xlkfs.dat
2009-08-17 12:32 . 2008-08-05 05:13 -------- d-----w- c:\documents and settings\admin\Application Data\SiteAdvisor
2009-08-17 12:32 . 2008-08-05 05:13 -------- d-----w- c:\docume~1\admin\APPLIC~1\SiteAdvisor
2009-08-15 13:28 . 2007-01-25 10:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-15 10:33 . 2008-08-31 08:29 53680 -c--a-w- c:\documents and settings\sinhamay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 10:49 . 2009-07-29 19:25 -------- d-----w- c:\program files\Hotspot Shield
2009-08-09 15:25 . 2009-08-09 15:25 0 ---ha-w- c:\winnt\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-08 15:56 . 2009-08-08 15:56 0 ---ha-w- c:\winnt\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-08-08 15:56 . 2009-08-08 15:56 0 ---ha-w- c:\winnt\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-08 15:55 . 2008-07-04 07:07 -------- d-----w- c:\documents and settings\admin\Application Data\PC Suite
2009-08-08 15:55 . 2008-07-04 07:07 -------- d-----w- c:\docume~1\admin\APPLIC~1\PC Suite
2009-08-08 15:54 . 2008-08-02 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 15:54 . 2007-08-03 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-08-08 15:54 . 2009-08-08 15:54 0 ---ha-w- c:\winnt\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-08 15:54 . 2009-08-08 15:54 0 ---ha-w- c:\winnt\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-08 15:42 . 2007-08-03 07:10 -------- d-----w- c:\program files\DIFX
2009-08-08 15:17 . 2009-08-08 15:17 0 ---ha-w- c:\winnt\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-04 19:46 . 2007-01-25 10:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 19:43 . 2007-03-28 10:03 -------- d--h--r- c:\documents and settings\admin\Application Data\yahoo!
2009-08-04 19:43 . 2007-03-28 10:03 -------- d--h--r- c:\docume~1\admin\APPLIC~1\yahoo!
2009-08-04 19:43 . 2007-03-22 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-08-04 19:41 . 2007-01-25 12:07 -------- d-----w- c:\program files\irfanview
2009-08-03 13:42 . 2009-07-14 15:32 -------- d-----w- c:\program files\CD Copy Master
2009-07-30 21:46 . 2009-04-09 09:56 -------- d-----w- c:\program files\Siemens
2009-07-30 12:37 . 2007-08-05 08:21 -------- d-----w- c:\program files\Google
2009-07-30 11:54 . 2007-01-25 12:19 -------- d-----w- c:\program files\Symantec
2009-07-30 11:54 . 2007-01-25 12:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-30 11:44 . 2009-07-25 19:00 -------- d-----w- c:\documents and settings\admin\Application Data\Intel(2)
2009-07-30 11:44 . 2009-07-25 19:00 -------- d-----w- c:\docume~1\admin\APPLIC~1\Intel(2)
2009-07-30 11:44 . 2009-07-25 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel(2)
2009-07-30 11:44 . 2009-07-25 19:03 -------- d-----w- c:\documents and settings\Administrator.LISECDUBAI\Application Data\Intel(2)
2009-07-30 11:44 . 2009-07-25 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel(2)
2009-07-30 11:44 . 2009-07-25 19:07 -------- d-----w- c:\program files\Modem Helper
2009-07-30 11:43 . 2009-07-29 17:42 -------- d-----w- c:\program files\IEPro
2009-07-30 11:43 . 2009-07-29 19:23 -------- d-----w- c:\documents and settings\admin\Application Data\MiniDm
2009-07-30 11:43 . 2009-07-29 19:23 -------- d-----w- c:\docume~1\admin\APPLIC~1\MiniDm
2009-07-25 18:36 . 2009-07-25 18:36 -------- d-----w- c:\program files\Sonic
2009-07-25 13:35 . 2009-07-25 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-24 18:44 . 2008-07-17 08:43 23552 ----a-w- c:\winnt\xlkfs.dll
2009-07-24 18:43 . 2009-07-24 18:42 -------- d-----w- c:\program files\Easy File Locker
2009-07-24 07:05 . 2009-06-28 17:30 -------- d-----w- c:\documents and settings\admin\Application Data\Winamp
2009-07-24 07:05 . 2009-06-28 17:30 -------- d-----w- c:\docume~1\admin\APPLIC~1\Winamp
2009-07-23 08:09 . 2009-07-23 08:05 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-22 19:13 . 2009-07-15 00:01 28592 ----a-w- c:\winnt\system32\drivers\tap0901.sys
2009-07-19 10:18 . 2009-07-18 08:33 -------- d-----w- c:\documents and settings\admin\Application Data\DVD Flick
2009-07-19 10:18 . 2009-07-18 08:33 -------- d-----w- c:\docume~1\admin\APPLIC~1\DVD Flick
2009-07-19 10:17 . 2009-07-19 10:17 -------- d-----w- c:\program files\7-Zip
2009-07-18 10:32 . 2009-07-18 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-07-18 04:08 . 2009-07-18 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DivoGames
2009-07-18 04:00 . 2009-07-18 04:00 552 ----a-w- c:\winnt\system32\d3d8caps.dat
2009-07-15 14:47 . 2009-07-15 14:47 865 ----a-w- c:\winnt\unins000.dat
2009-07-15 12:15 . 2007-03-22 11:41 -------- d-----w- c:\program files\Yahoo!
2009-07-12 14:59 . 2009-07-12 14:59 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-12 14:59 . 2009-07-12 14:58 -------- d-----w- c:\program files\Common Files\Real
2009-07-12 14:58 . 2009-07-12 14:58 -------- d-----w- c:\program files\Real
2009-07-10 14:18 . 2009-07-08 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-08 09:48 . 2007-01-25 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-08 09:48 . 2009-07-08 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-07 18:58 . 2009-07-07 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2009-07-07 18:58 . 2009-07-07 18:58 -------- d-----w- c:\program files\ATTNaturalVoices
2009-07-03 17:09 . 2007-01-25 21:21 915456 ----a-w- c:\winnt\system32\wininet.dll
2009-07-03 05:49 . 2009-07-03 05:49 -------- d-----w- c:\documents and settings\admin\Application Data\AdobeAUM
2009-07-03 05:49 . 2009-07-03 05:49 -------- d-----w- c:\docume~1\admin\APPLIC~1\AdobeAUM
2009-07-03 05:49 . 2009-07-03 05:49 -------- d-----w- c:\documents and settings\admin\Application Data\Leadertech
2009-07-03 05:49 . 2009-07-03 05:49 -------- d-----w- c:\docume~1\admin\APPLIC~1\Leadertech
2009-07-02 02:34 . 2009-07-10 14:38 33840 ----a-w- c:\winnt\system32\drivers\hssdrv.sys
2009-06-22 11:23 . 2009-06-22 11:23 239088 ----a-w- c:\documents and settings\sinhamay\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-18 07:58 . 2009-06-18 07:58 18432 ----a-w- c:\winnt\system32\drivers\xlkfs.sys
2009-06-12 18:34 . 2009-04-19 16:18 664 -c--a-w- c:\documents and settings\sinhamay\Local Settings\Application Data\d3d9caps.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-03 06:52 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-25 761946]
"igfxtray "= "c:\winnt\system32\igfxtray.exe" [2005-02-15 155648]
"igfxhkcmd "= "c:\winnt\system32\hkcmd.exe" [2005-02-15 126976]
"igfxpers "= "c:\winnt\system32\igfxpers.exe" [2007-01-25 118784]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-25 925696]
"HotKeysCmds "= "c:\winnt\system32\hkcmd.exe" [2005-02-15 126976]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-12 198160]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"AGRSMMSG "= "AGRSMMSG.exe" - c:\winnt\AGRSMMSG.exe [2006-10-23 88203]
"BluetoothAuthenticationAgent "= "bthprops.cpl" - c:\winnt\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
.print Client Windows.lnk - c:\documents and settings\Administrator.LISEC\Application Data\Microsoft\Installer\{311CED86-3CDB-4CDC-BF30-7609D67C1A81}\NewShortcut10_FBB862E34F8F4C7C8D151A9FB16A3E41.exe [2007-1-25 49152]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1
"NoSMBalloonTip "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu "= 1 (0x1)
"NoStrCmpLogica "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2005-06-19 12:11 24669 ----a-w- c:\winnt\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2004-11-05 11:50 8704 ----a-w- c:\winnt\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1123561945-412668190-839522115-1005\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1123561945-412668190-839522115-500\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94854679-1239112480-1846952604-1021\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94854679-1239112480-1846952604-1216\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94854679-1239112480-1846952604-1375\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94854679-1239112480-1846952604-1376\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94854679-1239112480-1846952604-500\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-99137005-3297216802-1498692289-2996\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-99137005-3297216802-1498692289-6740\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService "=2 (0x2)
"s7oiehsx "=2 (0x2)
"hpqwmiex "=2 (0x2)
"myAgtSvc "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\HP2014MC.EXE "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\winnt\system32\sessmgr.exe "= c:\winnt\system32\sessmgr.exe:192.168.0.5/255.255.255.255:Enabled:Remote Assistance
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\LisecSW\\JRE\\R1_4_1_07\\bin\\J_GPSopt.exe "=
"c:\\WINNT\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP "= 139:TCPxpsp2res.dll,-22004
"445:TCP "= 445:TCPxpsp2res.dll,-22005
"137:UDP "= 137:UDPxpsp2res.dll,-22001
"138:UDP "= 138:UDPxpsp2res.dll,-22002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest "= 1 (0x1)

R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [12/17/2003 3:41 PM 5632]
R2 CP_OMDRV;Check Point Office Mode Module;c:\winnt\system32\drivers\omdrv.sys [6/19/2005 4:11 PM 36400]
R2 KeyP;KeyP;c:\winnt\system32\drivers\KeyP.sys [5/14/2008 4:41 PM 14232]
R2 PBUS;PBUS;c:\winnt\system32\drivers\PBus.sys [1/26/2007 1:25 PM 3904]
R2 Peakcan;Peakcan;c:\winnt\system32\drivers\PEAKCAN.SYS [1/26/2007 1:45 PM 177296]
R2 SIGMA16;SIGMA16;c:\winnt\system32\drivers\Sigma16.sys [1/26/2007 2:29 PM 3444]
R2 Sigma32;Sigma32;c:\winnt\system32\drivers\Sigma32.SYS [1/26/2007 2:24 PM 25344]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\winnt\system32\drivers\vnasc.sys [6/19/2005 4:10 PM 109072]
R2 VPN-1;VPN-1 Module;c:\winnt\system32\drivers\vpn.sys [6/19/2005 4:10 PM 671408]
R3 CANLPT;CANLPT;c:\winnt\system32\drivers\canlpt2.sys [7/13/2005 4:00 PM 40704]
R3 FW1;SecuRemote Miniport;c:\winnt\system32\drivers\fw.sys [6/19/2005 4:10 PM 2234320]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\winnt\system32\drivers\hssdrv.sys [7/10/2009 6:38 PM 33840]
R3 SIGMA;SIGMA;c:\winnt\system32\drivers\sigma.sys [4/30/2003 1:52 PM 20979]
R3 tap0901;TAP-Win32 Adapter V9;c:\winnt\system32\drivers\tap0901.sys [7/15/2009 4:01 AM 28592]
S2 CanIpcNT1;CanIpcNT1;c:\winnt\system32\drivers\CanIpcNT1.sys [4/30/2003 1:21 PM 37016]
S3 DIASIPC;DIASIPC;c:\winnt\system32\drivers\diasipc.sys [4/13/2004 6:47 PM 16896]
S3 GTIPCI21;GTIPCI21;c:\winnt\system32\drivers\gtipci21.sys [1/25/2007 2:47 PM 88192]
S3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [10/23/2006 9:58 PM 36352]
S3 Ssfdcstk;Ssfdcstk;c:\winnt\system32\drivers\ssfdcstk.sys [9/10/2003 2:32 PM 20736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\winnt\Tasks\Disk Cleanup.job
- c:\winnt\system32\cleanmgr.exe [2007-01-25 00:12]

2009-08-29 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 09:09]

2009-08-29 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 09:40]

2009-08-29 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 09:40]

2009-08-26 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-412668190-839522115-1005Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-11 18:03]

2009-08-29 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-412668190-839522115-1005UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-11 18:03]

2009-08-27 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-94854679-1239112480-1846952604-1376Core.job
- c:\documents and settings\sinhamay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 13:52]

2009-08-29 c:\winnt\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 15:20]

2009-05-01 c:\winnt\Tasks\Windows Update.job
- c:\winnt\system32\wupdmgr.exe [2007-01-25 17:50]
.
- - - - ORPHANS REMOVED - - - -

BHO-{48f081da-c563-4c45-8413-dae38ec5cf1d} - (no file)
Toolbar-{48f081da-c563-4c45-8413-dae38ec5cf1d} - (no file)
WebBrowser-{48F081DA-C563-4C45-8413-DAE38EC5CF1D} - (no file)
SafeBoot-xlkfs.sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://in.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\docume~1\admin\APPLIC~1\Mozilla\Firefox\Profiles\bfcdn2rq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-29 08:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Com+ Event System Log]
"ImagePath "= "c:\program files\Common Files\Microsoft Shared\MSINFO\twunk_64.aaa "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(132)
c:\winnt\system32\igfxsrvc.dll
c:\winnt\system32\hccutils.DLL
.
Completion time: 2009-08-29 9:02
ComboFix-quarantined-files.txt 2009-08-29 05:00

Pre-Run: 14,992,150,528 bytes free
Post-Run: 17,989,693,440 bytes free

427

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:33 AM, on 8/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINNT\system32\IoctlSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: .print Client Windows.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://lilink.lisec.co.at
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\Software\..\Telephony: DomainName = lisec.co.at
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com+ Event System Log - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Update Service (gupdate1c9eb41d0a2c6a0) (gupdate1c9eb41d0a2c6a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - Unknown owner - C:\mayank\Hotspot Shield\HssWPR\hsssrv.exe (file missing)
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINNT\system32\Opcenum.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
O23 - Service: SupportSoft Sprocket Service (etisalat) (sprtsvc_etisalat) - SupportSoft, Inc. - C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11845 bytes

broni · 2009/08/29

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

mayank240 · 2009/08/30

Hi Broni,I have done everything as instructed.Please find the logs below:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/30/2009 at 01:25 PM

Application Version : 4.27.1000

Core Rules Database Version : 4076
Trace Rules Database Version: 2016

Scan type : Complete Scan
Total Scan Time : 03:03:23

Memory items scanned : 220
Memory threats detected : 0
Registry items scanned : 6855
Registry threats detected : 0
File items scanned : 77172
File threats detected : 0

Malwarebytes' Anti-Malware 1.40
Database version: 2717
Windows 5.1.2600 Service Pack 3 (Safe Mode)

8/30/2009 5:55:13 PM
mbam-log-2009-08-30 (17-55-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 236553
Time elapsed: 1 hour(s), 51 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dr Web Cureit Log

f_0000e2\32788R22FWJFW\c.bat;C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000e2;Probably BATCH.Virus;;
f_0000e2;C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache;Archive contains infected objects;Moved.;
ComboFix.exe\32788R22FWJFW\c.bat;C:\Documents and Settings\admin\My Documents\Downloads\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe;C:\Documents and Settings\admin\My Documents\Downloads;Archive contains infected objects;Moved.;
Fport.exe;C:\Documents and Settings\admin\My Documents\Downloads\fport\Fport-2.0;Program.FPort.20;Incurable.Deleted.;
A0106937.dll;C:\System Volume Information\_restore{0FC31281-74CC-49CD-BCB7-E466A09E932D}\RP388;Trojan.Siggen.2468;Deleted.;
A0106938.dll;C:\System Volume Information\_restore{0FC31281-74CC-49CD-BCB7-E466A09E932D}\RP388;Probably DLOADER.Trojan;Incurable.Deleted.;
A0106939.dll;C:\System Volume Information\_restore{0FC31281-74CC-49CD-BCB7-E466A09E932D}\RP388;Probably DLOADER.Trojan;Incurable.Deleted.;
A0113708.exe\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{0FC31281-74CC-49CD-BCB7-E466A09E932D}\RP422\A0113708.exe;Probably BATCH.Virus;;
A0113708.exe;C:\System Volume Information\_restore{0FC31281-74CC-49CD-BCB7-E466A09E932D}\RP422;Archive contains infected objects;Moved.;
A0113717.bat;C:\System Volume Information\_restore{0FC31281-74CC-49CD-BCB7-E466A09E932D}\RP422;Probably BATCH.Virus;Incurable.Deleted.;
A0113807.bat;C:\System Volume Information\_restore{0FC31281-74CC-49CD-BCB7-E466A09E932D}\RP422;Probably BATCH.Virus;Incurable.Deleted.;
A0113888.exe\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{0FC31281-74CC-49CD-BCB7-E466A09E932D}\RP422\A0113888.exe;Probably BATCH.Virus;;
A0113888.exe;C:\System Volume Information\_restore{0FC31281-74CC-49CD-BCB7-E466A09E932D}\RP422;Archive contains infected objects;Moved.;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:07 PM, on 8/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINNT\system32\IoctlSvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: .print Client Windows.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://lilink.lisec.co.at
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\Software\..\Telephony: DomainName = lisec.co.at
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com+ Event System Log - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Update Service (gupdate1c9eb41d0a2c6a0) (gupdate1c9eb41d0a2c6a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - Unknown owner - C:\mayank\Hotspot Shield\HssWPR\hsssrv.exe (file missing)
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINNT\system32\Opcenum.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
O23 - Service: SupportSoft Sprocket Service (etisalat) (sprtsvc_etisalat) - SupportSoft, Inc. - C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11858 bytes

broni · 2009/08/30

I don't see any antivirus program installed.

Please, download and install one of these...

- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free PC Tools Antivirus: http://www.pctools.com/free-antivirus/
- free PC Tools Firewall Plus: http://www.pctools.com/firewall/

- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use PC Tools Firewall Plus, or Comodo firewall..
If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

After installation, update the program and run full scan.

Also...

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Open JavaRa.exe again and select Search For Updates.

Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Post fresh HJT log.

mayank240 · 2009/08/31

Hi Broni Please find the fresh HJT log below.I have found temporary solution of SVCHOST using 100% CPU,I execute process explorer and can see svchost,I right click and can see kernel.dll using 98%CPU. and i suspend the process,however it does not affects my computer and everything works fast.I dont know if terminating this process can harm my computer so i haven't done that.Is it a bug?Do you have permanent solution for this.Also this problem happened after i installed hphosts and ran Ccleaner and optimized the registry.Are the registry files corrupted.If the problem was with registry, who was preventing me to do the system restore.Need your guidance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:05 AM, on 8/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINNT\system32\IoctlSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Mayank\Download\ProcessExplorer\procexp.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: .print Client Windows.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://lilink.lisec.co.at
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\Software\..\Telephony: DomainName = lisec.co.at
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com+ Event System Log - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Update Service (gupdate1c9eb41d0a2c6a0) (gupdate1c9eb41d0a2c6a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - Unknown owner - C:\mayank\Hotspot Shield\HssWPR\hsssrv.exe (file missing)
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINNT\system32\Opcenum.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
O23 - Service: SupportSoft Sprocket Service (etisalat) (sprtsvc_etisalat) - SupportSoft, Inc. - C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12963 bytes

mayank240 · 2009/08/31

Hi Broni, I want to update you further.After installing comodo firewall i got a message svchost.exe is trying to attempt to connect to another computer 10.112.255.1. A lot of attempts has been done and has been blocked by me using firewall.Since SVCHOST is not able to start, CPU usage is less now.I have deactivated windows firewall.Thanks a lot for suggesting me comodo firewall it's really a great thing and everyone should be advised to use instead of windows firewall,which does not tells, "what's going on ".Looking forward for your comments on these intrusions.Comodo inst. is not there in HJT because earlier i had decided to go for windows firewall.

broni · 2009/08/31

I want you to re-run Combofix....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

mayank240 · 2009/08/31

Hello Broni.Plese find the fresh logs below:ComboFix 09-08-31.03 - admin 09/01/2009 0:13.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.556 [GMT 4:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090831-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.

2009-08-31 18:03 . 2009-08-31 18:03 -------- d-----w- C:\LOGFILES
2009-08-31 08:20 . 2009-08-31 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-08-31 08:20 . 2009-08-31 08:20 87104 ----a-w- c:\winnt\system32\drivers\inspect.sys
2009-08-31 08:20 . 2009-08-31 08:20 25160 ----a-w- c:\winnt\system32\drivers\cmdhlp.sys
2009-08-31 08:20 . 2009-08-31 08:20 179792 ----a-w- c:\winnt\system32\guard32.dll
2009-08-31 08:20 . 2009-08-31 08:20 132168 ----a-w- c:\winnt\system32\drivers\cmdguard.sys
2009-08-31 08:20 . 2009-08-31 08:20 -------- d-----w- c:\program files\COMODO
2009-08-31 04:53 . 2009-08-31 04:53 152576 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-30 17:43 . 2009-08-17 16:04 51376 ----a-w- c:\winnt\system32\drivers\aswTdi.sys
2009-08-30 17:43 . 2009-08-17 16:04 23152 ----a-w- c:\winnt\system32\drivers\aswRdr.sys
2009-08-30 17:43 . 2009-08-17 16:03 26944 ----a-w- c:\winnt\system32\drivers\aavmker4.sys
2009-08-30 17:43 . 2009-08-17 16:02 97480 ----a-w- c:\winnt\system32\AvastSS.scr
2009-08-30 17:43 . 2009-08-17 16:06 93392 ----a-w- c:\winnt\system32\drivers\aswmon.sys
2009-08-30 17:43 . 2009-08-17 16:06 94160 ----a-w- c:\winnt\system32\drivers\aswmon2.sys
2009-08-30 17:43 . 2009-08-17 16:05 114768 ----a-w- c:\winnt\system32\drivers\aswSP.sys
2009-08-30 17:43 . 2009-08-17 16:05 20560 ----a-w- c:\winnt\system32\drivers\aswFsBlk.sys
2009-08-30 17:42 . 2009-08-17 16:10 1279456 ----a-w- c:\winnt\system32\aswBoot.exe
2009-08-30 17:42 . 2009-08-30 17:42 -------- d-----w- c:\program files\Alwil Software
2009-08-30 05:59 . 2009-08-30 14:33 117760 ----a-w- c:\documents and settings\admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-30 05:57 . 2009-08-30 05:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-29 21:45 . 2009-08-29 21:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-08-29 05:30 . 2009-08-29 05:30 -------- d-----w- c:\program files\Trend Micro
2009-08-27 10:28 . 2009-08-27 10:28 -------- d-----w- c:\program files\PFPortChecker
2009-08-27 08:17 . 2009-08-29 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-27 05:03 . 2009-08-27 10:27 -------- d-----w- c:\program files\Windows Defender
2009-08-26 17:42 . 2009-08-26 17:42 -------- d-----w- c:\program files\CCleaner
2009-08-25 14:47 . 2009-08-25 14:47 -------- d-----w- c:\winnt\system32\wbem\Repository
2009-08-25 11:44 . 2009-08-25 11:45 -------- d-----w- c:\documents and settings\admin\Application Data\Nero
2009-08-25 11:44 . 2009-08-25 11:45 -------- d-----w- c:\docume~1\admin\APPLIC~1\Nero
2009-08-25 11:39 . 2009-08-25 11:39 -------- d-----w- c:\program files\Windows Sidebar
2009-08-25 10:55 . 2009-08-25 14:46 -------- d-----w- c:\program files\Nero
2009-08-25 10:54 . 2009-08-25 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-25 10:54 . 2009-08-25 14:46 -------- d-----w- c:\program files\Common Files\Nero
2009-08-25 08:46 . 2009-08-25 14:46 -------- d-----w- c:\program files\CDBurnerXP
2009-08-25 07:02 . 2009-08-25 07:22 -------- d-----w- c:\program files\hpHosts
2009-08-24 18:25 . 2009-08-24 18:25 -------- d-----w- c:\documents and settings\admin\Application Data\gnupg
2009-08-24 18:25 . 2009-08-24 18:25 -------- d-----w- c:\docume~1\admin\APPLIC~1\gnupg
2009-08-24 08:53 . 2009-08-24 09:39 -------- d-----w- c:\program files\Safer Networking
2009-08-22 18:32 . 2009-08-22 18:32 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2009-08-22 18:32 . 2009-08-22 18:32 -------- d-----w- c:\docume~1\admin\APPLIC~1\Malwarebytes
2009-08-22 18:32 . 2009-08-03 09:36 38160 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-08-22 18:32 . 2009-08-22 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 18:32 . 2009-08-22 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-22 18:32 . 2009-08-03 09:36 19096 ----a-w- c:\winnt\system32\drivers\mbam.sys
2009-08-22 10:37 . 2009-08-22 10:37 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Opera
2009-08-22 10:37 . 2009-08-22 10:37 -------- d-----w- c:\program files\Opera
2009-08-21 18:59 . 2009-08-21 19:32 -------- d-----w- c:\documents and settings\admin\.housecall6.6
2009-08-21 14:41 . 2009-08-21 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-08-21 14:19 . 2009-08-21 14:19 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\PCHealth
2009-08-21 13:30 . 2009-08-21 13:30 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\IsolatedStorage
2009-08-21 13:28 . 2009-08-21 13:28 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Nokia
2009-08-21 13:28 . 2009-08-21 13:28 -------- d-----w- c:\winnt\Globalization
2009-08-19 11:21 . 2009-08-19 11:21 -------- d-----w- c:\program files\NT Registry Optimizer
2009-08-19 11:07 . 2009-08-19 11:08 -------- d-----w- c:\documents and settings\admin\Application Data\RoamDrive
2009-08-19 11:07 . 2009-08-19 11:08 -------- d-----w- c:\docume~1\admin\APPLIC~1\RoamDrive
2009-08-17 10:50 . 2009-08-17 19:13 -------- d-----w- c:\documents and settings\admin\Application Data\Audacity
2009-08-17 10:50 . 2009-08-17 19:13 -------- d-----w- c:\docume~1\admin\APPLIC~1\Audacity
2009-08-17 10:49 . 2009-08-17 10:49 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-08-16 18:34 . 2009-08-16 18:34 -------- d-----w- C:\oldver
2009-08-16 06:37 . 2009-08-16 06:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-15 12:35 . 2009-08-15 12:35 -------- d-sh--w- c:\documents and settings\admin\IECompatCache
2009-08-15 12:32 . 2009-08-15 12:32 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2009-08-15 12:30 . 2009-08-15 12:30 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2009-08-15 10:02 . 2009-08-15 10:02 -------- d-sh--w- c:\documents and settings\sinhamay\IECompatCache
2009-08-15 10:00 . 2009-08-15 10:00 -------- d-sh--w- c:\documents and settings\sinhamay\PrivacIE
2009-08-15 09:59 . 2009-08-15 09:59 -------- d-sh--w- c:\documents and settings\sinhamay\IETldCache
2009-08-15 09:47 . 2009-08-15 09:51 -------- d-----w- c:\winnt\ie8updates
2009-08-15 09:35 . 2009-08-15 09:43 -------- dc-h--w- c:\winnt\ie8
2009-08-15 09:33 . 2009-08-15 09:53 -------- d--h--w- c:\winnt\msdownld.tmp
2009-08-15 09:23 . 2009-07-03 17:09 12800 -c----w- c:\winnt\system32\dllcache\xpshims.dll
2009-08-15 09:23 . 2009-07-03 17:09 246272 -c----w- c:\winnt\system32\dllcache\ieproxy.dll
2009-08-15 09:21 . 2009-07-01 07:08 101376 -c----w- c:\winnt\system32\dllcache\iecompat.dll
2009-08-14 10:30 . 2009-08-14 10:30 90183 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\TmEngDrv.dll
2009-08-14 10:30 . 2009-08-14 10:30 69632 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\mfcm80.dll
2009-08-14 10:30 . 2009-08-14 10:30 626688 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\msvcr80.dll
2009-08-14 10:30 . 2009-08-14 10:30 57344 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\mfcm80u.dll
2009-08-14 10:30 . 2009-08-14 10:30 548864 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\msvcp80.dll
2009-08-14 10:30 . 2009-08-14 10:30 479232 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\msvcm80.dll
2009-08-14 10:30 . 2009-08-14 10:30 1079808 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\mfc80u.dll
2009-08-14 10:29 . 2009-08-14 10:30 1093632 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\mfc80.dll
2009-08-14 10:29 . 2009-08-14 10:29 98304 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\getMac.exe
2009-08-14 10:28 . 2009-08-14 10:28 218736 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\patch.exe
2009-08-14 10:28 . 2009-08-14 10:28 170512 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\PATCHW32.DLL
2009-08-14 10:28 . 2009-08-14 10:28 189968 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\ciussi32.dll
2009-08-14 10:28 . 2009-08-14 10:28 1267320 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\TmUpdate.dll
2009-08-14 10:27 . 2009-08-14 10:27 61440 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\Toolkit.dll
2009-08-14 10:27 . 2009-08-14 10:27 832776 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\lea.dll
2009-08-14 10:27 . 2009-08-14 10:27 439560 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\jlea.dll
2009-08-14 10:27 . 2009-08-14 10:27 42320 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\dsvout.dll
2009-08-14 10:27 . 2009-08-14 10:27 183356 ----a-w- c:\documents and settings\admin\Application Data\HouseCall 6.6\Uninstaller.exe
2009-08-14 10:26 . 2009-08-14 10:39 -------- d-----w- c:\documents and settings\admin\Application Data\HouseCall 6.6
2009-08-14 10:26 . 2009-08-14 10:39 -------- d-----w- c:\docume~1\admin\APPLIC~1\HouseCall 6.6
2009-08-11 17:39 . 2009-08-11 17:39 -------- d-----w- c:\documents and settings\admin\DoctorWeb
2009-08-09 07:11 . 2009-08-09 07:11 -------- d-----w- c:\documents and settings\sinhamay\Application Data\Nokia
2009-08-09 05:49 . 2009-08-09 05:50 -------- d-----w- c:\documents and settings\sinhamay\Local Settings\Application Data\Temp
2009-08-09 05:46 . 2009-08-09 05:46 -------- d-----w- c:\documents and settings\sinhamay\Local Settings\Application Data\India_Radio_TV
2009-08-09 05:42 . 2009-08-09 05:47 -------- d-----w- c:\documents and settings\sinhamay\Application Data\imeshmediabartb
2009-08-09 05:38 . 2009-08-09 05:38 -------- d-----w- c:\documents and settings\sinhamay\Local Settings\Application Data\SupportSoft
2009-08-09 05:26 . 2009-08-09 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\71F
2009-08-09 04:51 . 2009-08-09 04:51 -------- d-----w- c:\documents and settings\admin\Application Data\ICAClient
2009-08-09 04:51 . 2009-08-09 04:51 -------- d-----w- c:\docume~1\admin\APPLIC~1\ICAClient
2009-08-09 04:49 . 2009-08-09 04:49 -------- d-----w- c:\documents and settings\admin\Application Data\CoCreate
2009-08-09 04:49 . 2009-08-09 04:49 -------- d-----w- c:\docume~1\admin\APPLIC~1\CoCreate
2009-08-08 15:54 . 2008-04-13 18:45 26112 -c--a-w- c:\winnt\system32\dllcache\usbser.sys
2009-08-08 15:54 . 2008-04-13 18:45 26112 ----a-w- c:\winnt\system32\drivers\usbser.sys
2009-08-08 15:53 . 2008-03-21 09:57 14640 ------w- c:\winnt\system32\spmsgXP_2k3.dll
2009-08-08 15:47 . 2009-08-21 14:37 -------- d-----w- c:\documents and settings\admin\Application Data\Nokia
2009-08-08 15:47 . 2009-08-21 14:37 -------- d-----w- c:\docume~1\admin\APPLIC~1\Nokia
2009-08-08 15:41 . 2009-08-08 15:41 -------- d-----w- c:\program files\Common Files\PCSuite
2009-08-08 15:40 . 2009-08-21 14:41 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-08 15:40 . 2008-08-26 06:26 18816 ----a-w- c:\winnt\system32\drivers\pccsmcfd.sys
2009-08-08 15:40 . 2009-08-08 15:40 -------- d-----w- c:\program files\PC Connectivity Solution
2009-08-08 15:39 . 2009-02-09 04:37 7808 ----a-w- c:\winnt\system32\drivers\usbser_lowerfltj.sys
2009-08-08 15:39 . 2009-02-09 04:37 7808 ----a-w- c:\winnt\system32\drivers\usbser_lowerflt.sys
2009-08-08 15:39 . 2009-02-09 04:37 22016 ----a-w- c:\winnt\system32\drivers\ccdcmbo.sys
2009-08-08 15:39 . 2009-02-09 04:37 659968 ----a-w- c:\winnt\system32\nmwcdcocls.dll
2009-08-08 15:39 . 2009-02-09 04:37 17664 ----a-w- c:\winnt\system32\drivers\ccdcmb.sys
2009-08-08 15:39 . 2009-02-09 04:32 1112288 ----a-w- c:\winnt\system32\wdfcoinstaller01007.dll
2009-08-08 15:35 . 2009-08-08 15:34 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-08-08 15:34 . 2009-08-08 15:34 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-08-08 15:34 . 2009-08-08 15:34 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-08-08 15:34 . 2009-08-08 15:34 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-08-08 15:34 . 2009-08-08 15:34 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-08-08 15:34 . 2009-08-21 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-08-07 16:37 . 2009-08-29 18:25 -------- d-----w- c:\documents and settings\admin\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 18:29 . 2007-01-25 12:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-08-31 18:29 . 2007-01-25 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-08-31 18:00 . 2007-03-21 12:35 2484 ----a-w- c:\winnt\bthservsdp.dat
2009-08-31 04:55 . 2007-01-25 11:16 -------- d-----w- c:\program files\Java
2009-08-31 04:50 . 2009-04-18 17:38 664 ----a-w- c:\winnt\system32\d3d9caps.dat
2009-08-30 05:44 . 2009-03-18 07:41 52888 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 04:52 . 2008-08-02 08:10 -------- d-----w- c:\program files\SiteAdvisor
2009-08-21 14:48 . 2009-07-18 20:00 121440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-21 14:41 . 2007-08-03 07:08 -------- d-----w- c:\program files\Nokia
2009-08-17 19:14 . 2008-07-18 08:13 968 ----a-w- c:\winnt\xlkfs.dat
2009-08-17 12:32 . 2008-08-05 05:13 -------- d-----w- c:\documents and settings\admin\Application Data\SiteAdvisor
2009-08-17 12:32 . 2008-08-05 05:13 -------- d-----w- c:\docume~1\admin\APPLIC~1\SiteAdvisor
2009-08-15 13:28 . 2007-01-25 10:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-15 10:33 . 2008-08-31 08:29 53680 -c--a-w- c:\documents and settings\sinhamay\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 22:22 . 2009-07-31 13:04 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-08-14 10:49 . 2009-07-29 19:25 -------- d-----w- c:\program files\Hotspot Shield
2009-08-09 15:25 . 2009-08-09 15:25 0 ---ha-w- c:\winnt\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-08 15:56 . 2009-08-08 15:56 0 ---ha-w- c:\winnt\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-08-08 15:56 . 2009-08-08 15:56 0 ---ha-w- c:\winnt\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-08 15:55 . 2008-07-04 07:07 -------- d-----w- c:\documents and settings\admin\Application Data\PC Suite
2009-08-08 15:55 . 2008-07-04 07:07 -------- d-----w- c:\docume~1\admin\APPLIC~1\PC Suite
2009-08-08 15:54 . 2008-08-02 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 15:54 . 2007-08-03 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-08-08 15:54 . 2009-08-08 15:54 0 ---ha-w- c:\winnt\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-08 15:54 . 2009-08-08 15:54 0 ---ha-w- c:\winnt\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-08 15:42 . 2007-08-03 07:10 -------- d-----w- c:\program files\DIFX
2009-08-08 15:17 . 2009-08-08 15:17 0 ---ha-w- c:\winnt\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-04 19:46 . 2007-01-25 10:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-04 19:43 . 2007-03-28 10:03 -------- d--h--r- c:\documents and settings\admin\Application Data\yahoo!
2009-08-04 19:43 . 2007-03-28 10:03 -------- d--h--r- c:\docume~1\admin\APPLIC~1\yahoo!
2009-08-04 19:43 . 2007-03-22 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-08-04 19:41 . 2007-01-25 12:07 -------- d-----w- c:\program files\irfanview
2009-08-03 13:42 . 2009-07-14 15:32 -------- d-----w- c:\program files\CD Copy Master
2009-08-01 09:57 . 2009-08-01 09:57 -------- d-----w- c:\documents and settings\admin\Application Data\Transcend
2009-08-01 09:57 . 2009-08-01 09:57 -------- d-----w- c:\docume~1\admin\APPLIC~1\Transcend
2009-07-31 10:20 . 2009-07-30 21:46 -------- d-----w- c:\program files\ATI Technologies
2009-07-30 21:46 . 2009-04-09 09:56 -------- d-----w- c:\program files\Siemens
2009-07-30 21:46 . 2009-07-30 21:46 -------- d-----w- c:\program files\Common Files\Siemens
2009-07-30 15:13 . 2009-07-30 15:13 -------- d-----w- c:\program files\Belarc
2009-07-30 12:37 . 2007-08-05 08:21 -------- d-----w- c:\program files\Google
2009-07-30 11:54 . 2007-01-25 12:19 -------- d-----w- c:\program files\Symantec
2009-07-30 11:54 . 2007-01-25 12:19 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-30 11:44 . 2009-07-25 19:00 -------- d-----w- c:\documents and settings\admin\Application Data\Intel(2)
2009-07-30 11:44 . 2009-07-25 19:00 -------- d-----w- c:\docume~1\admin\APPLIC~1\Intel(2)
2009-07-30 11:44 . 2009-07-25 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel(2)
2009-07-30 11:44 . 2009-07-25 19:03 -------- d-----w- c:\documents and settings\Administrator.LISECDUBAI\Application Data\Intel(2)
2009-07-30 11:44 . 2009-07-25 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel(2)
2009-07-30 11:44 . 2009-07-25 19:07 -------- d-----w- c:\program files\Modem Helper
2009-07-30 11:43 . 2009-07-29 17:42 -------- d-----w- c:\program files\IEPro
2009-07-30 11:43 . 2009-07-29 19:23 -------- d-----w- c:\documents and settings\admin\Application Data\MiniDm
2009-07-30 11:43 . 2009-07-29 19:23 -------- d-----w- c:\docume~1\admin\APPLIC~1\MiniDm
2009-07-30 11:41 . 2009-07-30 11:24 -------- d-----w- c:\documents and settings\admin\Application Data\Intel(3)
2009-07-30 11:41 . 2009-07-30 11:24 -------- d-----w- c:\docume~1\admin\APPLIC~1\Intel(3)
2009-07-30 11:41 . 2009-07-30 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel(3)
2009-07-25 18:36 . 2009-07-25 18:36 -------- d-----w- c:\program files\Sonic
2009-07-25 13:35 . 2009-07-25 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-25 01:23 . 2009-05-03 11:02 411368 ----a-w- c:\winnt\system32\deploytk.dll
2009-07-24 18:44 . 2008-07-17 08:43 23552 ----a-w- c:\winnt\xlkfs.dll
2009-07-24 18:43 . 2009-07-24 18:42 -------- d-----w- c:\program files\Easy File Locker
2009-07-24 07:05 . 2009-06-28 17:30 -------- d-----w- c:\documents and settings\admin\Application Data\Winamp
2009-07-24 07:05 . 2009-06-28 17:30 -------- d-----w- c:\docume~1\admin\APPLIC~1\Winamp
2009-07-23 08:09 . 2009-07-23 08:05 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-22 19:13 . 2009-07-15 00:01 28592 ----a-w- c:\winnt\system32\drivers\tap0901.sys
2009-07-19 10:18 . 2009-07-18 08:33 -------- d-----w- c:\documents and settings\admin\Application Data\DVD Flick
2009-07-19 10:18 . 2009-07-18 08:33 -------- d-----w- c:\docume~1\admin\APPLIC~1\DVD Flick
2009-07-19 10:17 . 2009-07-19 10:17 -------- d-----w- c:\program files\7-Zip
2009-07-18 10:32 . 2009-07-18 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-07-18 04:08 . 2009-07-18 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DivoGames
2009-07-18 04:00 . 2009-07-18 04:00 552 ----a-w- c:\winnt\system32\d3d8caps.dat
2009-07-15 14:47 . 2009-07-15 14:47 865 ----a-w- c:\winnt\unins000.dat
2009-07-15 12:15 . 2007-03-22 11:41 -------- d-----w- c:\program files\Yahoo!
2009-07-12 14:59 . 2009-07-12 14:59 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-12 14:59 . 2009-07-12 14:58 -------- d-----w- c:\program files\Common Files\Real
2009-07-12 14:58 . 2009-07-12 14:58 -------- d-----w- c:\program files\Real
2009-07-10 14:18 . 2009-07-08 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-08 09:48 . 2007-01-25 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-08 09:48 . 2009-07-08 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-07 18:58 . 2009-07-07 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2009-07-07 18:58 . 2009-07-07 18:58 -------- d-----w- c:\program files\ATTNaturalVoices
2009-07-03 17:09 . 2007-01-25 21:21 915456 ------w- c:\winnt\system32\wininet.dll
2009-07-03 05:49 . 2009-07-03 05:49 -------- d-----w- c:\documents and settings\admin\Application Data\AdobeAUM
2009-07-03 05:49 . 2009-07-03 05:49 -------- d-----w- c:\docume~1\admin\APPLIC~1\AdobeAUM
2009-07-03 05:49 . 2009-07-03 05:49 -------- d-----w- c:\documents and settings\admin\Application Data\Leadertech
2009-07-03 05:49 . 2009-07-03 05:49 -------- d-----w- c:\docume~1\admin\APPLIC~1\Leadertech
2009-07-02 02:34 . 2009-07-10 14:38 33840 ----a-w- c:\winnt\system32\drivers\hssdrv.sys
2009-06-22 11:23 . 2009-06-22 11:23 239088 ----a-w- c:\documents and settings\sinhamay\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-18 07:58 . 2009-06-18 07:58 18432 ----a-w- c:\winnt\system32\drivers\xlkfs.sys
2009-06-12 18:34 . 2009-04-19 16:18 664 -c--a-w- c:\documents and settings\sinhamay\Local Settings\Application Data\d3d9caps.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-08-29_04.48.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-31 18:29 . 2009-08-31 18:29 16384 c:\winnt\Temp\Perflib_Perfdata_cf0.dat
+ 2009-08-31 18:29 . 2009-08-31 18:29 16384 c:\winnt\Temp\Perflib_Perfdata_510.dat
+ 2009-08-30 05:58 . 2009-08-30 05:58 65024 c:\winnt\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-08-30 05:58 . 2009-08-30 05:58 18944 c:\winnt\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-08-31 04:55 . 2009-07-25 01:23 149280 c:\winnt\system32\javaws.exe
+ 2009-08-31 04:55 . 2009-07-25 01:23 145184 c:\winnt\system32\javaw.exe
+ 2009-08-31 04:55 . 2009-07-25 01:23 145184 c:\winnt\system32\java.exe
+ 2007-01-25 21:27 . 2009-08-30 05:44 215264 c:\winnt\system32\FNTCACHE.DAT
+ 2009-08-30 05:58 . 2009-08-30 05:58 1516544 c:\winnt\Installer\cc76f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-03 06:52 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 4670968]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 39408]
"ZuneClock "= "c:\documents and settings\admin\Desktop\ZuneClock\ZuneClock.exe" [2008-12-12 721408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-25 761946]
"igfxtray "= "c:\winnt\system32\igfxtray.exe" [2005-02-15 155648]
"igfxhkcmd "= "c:\winnt\system32\hkcmd.exe" [2005-02-15 126976]
"igfxpers "= "c:\winnt\system32\igfxpers.exe" [2007-01-25 118784]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-25 925696]
"HotKeysCmds "= "c:\winnt\system32\hkcmd.exe" [2005-02-15 126976]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-12 198160]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-08-31 1796368]
"AGRSMMSG "= "AGRSMMSG.exe" - c:\winnt\AGRSMMSG.exe [2006-10-23 88203]
"BluetoothAuthenticationAgent "= "bthprops.cpl" - c:\winnt\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
.print Client Windows.lnk - c:\documents and settings\Administrator.LISEC\Application Data\Microsoft\Installer\{311CED86-3CDB-4CDC-BF30-7609D67C1A81}\NewShortcut10_FBB862E34F8F4C7C8D151A9FB16A3E41.exe [2007-1-25 49152]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen "= 1
"NoSMBalloonTip "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu "= 1 (0x1)
"NoStrCmpLogica "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 08:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2005-06-19 12:11 24669 ----a-w- c:\winnt\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2004-11-05 11:50 8704 ----a-w- c:\winnt\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\winnt\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1123561945-412668190-839522115-1005\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1123561945-412668190-839522115-500\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94854679-1239112480-1846952604-1021\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94854679-1239112480-1846952604-1216\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94854679-1239112480-1846952604-1375\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94854679-1239112480-1846952604-1376\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-94854679-1239112480-1846952604-500\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-99137005-3297216802-1498692289-2996\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-99137005-3297216802-1498692289-6740\Scripts\Logoff\0\0]
"Script "=%SystemRoot%\system32\GroupPolicy\user\scripts\logoff\mozilla-logoff.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\winnt\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService "=2 (0x2)
"s7oiehsx "=2 (0x2)
"hpqwmiex "=2 (0x2)
"myAgtSvc "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\HP2014MC.EXE "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\winnt\system32\sessmgr.exe "= c:\winnt\system32\sessmgr.exe:192.168.0.5/255.255.255.255:Enabled:Remote Assistance
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\LisecSW\\JRE\\R1_4_1_07\\bin\\J_GPSopt.exe "=
"c:\\WINNT\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP "= 139:TCPxpsp2res.dll,-22004
"445:TCP "= 445:TCPxpsp2res.dll,-22005
"137:UDP "= 137:UDPxpsp2res.dll,-22001
"138:UDP "= 138:UDPxpsp2res.dll,-22002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest "= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [8/30/2009 9:43 PM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\winnt\system32\drivers\cmdguard.sys [8/31/2009 12:20 PM 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\winnt\system32\drivers\cmdhlp.sys [8/31/2009 12:20 PM 25160]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [12/17/2003 3:41 PM 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R1 xlkfs;xlkfs;c:\winnt\system32\drivers\xlkfs.sys [6/18/2009 11:58 AM 18432]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\drivers\aswFsBlk.sys [8/30/2009 9:43 PM 20560]
R2 CP_OMDRV;Check Point Office Mode Module;c:\winnt\system32\drivers\omdrv.sys [6/19/2005 4:11 PM 36400]
R2 KeyP;KeyP;c:\winnt\system32\drivers\KeyP.sys [5/14/2008 4:41 PM 14232]
R2 PBUS;PBUS;c:\winnt\system32\drivers\PBus.sys [1/26/2007 1:25 PM 3904]
R2 Peakcan;Peakcan;c:\winnt\system32\drivers\PEAKCAN.SYS [1/26/2007 1:45 PM 177296]
R2 SIGMA16;SIGMA16;c:\winnt\system32\drivers\Sigma16.sys [1/26/2007 2:29 PM 3444]
R2 Sigma32;Sigma32;c:\winnt\system32\drivers\Sigma32.SYS [1/26/2007 2:24 PM 25344]
R2 sprtsvc_etisalat;SupportSoft Sprocket Service (etisalat);c:\program files\Etisalat\eSupport\bin\sprtsvc.exe [8/4/2009 9:59 PM 200384]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\winnt\system32\drivers\vnasc.sys [6/19/2005 4:10 PM 109072]
R2 VPN-1;VPN-1 Module;c:\winnt\system32\drivers\vpn.sys [6/19/2005 4:10 PM 671408]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 CANLPT;CANLPT;c:\winnt\system32\drivers\canlpt2.sys [7/13/2005 4:00 PM 40704]
R3 FW1;SecuRemote Miniport;c:\winnt\system32\drivers\fw.sys [6/19/2005 4:10 PM 2234320]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\winnt\system32\drivers\hssdrv.sys [7/10/2009 6:38 PM 33840]
R3 SIGMA;SIGMA;c:\winnt\system32\drivers\sigma.sys [4/30/2003 1:52 PM 20979]
R3 tap0901;TAP-Win32 Adapter V9;c:\winnt\system32\drivers\tap0901.sys [7/15/2009 4:01 AM 28592]
S2 CanIpcNT1;CanIpcNT1;c:\winnt\system32\drivers\CanIpcNT1.sys [4/30/2003 1:21 PM 37016]
S2 Com+ Event System Log;Com+ Event System Log;c:\program files\Common Files\Microsoft Shared\MSInfo\twunk_64.aaa [6/4/2008 10:10 AM 0]
S2 gupdate1c9eb41d0a2c6a0;Google Update Service (gupdate1c9eb41d0a2c6a0);c:\program files\Google\Update\GoogleUpdate.exe [6/12/2009 1:40 PM 133104]
S2 HssSrv;Hotspot Shield Helper Service;c:\mayank\Hotspot Shield\HssWPR\hsssrv.exe --> c:\mayank\Hotspot Shield\HssWPR\hsssrv.exe [?]
S3 DIASIPC;DIASIPC;c:\winnt\system32\drivers\diasipc.sys [4/13/2004 6:47 PM 16896]
S3 GTIPCI21;GTIPCI21;c:\winnt\system32\drivers\gtipci21.sys [1/25/2007 2:47 PM 88192]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [8/11/2009 3:19 AM 57640]
S3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [10/23/2006 9:58 PM 36352]
S3 OKAMAI;OKAMAI Service;c:\winnt\system32\cmd.exe [1/26/2007 1:19 AM 389120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]
S3 Ssfdcstk;Ssfdcstk;c:\winnt\system32\drivers\ssfdcstk.sys [9/10/2003 2:32 PM 20736]
S4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [8/2/2008 12:03 PM 169280]
S4 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [7/7/2004 12:17 PM 200769]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\winnt\Tasks\Disk Cleanup.job
- c:\winnt\system32\cleanmgr.exe [2007-01-25 00:12]

2009-08-31 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-12 09:09]

2009-08-31 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 09:40]

2009-08-31 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-12 09:40]

2009-08-30 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-412668190-839522115-1005Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-11 18:03]

2009-08-31 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-412668190-839522115-1005UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-11 18:03]

2009-08-31 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-94854679-1239112480-1846952604-1376Core.job
- c:\documents and settings\sinhamay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 13:52]

2009-08-31 c:\winnt\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 15:20]

2009-05-01 c:\winnt\Tasks\Windows Update.job
- c:\winnt\system32\wupdmgr.exe [2007-01-25 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://in.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: {0E773D5B-5361-4DCC-86F8-F017628C36D8} = 156.154.70.22,156.154.71.22
TCP: {513CF868-1A63-4A9D-800A-DB3606143899} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\docume~1\admin\APPLIC~1\Mozilla\Firefox\Profiles\bfcdn2rq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 00:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Com+ Event System Log]
"ImagePath "= "c:\program files\Common Files\Microsoft Shared\MSINFO\twunk_64.aaa "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(376)
c:\winnt\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\winnt\system32\WININET.dll

- - - - - - - > 'lsass.exe'(432)
c:\winnt\system32\guard32.dll

- - - - - - - > 'explorer.exe'(3120)
c:\winnt\system32\WININET.dll
c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-31 0:27
ComboFix-quarantined-files.txt 2009-08-31 20:27

Pre-Run: 16,274,538,496 bytes free
Post-Run: 16,220,622,848 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\win98.w98=" win98-dos "

481

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:26 AM, on 9/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINNT\system32\IoctlSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [ZuneClock] C:\Documents and Settings\admin\Desktop\ZuneClock\ZuneClock.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: .print Client Windows.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://lilink.lisec.co.at
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\Software\..\Telephony: DomainName = lisec.co.at
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E773D5B-5361-4DCC-86F8-F017628C36D8}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{513CF868-1A63-4A9D-800A-DB3606143899}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E773D5B-5361-4DCC-86F8-F017628C36D8}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E773D5B-5361-4DCC-86F8-F017628C36D8}: NameServer = 156.154.70.22,156.154.71.22
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - AppInit_DLLs: C:\WINNT\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com+ Event System Log - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Update Service (gupdate1c9eb41d0a2c6a0) (gupdate1c9eb41d0a2c6a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - Unknown owner - C:\mayank\Hotspot Shield\HssWPR\hsssrv.exe (file missing)
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINNT\system32\Opcenum.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
O23 - Service: SupportSoft Sprocket Service (etisalat) (sprtsvc_etisalat) - SupportSoft, Inc. - C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13689 bytes

broni · 2009/08/31

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

================================================================

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Open JavaRa.exe again and select Search For Updates.

Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

=================================================================

Disable Windows Defender, as it'll interfere with cleaning process:
- Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
- Click Tools
then...

++ Windows XP:
- Click General Settings
- Scroll down to Real Time Protection Options
- Uncheck Turn on Real Time Protection
- After you uncheck this, click on the Save button
- Close Windows Defender

++ Windows Vista:
- Click Options
- Under Administrator options, clear the Use Windows Defender check box, and then click Save.

Enable Windows Defender, when all cleaning is done.

================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O4 - Global Startup: .print Client Windows.lnk = ?
- O4 - Global Startup: Bluetooth.lnk = ?
- all O15 entries
- O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
- O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
- O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
- O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
- O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

5. Click on Fix checked button.

6. Go Start>Run (Vista users - "Start search "), type in:
cmd
Click OK (Vista users - hold CTRL, and SHIFT keys, press Enter).

Command Prompt window will open.
Type in:
sc stop "Com+ Event System Log "
Press Enter.
Wait for the service to be stopped.

Type in:
sc delete "Com+ Event System Log "
Press Enter.
Wait for confirmation.

7. Restart computer.

8. Post new HijackThis log.

mayank240 · 2009/09/01

Hi Broni,Thanks for your reply,but i think my computer has crashed.When i started my PC today,it started normally.But after 1min. color of my screen started fading and became very fade.Immediately i shut down and restarted only to see a blue screen.Now i cant start even in safe mode.I can only see a blue screen.what i remember is while startup i used to see two options of start up
1.Windows XP
2.DOS
This morning i got three options and mistakenly entered the third one.
Waiting for your urgent help

broni · 2009/09/01

Your computer is basically clean. Those items mentioned in my previous reply are minor leftovers.
In such case, I suggest you post your booting problem under Windows section.
When you can boot again, please return here.

mayank240 · 2009/09/02

Hi Broni,I started my PC,today morning and it boots without any problem.Below is the fresh HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:47 AM, on 9/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINNT\system32\IoctlSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\admin\Desktop\ZuneClock\ZuneClock.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [ZuneClock] C:\Documents and Settings\admin\Desktop\ZuneClock\ZuneClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://lilink.lisec.co.at
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O17 - HKLM\Software\..\Telephony: DomainName = lisec.co.at
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E773D5B-5361-4DCC-86F8-F017628C36D8}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{513CF868-1A63-4A9D-800A-DB3606143899}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{0E773D5B-5361-4DCC-86F8-F017628C36D8}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS3\Services\Tcpip\..\{0E773D5B-5361-4DCC-86F8-F017628C36D8}: NameServer = 156.154.70.22,156.154.71.22
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: pcAnywhere Host-Modul (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Update Service (gupdate1c9eb41d0a2c6a0) (gupdate1c9eb41d0a2c6a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - Unknown owner - C:\mayank\Hotspot Shield\HssWPR\hsssrv.exe (file missing)
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINNT\system32\Opcenum.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
O23 - Service: SupportSoft Sprocket Service (etisalat) (sprtsvc_etisalat) - SupportSoft, Inc. - C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12283 bytes

broni · 2009/09/02

Excellent

Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

[SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Please, let me know, how is your computer doing.

mayank240 · 2009/09/05

Hi Broni,Sorry for late reply.Thanks for taking out time for me.My PC is working fine,except every time i restart my PC i have to terminate the svchost.exe network services,which consumes 100% of CPU.Googled for this and came to know this as a genuine process and shouldn't start during pc start.This seems to be a problem with a lot of persons and no solution found in any of the forums.Just providing a link of the same.
http://www.techspot.com/startup/5780/
http://www.geekstogo.com/forum/SVCHOST-EXE-Network-Service-My-CPU-Running-100-t244124.html

broni · 2009/09/05

Restart computer. Don't terminate anything.

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Paste the report into your next reply.

How much RAM do you have?

mayank240 · 2009/09/06

Hi Broni.Please find my system details and process Explorer log below:

1024 Megabytes Usable Installed Memory
800 megahertz Intel Pentium M,64 kilobyte primary memory cache
,2048 kilobyte secondary memory cache,Not hyper-threaded

Process PID CPU Description Company Name Command Line
System Idle Process 0
Interrupts n/a 1.54 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 296 Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 344 1.54 Client Server Runtime Process Microsoft Corporation C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 368 Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 412 1.54 Services and Controller app Microsoft Corporation C:\WINNT\system32\services.exe
svchost.exe 592 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\system32\svchost -k DcomLaunch
wmiprvse.exe 3720 WMI Microsoft Corporation C:\WINNT\system32\wbem\wmiprvse.exe
svchost.exe 640 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\system32\svchost -k rpcss
cmdagent.exe 1264 COMODO Internet Security COMODO "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe "
svchost.exe 1308 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\system32\svchost.exe -k netsvcs
wuauclt.exe 748 Windows Update Automatic Updates Microsoft Corporation "C:\WINNT\system32\wuauclt.exe" /RunStoreAsComServer Local\[51c]SUSDS7e74ba71a7978249b05b8935666f0d1d
GoogleUpdate.exe 3680 Google Installer Google Inc. "C:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
MsMpEng.exe 1396 6.15 Service Executable Microsoft Corporation "C:\Program Files\Windows Defender\MsMpEng.exe "
svchost.exe 1520 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\system32\svchost.exe -k WudfServiceGroup
EvtEng.exe 1656 Intel(R) PROSet/Wireless Event Log Intel Corporation "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe "
S24EvMon.exe 1944 Wireless Management Service Intel Corporation "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe "
WLKEEPER.exe 1988 WLANKEEPER Intel(R) Corporation "C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe "
SR_Service.exe 140 SecureClient Service Check Point Software Technologies "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe "
SR_Watchdog.exe 548 Check Point Software Technologies "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe "
SR_GUI.exe 2192 SecureClient Application Check Point Software Technologies "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe "
svchost.exe 920 87.69 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\system32\svchost.exe -k NetworkService
svchost.exe 1136 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\system32\svchost.exe -k LocalService
aswUpdSv.exe 1736 avast! Antivirus updating service ALWIL Software "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe "
ashServ.exe 1792 avast! antivirus service ALWIL Software "C:\Program Files\Alwil Software\Avast4\ashServ.exe "
spoolsv.exe 1716 Spooler SubSystem App Microsoft Corporation C:\WINNT\system32\spoolsv.exe
scardsvr.exe 188 Smart Card Resource Management Server Microsoft Corporation C:\WINNT\System32\SCardSvr.exe
svchost.exe 3064 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\system32\svchost.exe -k bthsvcs
btwdins.exe 3076 Bluetooth Support Server Broadcom Corporation. "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe "
GhostStartService.exe 3108 Norton Ghost Start Symantec Corporation "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe "
openvpnas.exe 3224 "C:\Program Files\Hotspot Shield\bin\openvpnas.exe "
svchost.exe 3328 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\System32\svchost.exe -k HTTPFilter
jqs.exe 3384 Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf "
NMSAccess.exe 3488 "C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe "
IoctlSvc.exe 3508 PLFlash DeviceIoControl Service Prolific Technology Inc. C:\WINNT\system32\IoctlSvc.exe
svchost.exe 3600 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\System32\svchost.exe -k HPZ12
RegSrvc.exe 3900 Intel(R) PROSet/Wireless Registry Service Intel Corporation "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe "
SAService.exe 292 SiteAdvisor McAfee, Inc. "C:\Program Files\SiteAdvisor\6173\SAService.exe "
sprtsvc.exe 992 SupportSoft Agent Service SupportSoft, Inc. "C:\Program Files\Etisalat\eSupport\bin\sprtsvc.exe" /service /p etisalat
svchost.exe 1704 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\system32\svchost.exe -k imgsvc
vmware-authd.exe 1844 VMware Authorization Service VMware, Inc. "C:\Program Files\VMware\VMware Player\vmware-authd.exe "
vmnat.exe 2080 VMware NAT Service VMware, Inc. C:\WINNT\system32\vmnat.exe
vmnetdhcp.exe 2152 VMware VMnet DHCP service VMware, Inc. C:\WINNT\system32\vmnetdhcp.exe
ashMaiSv.exe 2952 avast! e-Mail Scanner Service ALWIL Software "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
ashWebSv.exe 848 avast! Web Scanner ALWIL Software "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
alg.exe 2484 Application Layer Gateway Service Microsoft Corporation C:\WINNT\System32\alg.exe
lsass.exe 424 LSA Shell (Export Version) Microsoft Corporation C:\WINNT\system32\lsass.exe
explorer.exe 2072 Windows Explorer Microsoft Corporation C:\WINNT\Explorer.EXE
SynTPEnh.exe 3104 Synaptics TouchPad Enhancements Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
AGRSMMSG.exe 3240 SoftModem Messaging Applet Agere Systems "C:\WINNT\AGRSMMSG.exe"
rundll32.exe 3252 Run a DLL as an App Microsoft Corporation "C:\WINNT\system32\rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
ZCfgSvc.exe 3272 ZeroCfgSvc MFC Application Intel Corporation "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
iFrmewrk.exe 3280 Intel Framework MFC Application Intel Corporation "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
reader_sl.exe 1556 Adobe Acrobat SpeedLauncher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSASCui.exe 3360 Windows Defender User Interface Microsoft Corporation "C:\Program Files\Windows Defender\MSASCui.exe" -hide
ashDisp.exe 3368 avast! service GUI component ALWIL Software "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
cfp.exe 3440 COMODO Internet Security COMODO "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
realsched.exe 3572 RealNetworks Scheduler RealNetworks, Inc. "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
qttask.exe 3776 QuickTime Task Apple Computer, Inc. "C:\Program Files\QuickTime\qttask.exe" -atboottime
GoogleToolbarNotifier.exe 1100 GoogleToolbarNotifier Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ZuneClock.exe 3880 1.54 "C:\Documents and Settings\admin\My Documents\Downloads\ZuneClock\ZuneClock.exe"
ctfmon.exe 3964 CTF Loader Microsoft Corporation "C:\WINNT\system32\ctfmon.exe"
procexp.exe 2416 Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\admin\Desktop\procexp.exe"
GoogleUpdate.exe 2692 Google Installer Google Inc. "C:\Program Files\Google\Update\GoogleUpdate.exe" /cr
GoogleUpdate.exe 3420 Google Installer Google Inc. "C:\Program Files\Google\Update\GoogleUpdate.exe" /cr
Ymsgr_tray.exe 2664 Yahoo! Messenger Tray Yahoo! Inc. "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr

broni · 2009/09/06

Yeah, I can see this line:
svchost.exe 920 87.69 Generic Host Process for Win32 Services Microsoft Corporation C:\WINNT\system32\svchost.exe -k NetworkService

Since your computer is clean, I propose, you start new topic about this problem, at Windows section. You'll get more attention.
I'll mark this thread as resolved (from malware point of view).

Log in or Sign up

Solved Unknown virus

mayank240 Inactive Thread Starter

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Unknown virus

mayank240 Inactive Thread Starter

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

mayank240 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches