Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FOLDER.EXE virus or malware


  • Please log in to reply

#1
darkmension

darkmension

    New Member

  • Member
  • Pip
  • 7 posts
i got this virus when i double clicked a folder inside my friend's pendrive and to mu surprise that folder was an .exe

so basically after that it disabled my task manager and created a folder(which is an exe) inside another folder.

so basically most of the folders in my system has a folder of the same name(that of parent folder) which is an exe of size 188kb

some how my brother was able to start task manager but the malware is still there

heres the hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:56 PM, on 4/16/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Sunny\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.booble.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gpmce.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WinWSD Toolbar Helper - {AFC482CE-DC40-497A-AE10-681C072F6F6A} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll
O2 - BHO: XBTBPos00 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\REDIFF~2\2.0\REDIFF~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O3 - Toolbar: WinWSD Toolbar - {F1273B21-0B77-4481-BFB9-0A3C399BE3FE} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [gpmce] C:\WINDOWS\window.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [gpmce] C:\WINDOWS\window.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O9 - Extra 'Tools' menuitem: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EFDB0AC-DC8E-4DC4-9E2D-43D4251EB378}: NameServer = 202.56.215.54,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDA7204C-E0E5-430D-B50B-1A2AECDE3041}: NameServer = 202.56.215.6,202.56.215.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2EB0113-E73A-42F8-BACB-D58566CE2CA7}: NameServer = 202.56.216.6,202.56.215.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 7869 bytes


please help

Edited by darkmension, 16 April 2008 - 05:05 AM.

  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello darkmension

Welcome to G2Go. :)
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
darkmension

darkmension

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
first of all i am very sorry for my late reply please pardon me.

and here are the content of main.txt and extra.txt

MAIN.TXT


Deckard's System Scanner v20071014.68
Run by Sunny on 2008-04-25 18:00:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------


Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-04-25 12:30:51 UTC - RP128 - Deckard's System Scanner Restore Point
7: 2008-04-24 17:24:18 UTC - RP127 - System Checkpoint
6: 2008-04-23 16:59:24 UTC - RP126 - System Checkpoint
5: 2008-04-22 16:52:13 UTC - RP125 - System Checkpoint
4: 2008-04-21 16:22:57 UTC - RP124 - System Checkpoint


-- First Restore Point --
1: 2008-04-17 02:32:33 UTC - RP121 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).
System Drive C: has 1.31 GiB (less than 15%) free.


-- HijackThis (run as Sunny.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:39 PM, on 4/25/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sunny\Desktop\dss.exe
C:\DOCUME~1\Sunny\Desktop\Sunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.booble.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gpmce.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WinWSD Toolbar Helper - {AFC482CE-DC40-497A-AE10-681C072F6F6A} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll
O2 - BHO: XBTBPos00 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\REDIFF~2\2.0\REDIFF~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O3 - Toolbar: WinWSD Toolbar - {F1273B21-0B77-4481-BFB9-0A3C399BE3FE} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O9 - Extra 'Tools' menuitem: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EFDB0AC-DC8E-4DC4-9E2D-43D4251EB378}: NameServer = 202.56.215.54,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDA7204C-E0E5-430D-B50B-1A2AECDE3041}: NameServer = 202.56.215.6,202.56.215.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2EB0113-E73A-42F8-BACB-D58566CE2CA7}: NameServer = 202.56.216.6,202.56.215.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 7645 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 713xTVCard (SAA7130 TV Card) - c:\windows\system32\drivers\saa713x.sys <Not Verified; Philips Semiconductors; SAA713x TV Card>
R2 WDMTVTuner (Universal WDM TV Tuner) - c:\windows\system32\drivers\wdmtuner.sys <Not Verified; Philips Semiconductors; PCI TV Card>
R3 MTD80X (Realtek 8139B/C/D 10/100M Based Fast Ethernet Card) - c:\windows\system32\drivers\mtd80x.sys <Not Verified; Myson Technology Inc; Myson MTD80X Based Fast Ethernet Card>
R3 slnt (Silan SC92031 PCI Fast Ethernet Adapter) - c:\windows\system32\drivers\slnt.sys <Not Verified; Silan Micro-Electronics Inc.; Silan Micro-Electronics Inc.>

S3 catchme - c:\docume~1\sunny\locals~1\temp\catchme.sys (file missing)
S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 iAimFP5 - c:\windows\system32\drivers\wadv07nt.sys (file missing)
S3 iAimFP6 - c:\windows\system32\drivers\wadv08nt.sys (file missing)
S3 iAimFP7 - c:\windows\system32\drivers\wadv09nt.sys (file missing)
S3 iAimTV5 - c:\windows\system32\drivers\watv10nt.sys (file missing)
S3 iAimTV6 - c:\windows\system32\drivers\watv06nt.sys (file missing)
S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S4 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S4 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\program files\norton antivirus\navapsvc.exe" (file missing)
S4 NBService - f:\new folder\nero 7\nero backitup\nbservice.exe
S4 NProtectService (Norton Unerase Protection) - c:\program files\norton utilities\nprotect.exe (file missing)
S4 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>
S4 UserAccess (SecuROM User Access Service) - c:\windows\system32\uaservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {E6ABB47D-8339-4C60-BE92-E9045FF5A33D}
Description: Intel® AIM External TV Encoder Driver 5
Device ID: DISPLAY\WATV10NT\4&34A2843&0&8086300D&00&01
Manufacturer: Intel Corporation
Name: Intel® AIM External TV Encoder Driver 5
PNP Device ID: DISPLAY\WATV10NT\4&34A2843&0&8086300D&00&01
Service:

Class GUID: {E6ABB47D-8339-4C60-BE92-E9045FF5A33D}
Description: Intel® AIM External Flat Panel Driver 7
Device ID: DISPLAY\WADV09NT\4&34A2843&0&8086300C&00&01
Manufacturer: Intel Corporation
Name: Intel® AIM External Flat Panel Driver 7
PNP Device ID: DISPLAY\WADV09NT\4&34A2843&0&8086300C&00&01
Service: iAimFP7

Class GUID: {E6ABB47D-8339-4C60-BE92-E9045FF5A33D}
Description: Intel® AIM External Flat Panel Driver 6
Device ID: DISPLAY\WADV08NT\4&34A2843&0&8086300B&00&01
Manufacturer: Intel Corporation
Name: Intel® AIM External Flat Panel Driver 6
PNP Device ID: DISPLAY\WADV08NT\4&34A2843&0&8086300B&00&01
Service:

Class GUID: {E6ABB47D-8339-4C60-BE92-E9045FF5A33D}
Description: Intel® AIM External Flat Panel Driver 5
Device ID: DISPLAY\WADV07NT\4&34A2843&0&8086300A&00&01
Manufacturer: Intel Corporation
Name: Intel® AIM External Flat Panel Driver 5
PNP Device ID: DISPLAY\WADV07NT\4&34A2843&0&8086300A&00&01
Service: iAimFP5

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ESS Allegro PCI Audio (WDM)
Device ID: PCI\VEN_125D&DEV_1988&SUBSYS_B19D0E11&REV_12\4&24AB0D93&0&28F0
Manufacturer: ESS Technology, Inc.
Name: ESS Allegro PCI Audio (WDM)
PNP Device ID: PCI\VEN_125D&DEV_1988&SUBSYS_B19D0E11&REV_12\4&24AB0D93&0&28F0
Service: allegro

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&264480D3&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&264480D3&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-04-25 13:29:01 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-03-25 and 2008-04-25 -----------------------------

2008-04-16 17:34:33 0 drahs---- C:\autorun.inf
2008-04-16 12:59:59 0 d-------- C:\WINDOWS\ERUNT
2008-04-11 02:01:02 0 d-------- C:\Documents and Settings\Sunny\Application Data\Creative
2008-04-11 01:52:06 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-04-11 01:51:58 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-04-11 01:51:57 0 d-------- C:\WINDOWS\System32\languages
2008-03-31 16:49:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-29 23:39:38 0 d-------- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Application Data\Real
2008-03-29 23:38:52 0 d-------- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Application Data\Identities
2008-03-29 23:38:36 0 d--h----- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\PrintHood
2008-03-29 23:38:36 0 d--h----- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\NetHood
2008-03-29 23:38:36 0 dr------- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\My Documents
2008-03-29 23:38:36 0 d--h----- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Local Settings
2008-03-29 23:38:36 0 dr------- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Favorites
2008-03-29 23:38:36 0 d-------- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Desktop
2008-03-29 23:38:36 0 d---s---- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Cookies
2008-03-29 23:38:36 0 dr-h----- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Application Data
2008-03-29 23:38:36 0 d---s---- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Application Data\Microsoft
2008-03-29 23:38:35 0 d--h----- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Templates
2008-03-29 23:38:35 0 dr------- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Start Menu
2008-03-29 23:38:35 0 dr-h----- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\SendTo
2008-03-29 23:38:35 0 dr-h----- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\Recent
2008-03-29 23:38:35 786432 --ah----- C:\Documents and Settings\mummy papa.FSS-KMOD0DJBFC0\NTUSER.DAT
2008-03-29 23:37:16 0 d--h----- C:\Documents and Settings\mummy papa\Templates
2008-03-29 23:37:16 0 dr------- C:\Documents and Settings\mummy papa\Start Menu
2008-03-29 23:37:16 0 dr-h----- C:\Documents and Settings\mummy papa\SendTo
2008-03-29 23:37:16 0 d--h----- C:\Documents and Settings\mummy papa\Recent
2008-03-29 23:37:16 0 d--h----- C:\Documents and Settings\mummy papa\PrintHood
2008-03-29 23:37:16 237568 --ah----- C:\Documents and Settings\mummy papa\NTUSER.DAT
2008-03-29 23:37:16 0 d--h----- C:\Documents and Settings\mummy papa\NetHood
2008-03-29 23:37:16 0 d-------- C:\Documents and Settings\mummy papa\My Documents
2008-03-29 23:37:16 0 dr-h----- C:\Documents and Settings\mummy papa\Local Settings
2008-03-29 23:37:16 0 d-------- C:\Documents and Settings\mummy papa\Favorites
2008-03-29 23:37:16 0 d-------- C:\Documents and Settings\mummy papa\Desktop
2008-03-29 23:37:16 0 d---s---- C:\Documents and Settings\mummy papa\Cookies
2008-03-29 23:37:16 0 dr-h----- C:\Documents and Settings\mummy papa\Application Data
2008-03-29 23:37:16 0 d---s---- C:\Documents and Settings\mummy papa\Application Data\Microsoft
2008-03-29 22:29:40 0 d-------- C:\WINDOWS\LastGood
2008-03-29 22:26:23 25984 -ra------ C:\WINDOWS\System32\drivers\WDMTuner.sys <Not Verified; Philips Semiconductors; PCI TV Card>
2008-03-29 22:26:12 61440 -ra------ C:\WINDOWS\System32\Prop713x.dll <Not Verified; Philips Semiconductors; Philips Prop713X>
2008-03-29 22:26:12 69632 -ra------ C:\WINDOWS\System32\34TVCtrl.dll <Not Verified; Philips Semiconductors; 34TvCtrl>
2008-03-29 22:26:12 135168 -ra------ C:\WINDOWS\System32\34API.dll <Not Verified; Philips Semiconductors; UM proxy>
2008-03-29 22:26:11 279552 -ra------ C:\WINDOWS\System32\drivers\SAA713x.sys <Not Verified; Philips Semiconductors; SAA713x TV Card>
2008-03-29 20:48:37 352256 -ra------ C:\WINDOWS\713xRMTMon.exe
2008-03-29 20:48:37 401408 -ra------ C:\WINDOWS\713xRMT.exe <Not Verified; ; TV Card>
2008-03-29 20:48:16 0 d-------- C:\Program Files\honestech
2008-03-29 20:47:32 0 d-------- C:\WINDOWS\MyInstall
2008-03-29 00:56:15 32 -ra------ C:\Documents and Settings\All Users\hash.dat
2008-03-29 00:33:46 0 d-------- C:\Program Files\Three Rings Design


-- Find3M Report ---------------------------------------------------------------

2008-04-25 18:00:48 0 d-------- C:\Documents and Settings\Sunny\Application Data\Free Download Manager
2008-04-23 23:09:23 0 d-------- C:\Documents and Settings\Sunny\Application Data\uTorrent
2008-04-18 05:12:58 6623 --a------ C:\_viminfo
2008-04-14 21:33:40 0 d-------- C:\Documents and Settings\Sunny\Application Data\Skype
2008-04-01 02:26:36 0 d-------- C:\Documents and Settings\Sunny\Application Data\Azureus
2008-03-31 16:38:36 0 d-------- C:\Program Files\Azureus
2008-03-29 20:48:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-27 22:35:20 0 d-------- C:\Program Files\RSSoft
2008-03-16 22:15:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-15 19:31:33 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-03-15 19:31:32 0 d-------- C:\Program Files\Common Files
2008-03-15 19:31:07 0 d-------- C:\Program Files\Airtel
2008-03-02 21:01:57 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-01 11:44:50 0 d-------- C:\Documents and Settings\Sunny\Application Data\Adobe
2008-01-30 23:07:41 518 --a------ C:\WINDOWS\vimdiff.bat
2008-01-30 23:07:41 514 --a------ C:\WINDOWS\vim.bat
2008-01-30 23:07:41 518 --a------ C:\WINDOWS\view.bat
2008-01-30 23:07:41 837 --a------ C:\WINDOWS\gvimdiff.bat
2008-01-30 23:07:41 829 --a------ C:\WINDOWS\gvim.bat
2008-01-30 23:07:41 837 --a------ C:\WINDOWS\gview.bat
2008-01-30 23:07:41 837 --a------ C:\WINDOWS\evim.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFC482CE-DC40-497A-AE10-681C072F6F6A}]
11/18/2007 12:21 AM 798720 --a------ C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F1273B21-0B77-4481-BFB9-0A3C399BE3FE}"= C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll [11/18/2007 12:21 AM 798720]

[-HKEY_CLASSES_ROOT\CLSID\{F1273B21-0B77-4481-BFB9-0A3C399BE3FE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [11/04/2005 06:07 PM]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMTMon.exe" [07/20/2005 09:30 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/30/2008 12:07 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/23/2001 05:30 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCmd"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scheduler for OEM.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scheduler for OEM.lnk
backup=C:\WINDOWS\pss\Scheduler for OEM.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rajesh^Start Menu^Programs^Startup^Desktop Calendar Reminder.lnk]
path=C:\Documents and Settings\Rajesh\Start Menu\Programs\Startup\Desktop Calendar Reminder.lnk
backup=C:\WINDOWS\pss\Desktop Calendar Reminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sunny^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Sunny\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
REGSVR32 /S CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bows inside 01 1]
C:\Documents and Settings\All Users\Application Data\hole send 1 site\wave poll peak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
"C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
C:\WINDOWS\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOWNLOAD BAT SCR 1]
C:\Documents and Settings\All Users\Application Data\SITE ONLINE DOWNLOAD BAT\pile window.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
"C:\Program Files\Norton Ghost\Agent\VProTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nxpclient]
C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton AntiVirus\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pamela.exe]
"C:\Program Files\Pamela\Pamela.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Red Swoosh]
C:\Program Files\RSSoft\RedSwoosh.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
C:\windows\system32\rlvknlg.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar Display Controls]
RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Test Each]
C:\DOCUME~1\Rajesh\APPLIC~1\GramView\DupeArmyLies.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus]
"C:\Documents and Settings\Rajesh\Local Settings\Application Data\br5073on.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus-1398]
"C:\Documents and Settings\Sunny\Local Settings\Application Data\br3819on.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus-2025]
"C:\Documents and Settings\Rajesh\Local Settings\Application Data\br5073on.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
"C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SiteAdvisor Service"=2 (0x2)
"MpfService"=2 (0x2)
"mcusrmgr"=2 (0x2)
"mctskshd.exe"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"mcpromgr"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"McLogManagerService"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"usnjsvc"=3 (0x3)
"UserAccess"=2 (0x2)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"StyleXPService"=2 (0x2)
"ose"=3 (0x3)
"NProtectService"=2 (0x2)
"Norton Ghost"=2 (0x2)
"NBService"=3 (0x3)
"navapsvc"=2 (0x2)
"ISPwdSvc"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"CCALib8"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AresChatServer"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"sprtsvc_nxpclient"=2 (0x2)
"wuauserv"=2 (0x2)
"TlntSvr"=3 (0x3)
"Spooler"=2 (0x2)
"mnmsrvc"=3 (0x3)


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{036309A2-B046-F842-0406-040204020301}]
C:\DOCUME~1\Sunny\LOCALS~1\Temp\nya.exe



-- End of Deckard's System Scanner: finished at 2008-04-25 18:04:43 ------------






EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600)
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 382.55 MiB / 113.02 MiB
Pagefile Memory (total/avail): 920.12 MiB / 693.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.31 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 1.31 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 19.52 GiB total, 1.3 GiB free.
G: is Fixed (NTFS) - 7.98 GiB total, 0.75 GiB free.

\\.\PHYSICALDRIVE1 - ST340014A - 37.27 GiB - 3 partitions
\PARTITION0 - Installable File System - 19.52 GiB - F:
\PARTITION1 - Unknown - 9.76 GiB
\PARTITION2 - Installable File System - 7.98 GiB - G:

\\.\PHYSICALDRIVE0 - ST3802110A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sunny\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FSS-KMOD0DJBFC0
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\
LOGONSERVER=\\FSS-KMOD0DJBFC0
MIGO_DRIVE=E
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ImageConverter Plus;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sunny\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sunny\LOCALS~1\Temp
USERDOMAIN=FSS-KMOD0DJBFC0
USERNAME=Sunny
USERPROFILE=C:\Documents and Settings\Sunny
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Rajesh
Sunny (admin)
admin.FSS-KMOD0DJBFC0.001 (admin)
ADMIN NEW.FSS-KMOD0DJBFC0 (admin)
share
mummy papa.FSS-KMOD0DJBFC0 (admin)
Administrator.FSS-KMOD0DJBFC0 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> F:\New Folder\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Airtel NetXpert 2.0 --> "C:\Program Files\Airtel\NetXpert\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BT Engine 5.01 --> "C:\Program Files\BT Engine\unins000.exe"
Cambridge Ed TestPrep PLUS --> "C:\Program Files\MANHATTAN\Uninstal.exe"
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Combined Community Codec Pack 2006-12-15 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Convert PowerPoint to HTML V1.20 --> "C:\Program Files\Convert PowerPoint to HTML\unins000.exe"
Convert PPT to PDF For PowerPoint 3.50 --> "C:\Program Files\8848Soft\ppt2pdf\unins000.exe"
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
crystalcastlewp.zip --> C:\PROGRA~1\FILESU~1\CRYSTA~1.ZIP\UNWISE.EXE C:\PROGRA~1\FILESU~1\CRYSTA~1.ZIP\INSTALL.LOG
Desktop Calendar Reminder 1.60 --> C:\Program Files\Desktop Calendar Reminder\uninst.exe
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDExpress --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mediamatics\DVDExpress\Uninst.isu" -c"C:\Program Files\Mediamatics\DVDExpress\mydll.dll"
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
Free iPod Video Converter 1.34 --> "C:\Program Files\Free iPod Video Converter\unins000.exe"
Free PS Convert driver 8.15 --> "C:\Program Files\psconvert\unins000.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GMATPrep™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90D451F1-1F43-4AEC-8F24-D11972551D0E}\setup.exe" -l0x9 -removeonly
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hamachi 1.0.2.1 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Sunny\Desktop\HijackThis.exe" /uninstall
honestech TVR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE27845A-6438-4DCF-AE3D-44EC96CB31CA}\setup.exe" -l0x9
ImageConverter Plus 7.1 --> "C:\Program Files\ImageConverter Plus\unins000.exe"
Internet Explorer Security Plugin 2006 --> "C:\Program Files\Video ActiveX Object\iesuninst.exe"
Internet Security Add-On --> "C:\Program Files\Video ActiveX Object\isauninst.exe"
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
IsoBuster 1.9.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
K-Lite Codec Pack 3.2.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire PRO 4.10.0 --> "C:\Program Files\LimeWire\uninstall.exe"
longhorn555.zip --> C:\PROGRA~1\FILESU~1\LONGHO~1.ZIP\UNWISE.EXE C:\PROGRA~1\FILESU~1\LONGHO~1.ZIP\INSTALL.LOG
Magic ISO Maker v5.3 (build 0216) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Mega Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\Instal

Edited by darkmension, 25 April 2008 - 06:42 AM.

  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program. If it asks to reboot, do not reboot.

Now please create a new Hijackthis Log and post it as a reply.
  • 0

#5
darkmension

darkmension

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok heres the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:26 PM, on 4/25/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sunny\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.booble.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gpmce.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WinWSD Toolbar Helper - {AFC482CE-DC40-497A-AE10-681C072F6F6A} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll
O2 - BHO: XBTBPos00 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - C:\PROGRA~1\REDIFF~2\2.0\REDIFF~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O3 - Toolbar: WinWSD Toolbar - {F1273B21-0B77-4481-BFB9-0A3C399BE3FE} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [RelevantKnowledge] C:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [DOWNLOAD BAT SCR 1] C:\Documents and Settings\All Users\Application Data\SITE ONLINE DOWNLOAD BAT\pile window.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Bows inside 01 1] C:\Documents and Settings\All Users\Application Data\hole send 1 site\wave poll peak.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Tok-Cirrhatus-2025] "C:\Documents and Settings\Rajesh\Local Settings\Application Data\br5073on.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus-1398] "C:\Documents and Settings\Sunny\Local Settings\Application Data\br3819on.exe"
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Rajesh\Local Settings\Application Data\br5073on.exe"
O4 - HKCU\..\Run: [Test Each] C:\DOCUME~1\Rajesh\APPLIC~1\GramView\DupeArmyLies.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [pamela.exe] "C:\Program Files\Pamela\Pamela.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O9 - Extra 'Tools' menuitem: Rediff Toolbar - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EFDB0AC-DC8E-4DC4-9E2D-43D4251EB378}: NameServer = 202.56.215.54,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDA7204C-E0E5-430D-B50B-1A2AECDE3041}: NameServer = 202.56.215.6,202.56.215.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2EB0113-E73A-42F8-BACB-D58566CE2CA7}: NameServer = 202.56.216.6,202.56.215.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 11779 bytes
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bows inside 01 1
    C:\Documents and Settings\All Users\Application Data\hole send 1 site
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOWNLOAD BAT SCR 1
    C:\Documents and Settings\All Users\Application Data\SITE ONLINE DOWNLOAD BAT
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup
    C:\PROGRA~1\NEWDOT~1
    C:\windows\system32\rlvknlg.exe 
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Test Each
    C:\DOCUME~1\Rajesh\APPLIC~1\GramView
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus
    C:\Documents and Settings\Rajesh\Local Settings\Application Data\br5073on.exe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus-1398
    C:\Documents and Settings\Sunny\Local Settings\Application Data\br3819on.exe
    C:\DOCUME~1\Sunny\LOCALS~1\Temp\nya.exe
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{036309A2-B046-F842-0406-040204020301}
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a new Hijackthis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#7
darkmension

darkmension

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok so i am posting here three logs

1)OTMOVEIT LOG


< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bows inside 01 1 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bows inside 01 1\\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\hole send 1 site moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOWNLOAD BAT SCR 1 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOWNLOAD BAT SCR 1\\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\SITE ONLINE DOWNLOAD BAT moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup\\ deleted successfully.
File/Folder C:\PROGRA~1\NEWDOT~1 not found.
File/Folder C:\windows\system32\rlvknlg.exe not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Test Each >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Test Each\\ deleted successfully.
File/Folder C:\DOCUME~1\Rajesh\APPLIC~1\GramView not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus\\ deleted successfully.
File/Folder C:\Documents and Settings\Rajesh\Local Settings\Application Data\br5073on.exe not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus-1398 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus-1398\\ deleted successfully.
File/Folder C:\Documents and Settings\Sunny\Local Settings\Application Data\br3819on.exe not found.
File/Folder C:\DOCUME~1\Sunny\LOCALS~1\Temp\nya.exe not found.
< HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{036309A2-B046-F842-0406-040204020301} >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{036309A2-B046-F842-0406-040204020301}\\ deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04262008_212403


2)MALWAREBYTES' LOG

Malwarebytes' Anti-Malware 1.11
Database version: 685

Scan type: Quick Scan
Objects scanned: 43890
Time elapsed: 24 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xbtb00001.ietoolbar (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbbe1c1a-89f7-4af6-abd1-f8fbcfa47408} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbbe1c1a-89f7-4af6-abd1-f8fbcfa47408} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb00001.ietoolbar.1 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb00001.xbtb00001 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb00001.xbtb00001.1 (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\VideoAXObject.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Video ActiveX Object (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sunny\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Rediff Toolbar\2.0\redifftoolbar.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sunny\Start Menu\Programs\WhenU\Customer Support.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sunny\Start Menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sunny\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sunny\Start Menu\Programs\WhenU\Uninstall Instructions.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sunny\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> Quarantined and deleted successfully.



3)HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:13 PM, on 4/26/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sunny\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.booble.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gpmce.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WinWSD Toolbar Helper - {AFC482CE-DC40-497A-AE10-681C072F6F6A} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: WinWSD Toolbar - {F1273B21-0B77-4481-BFB9-0A3C399BE3FE} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EFDB0AC-DC8E-4DC4-9E2D-43D4251EB378}: NameServer = 202.56.215.54,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDA7204C-E0E5-430D-B50B-1A2AECDE3041}: NameServer = 202.56.215.6,202.56.215.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2EB0113-E73A-42F8-BACB-D58566CE2CA7}: NameServer = 202.56.216.6,202.56.215.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 7000 bytes
  • 0

#8
darkmension

darkmension

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The above hijack log is the one in which the entries in startup option of msconfig were't checked

this is the hijack log taken after checking in all the entires in startup option in msconfig as indicated by you in fourth post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:18 PM, on 4/26/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sunny\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.booble.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.gpmce.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WinWSD Toolbar Helper - {AFC482CE-DC40-497A-AE10-681C072F6F6A} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: WinWSD Toolbar - {F1273B21-0B77-4481-BFB9-0A3C399BE3FE} - C:\Program Files\WinWSD Toolbar\v3.2.0.0\WinWSD_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [nxpclient] C:\Program Files\Airtel\NetXpert\bin\sprtcmd.exe /P nxpclient
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Tok-Cirrhatus-2025] "C:\Documents and Settings\Rajesh\Local Settings\Application Data\br5073on.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [pamela.exe] "C:\Program Files\Pamela\Pamela.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EFDB0AC-DC8E-4DC4-9E2D-43D4251EB378}: NameServer = 202.56.215.54,202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDA7204C-E0E5-430D-B50B-1A2AECDE3041}: NameServer = 202.56.215.6,202.56.215.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2EB0113-E73A-42F8-BACB-D58566CE2CA7}: NameServer = 202.56.216.6,202.56.215.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6B44A0-FD17-4489-9359-97554DE1F50F}: NameServer = 202.56.215.6,202.56.215.55
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 10476 bytes
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Tok-Cirrhatus-2025] "C:\Documents and Settings\Rajesh\Local Settings\Application Data\br5073on.exe"
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm



Now click on Fix Checked and then close Hijackthis.
====================================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
========================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as an html document button:
  • Save the file to your desktop.
  • Attach that information in your next post.

  • 0

#10
darkmension

darkmension

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hey the report file for kaspersky scan is of about 13 mb and here it the upload limit is of only 500 kb

what should i do ?
  • 0

#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please then e-mail it to me kahdah at aol.com replace at with @
  • 0

#12
darkmension

darkmension

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Please then e-mail it to me kahdah at aol.com replace at with @



i have uploaded it here

http://www.2shared.c...c0c/kasper.html

plus i would also mail it to you
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I cannot believe I missed that you have no service pack at all.

The first step in this process should have been me doing this first and that is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP