Thanks for responding.Here is the Malware bytes log file
____________________________________________
Malwarebytes' Anti-Malware 1.12
Database version: 790
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 114140
Time elapsed: 1 hour(s), 37 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Softomate) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6ae02e1c-8859-4f57-9097-5a55a56a4caf} (Adware.BHO) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
E:\WINDOWS\system32\dbghelp.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\dllcache\dbghelp.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
_______________________________________________
below is extra.txt log
_____________________________
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 127.49 MiB / 29.4 MiB
Pagefile Memory (total/avail): 499.29 MiB / 167.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.61 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 7.81 GiB total, 1.12 GiB free.
D: is Fixed (NTFS) - 9.77 GiB total, 4.45 GiB free.
E: is Fixed (NTFS) - 9.77 GiB total, 3.96 GiB free.
F: is Fixed (NTFS) - 9.91 GiB total, 9.27 GiB free.
G: is CDROM (CDFS)
H: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST340810A - 37.27 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 7.81 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 29.45 GiB - D: - E: - F:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 6.2"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\darwin\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MEEBO-DF1253305
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\darwin
LOGONSERVER=\\MEEBO-DF1253305
LSERVRC=C:\Program Files\Common Files\Mercury Interactive\License Manager\lservrc
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\darwin\LOCALS~1\Temp
TMP=C:\DOCUME~1\darwin\LOCALS~1\Temp
USERDOMAIN=MEEBO-DF1253305
USERNAME=darwin
USERPROFILE=C:\Documents and Settings\darwin
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
darwin
(admin)sid
aman
Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
--> "d:\Program Files\PC Protection\fsuninst.exe" /UninstRegKey:"News Service"
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> D:\Program Files\nero7\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3A21486-326E-42C2-BC36-E7E55CEA7FE3}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
GetRight --> "d:\Program Files\GetRight\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "d:\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Lexmark 2300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
Logitech QuickCam --> MsiExec.exe /I{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}
Malwarebytes' Anti-Malware --> "d:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 6.2 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}
Nero 7 Essentials --> MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Sify Broadband 3.22 --> "C:\Program Files\Sify Broadband\unins000.exe"
Unified Report --> "C:\WINDOWS\miuninst6.exe" /s /boot "C:\Program Files\Mercury Interactive\WinRunner\UnifiedReport\dat\miuninst.ini"
VideoLAN VLC media player 0.8.6e --> d:\Program Files\VideoLAN\VLC\uninstall.exe
WinRunner --> C:\WINDOWS\miuninst.exe "C:\Program Files\Mercury Interactive\WinRunner\dat\miuninst.ini"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type4512 / Error
Event Submitted/Written: 05/27/2008 08:34:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 6.2.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type4511 / Error
Event Submitted/Written: 05/27/2008 08:34:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 6.2.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type4492 / Error
Event Submitted/Written: 05/27/2008 09:59:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 6.2.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type4491 / Error
Event Submitted/Written: 05/27/2008 09:59:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 6.2.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type4458 / Error
Event Submitted/Written: 05/25/2008 05:34:07 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application msnmsgr.exe, version 6.2.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type11141 / Error
Event Submitted/Written: 05/27/2008 02:06:58 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053
Event Record #/Type11140 / Error
Event Submitted/Written: 05/27/2008 02:06:57 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
Event Record #/Type11001 / Warning
Event Submitted/Written: 05/24/2008 03:15:24 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type11000 / Warning
Event Submitted/Written: 05/24/2008 02:03:52 PM / 05/24/2008 02:03:53 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type10923 / Warning
Event Submitted/Written: 05/22/2008 11:24:01 PM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to power off MEEBO-DF1253305 failed
-- End of Deckard's System Scanner: finished at 2008-05-27 22:55:23 ------------
_______________________________________________
below is main.txt log
_______________________________________________
Deckard's System Scanner v20071014.68
Run by darwin on 2008-05-27 22:49:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
21: 2008-05-27 17:20:20 UTC - RP74 - Deckard's System Scanner Restore Point
20: 2008-05-24 10:43:47 UTC - RP73 - System Checkpoint
19: 2008-05-22 18:12:06 UTC - RP72 - Installed AVG Free 8.0
18: 2008-05-22 18:04:49 UTC - RP71 - Installed AVG 7.5
17: 2008-05-22 18:03:13 UTC - RP70 - Removed AVG 7.5
-- First Restore Point --
1: 2008-04-30 15:09:16 UTC - RP54 - Uniblue RegistryBooster
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 78% (more than 75%).Total Physical Memory: 128 MiB (512 MiB recommended).System Drive C: has 1.12 GiB (less than 15%) free.-- HijackThis (run as darwin.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:53 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\Program Files\GetRight\GetRight.exe
C:\Downloads\dss.exe
D:\TRENDM~1\HIJACK~1\darwin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sify.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - d:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-484763869-507921405-842925246-1008\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe (User 'aman')
O4 - HKUS\S-1-5-21-484763869-507921405-842925246-1008\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'aman')
O4 - HKUS\S-1-5-21-484763869-507921405-842925246-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'aman')
O4 - HKUS\S-1-5-21-484763869-507921405-842925246-1008\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User 'aman')
O8 - Extra context menu item: &Block this popup - d:\Program Files\PC Protection\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download with GetRight - d:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - d:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - d:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - d:\Program Files\PC Protection\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - d:\Program Files\PC Protection\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{35AD5331-7A67-4C83-946C-DA8FD79D1EF3}: NameServer = 202.144.105.4,202.144.10.50
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - D:\Program Files\nero7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 7010 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 slnt (Realtek Rtl-8139d PCI Fast Ethernet Adapter) - c:\windows\system32\drivers\slnt.sys <Not Verified; Silan Micro-Electronics Inc.; Silan Micro-Electronics Inc.>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S3 NBService - d:\program files\nero7\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-02 17:15:00 378 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-04-27 and 2008-05-27 -----------------------------
2008-05-27 20:58:47 0 d-------- C:\Documents and Settings\darwin\Application Data\Malwarebytes
2008-05-27 20:58:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 15:02:29 0 d-------- C:\Documents and Settings\aman\Application Data\AVGTOOLBAR
2008-05-23 00:12:20 0 d--h----- C:\$AVG8.VAULT$
2008-05-22 23:42:39 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-22 23:42:38 0 d-------- C:\Documents and Settings\darwin\Application Data\AVGTOOLBAR
2008-05-22 23:42:09 0 d-------- C:\Program Files\AVG
2008-05-22 23:42:07 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-21 22:59:03 0 d-------- C:\Downloads
2008-05-21 22:41:25 0 d-------- C:\Documents and Settings\aman\Application Data\GetRight
2008-05-21 22:34:53 0 d-------- C:\Documents and Settings\darwin\Application Data\GetRight
2008-05-21 19:11:52 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-04 17:43:54 0 d-------- C:\Documents and Settings\darwin\Application Data\WinRAR
2008-05-03 19:48:49 0 d-------- C:\Documents and Settings\darwin\Application Data\CyberLink
2008-05-03 19:47:44 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-03 17:54:16 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-03 14:02:42 0 d-------- C:\Documents and Settings\aman\Application Data\Uniblue
2008-05-01 21:42:28 0 d-------- C:\Documents and Settings\aman\Application Data\WinRAR
2008-05-01 19:17:02 0 d-------- C:\Documents and Settings\sid\Application Data\Macromedia
2008-05-01 19:17:01 0 d-------- C:\Documents and Settings\sid\Application Data\Adobe
2008-05-01 18:55:22 0 d-------- C:\Documents and Settings\sid\Application Data\Talkback
2008-05-01 18:54:35 0 d-------- C:\Documents and Settings\sid\Application Data\Mozilla
2008-05-01 18:54:29 0 d-------- C:\Documents and Settings\sid\Application Data\Google
2008-05-01 18:54:06 0 d-------- C:\Documents and Settings\sid\Application Data\vlc
2008-05-01 18:54:05 0 d-------- C:\Documents and Settings\sid\Application Data\Broadband
2008-05-01 18:32:05 0 d-------- C:\Documents and Settings\sid\Application Data\ispnews
2008-04-30 21:35:50 0 d-------- C:\Program Files\Common Files\Mercury Interactive
2008-04-30 21:34:56 294975 --a------ C:\WINDOWS\system32\wrvbasr.dll <Not Verified; Mercury Interactive Corp.; WinRunner>
2008-04-30 21:34:50 69632 --a------ C:\WINDOWS\system32\dzstactx.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Status ActiveX Control>
2008-04-30 21:34:50 253952 --a------ C:\WINDOWS\system32\dzactx.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 ZIP ActiveX Control>
2008-04-30 21:34:50 229376 --a------ C:\WINDOWS\system32\duzactx.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 UnZIP ActiveX Control>
2008-04-30 21:34:48 53248 --a------ C:\WINDOWS\system32\u2ftext.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Visual Basic>
2008-04-30 21:34:48 49152 --a------ C:\WINDOWS\system32\u2fsepv.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Visual Basic>
2008-04-30 21:34:48 49152 --a------ C:\WINDOWS\system32\u2frec.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Visual Basic>
2008-04-30 21:34:48 49152 --a------ C:\WINDOWS\system32\u2fdif.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Visual Basic>
2008-04-30 21:34:48 45056 --a------ C:\WINDOWS\system32\u2ddisk.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports For Visual Basic>
2008-04-30 21:34:48 1056768 --a------ C:\WINDOWS\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic 2000>
2008-04-30 21:34:48 123936 --a------ C:\WINDOWS\system32\p2sodbc.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports Pro For Windows>
2008-04-30 21:34:48 54272 --a------ C:\WINDOWS\system32\p2irdao.dll <Not Verified; ; Crystal Reports for Visual Basic>
2008-04-30 21:34:48 50176 --a------ C:\WINDOWS\system32\p2ctdao.dll <Not Verified; ; Crystal Reports for Visual Basic>
2008-04-30 21:34:47 87040 --a------ C:\WINDOWS\system32\p2bdao.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports for Visual Basic>
2008-04-30 21:34:47 36352 --a------ C:\WINDOWS\system32\p2bbnd.dll <Not Verified; ; Crystal Reports for Visual Basic>
2008-04-30 21:34:47 640512 --a------ C:\WINDOWS\system32\OC30.DLL <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2008-04-30 21:34:45 34816 --a------ C:\WINDOWS\system32\mhrun32.dll <Not Verified; MicroHelp Inc.; OLETools 5.0>
2008-04-30 21:34:44 679936 --a------ C:\WINDOWS\system32\Lead50n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-04-30 21:34:44 18944 --a------ C:\WINDOWS\system32\implode.dll <Not Verified; ; Implode Application>
2008-04-30 21:34:44 69632 --a------ C:\WINDOWS\system32\gswdll32.dll <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-30 21:34:44 279040 --a------ C:\WINDOWS\system32\gswag32.dll <Not Verified; Bits Per Second Ltd; AutoGraph>
2008-04-30 21:34:44 290816 --a------ C:\WINDOWS\system32\gsw32.exe <Not Verified; Bits Per Second Ltd; Graphics Server>
2008-04-30 21:34:43 136704 --a------ C:\WINDOWS\system32\grdkrn32.dll <Not Verified; Apex Software Corporation; APEXGRID>
2008-04-30 21:34:43 32768 --a------ C:\WINDOWS\system32\dzprog32.exe <Not Verified; Inner Media, Inc.; DZPROG32 (Multi-Threading)>
2008-04-30 21:34:43 131072 --a------ C:\WINDOWS\system32\dzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading ZIP DLL>
2008-04-30 21:34:43 49152 --a------ C:\WINDOWS\system32\dz_ez32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 DZ-Easy (Multi-Threaded)>
2008-04-30 21:34:43 110592 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-04-30 21:34:42 36384 --a------ C:\WINDOWS\system32\crxlat32.dll <Not Verified; Crystal Computer Services, Inc.; Crystal Reports for Visual Basic>
2008-04-30 21:34:42 1846784 --a------ C:\WINDOWS\system32\crpe32.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports for Visual Basic>
2008-04-30 21:34:42 606208 --a------ C:\WINDOWS\system32\cr2c40jp.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports for Visual Basic>
2008-04-30 21:34:42 748160 --a------ C:\WINDOWS\system32\co2c40en.dll <Not Verified; ; Crystal Reports for Visual Basic>
2008-04-30 21:34:42 21504 --a------ C:\WINDOWS\system32\cc245jp.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports Professional>
2008-04-30 21:31:58 0 d-------- C:\Program Files\Mercury Interactive
2008-04-30 20:03:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 19:58:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-28 22:04:09 0 d-------- C:\Documents and Settings\aman\Application Data\TuneUp Software
2008-04-28 20:45:40 0 d-------- C:\Documents and Settings\darwin\Application Data\TuneUp Software
2008-04-28 20:45:18 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-27 21:08:20 0 d-------- C:\Program Files\CyberLink
2008-04-27 19:33:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-27 19:29:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-27 19:27:32 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-27 19:20:45 0 d-------- C:\Program Files\Nero
2008-04-27 19:20:45 0 d-------- C:\Program Files\Common Files\Ahead(2)
2008-04-27 18:33:24 0 d-------- C:\Documents and Settings\darwin\Application Data\Uniblue
2008-04-27 17:21:48 3407872 --a------ C:\Documents and Settings\aman\NTUSER.DAT
-- Find3M Report ---------------------------------------------------------------
2008-05-27 20:50:16 0 d-------- C:\Documents and Settings\darwin\Application Data\Broadband
2008-05-14 21:09:16 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 17:34:28 0 d-------- C:\Documents and Settings\darwin\Application Data\Ahead
2008-05-10 08:25:23 0 d-------- C:\Program Files\Lx_cats
2008-05-03 17:54:16 0 d-------- C:\Program Files\Common Files
2008-05-03 17:38:24 0 d-------- C:\Program Files\Ahead
2008-05-02 21:13:17 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-05-02 21:13:16 340 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-04-30 18:25:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-25 18:17:03 0 d-------- C:\Documents and Settings\darwin\Application Data\FaxCtr
2008-04-25 18:07:43 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-04-24 20:29:28 0 d-------- C:\Documents and Settings\darwin\Application Data\Help
2008-04-24 20:25:42 3072 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-04-24 20:25:42 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-04-24 20:25:42 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-04-20 19:55:04 0 d-------- C:\Documents and Settings\darwin\Application Data\ispnews
2008-04-20 19:50:36 1187840 --a------ C:\WINDOWS\system32\winsflt.dll
2008-04-20 18:44:22 0 d-------- C:\Documents and Settings\darwin\Application Data\Sereniti
2008-04-16 22:02:57 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-16 22:02:22 0 d-------- C:\Program Files\Windows Media Components
2008-04-16 22:01:07 0 d-------- C:\Program Files\Logitech
2008-04-15 18:46:48 0 d-------- C:\Documents and Settings\darwin\Application Data\Google
2008-04-05 14:22:25 0 d-------- C:\Documents and Settings\darwin\Application Data\vlc
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/22/2008 11:42 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/22/2008 11:42 PM 2050816]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [07/20/2005 11:18 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [09/24/2001 09:39 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/22/2008 11:42 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [04/21/2006 08:04 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"Uniblue RegistryBooster 2"="D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [05/28/2004 03:22 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"D:\programfiles\adobe reader\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 2300 Series\ezprint.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"d:\Program Files\PC Protection\Common\FSM32.EXE" /splash
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
"d:\Program Files\PC Protection\FSGUI\FSSW.EXE" /reboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"d:\Program Files\PC Protection\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
"C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
"d:\Program Files\PC Protection\FSGUI\ispnews.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SifyBB]
C:\Program Files\Sify Broadband\BBImpSec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
-- End of Deckard's System Scanner: finished at 2008-05-27 22:55:23 ------------