Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possibly have a Keylogger

Started by Ramaddil , Nov 09 2008 08:14 PM

  • Please log in to reply

#1
Ramaddil
Posted 09 November 2008 - 08:14 PM

Ramaddil

    Member

  • Member
  • PipPip
  • 38 posts
This keylogger I have keeps seeming to come back everytime I get rid of it. I have used almost every malware removal/Trojan remover, spyware remover etc etc and I just want to make sure that I am still not infected. The Keylogger has mainly been taking my world of warcraft login info, but I am unsure if any other info is being transmitted.

The programs I have used are the following Spybot S & D, SuperantiSpyware, Symantec Antivirus, Malware Bytes, ATF Cleaner, CC Cleaner and so on.

Please help me.. I am also not able to access the C:\System Volume Information folder it says that Access is denied.. I have made a few back ups after cleaning my system and I do not know if I should or should not have access to that folder.... I see the folder when I run Symantec Anti virus I see all the files it scans in there and I am hoping that there is no viruses still in that folder...

Thanks in advance

Logfile of random's system information tool 1.04 (written by random/random)
Run by Ramaddil at 2008-11-09 20:16:37
Microsoft Windows XP Professional Service Pack 3
System drive C: has 107 GB (35%) free of 305 GB
Total RAM: 2287 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:38 PM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\KeyScrambler\keyscrambler.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ramaddil\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ramaddil.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: CKeyScramblerBHO Object - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1225566817640
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative....101/CTSUEng.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://access.ololr...perSetupSP1.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15105/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8381 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
CKeyScramblerBHO Object - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2008-11-03 836072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - Pa&nicware Pop-Up Stopper Pro - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll [2002-03-08 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"=C:\Program Files\Logitech\G-series Software\LGDCore.exe [2005-11-02 1110079]
"Launch LCDMon"=C:\Program Files\Logitech\G-series Software\LCDMon.exe [2005-11-02 188928]
"amd_dc_opt"=C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe [2006-06-28 106496]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"KeyScrambler"=C:\Program Files\KeyScrambler\keyscrambler.exe [2008-08-26 506344]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2006-11-07 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blubster]
C:\Program Files\Blubster\Blubster.exe SILENT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-05-29 52840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-08-17 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-17 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-03-14 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe [2003-04-27 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE [2008-09-14 3057152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EA Link\Core.exe [2006-11-07 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\dlm.exe [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2007-08-13 5562368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nHancer]
C:\Program Files\KSE\nHancer 32bit\nHancer.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
C:\program files\ncsoft\launcher\NCLauncher.exe [2007-11-01 38128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2006-07-29 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-01-04 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe [2005-04-27 1503232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\\Steam.exe [2008-03-27 1271032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-07-10 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-10-07 125368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2006-11-21 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-11-30 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2006-02-14 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2005-08-04 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ramaddil^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
C:\PROGRA~1\GameSpot\GAMESP~1.EXE [2007-08-25 847872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ramaddil^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
C:\DOCUME~1\ALLUSE~1\APPLIC~1\IWINGA~1\DESKTO~1\DESKTO~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ramaddil^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2007-09-05 557568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-10-07 43448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{CB0A0BE8-AF3C-B1D2-C901-A0C141D91972}"= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="D:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe"="C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"C:\Program Files\Blubster\Blubster.exe"="C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - L:\SCDAAutorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba39e5c3-8733-11db-96ec-806d6172696f}]
shell\AutoRun\command - E:\autorun.exe


======List of files/folders created in the last 1 months======

2008-11-09 20:15:26 ----D---- C:\rsit
2008-11-07 21:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-07 21:38:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-07 21:38:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-07 21:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-07 21:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-07 21:37:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-07 21:36:31 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-07 21:33:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-07 21:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-07 21:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-07 21:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-07 21:33:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-07 21:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-07 21:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-07 21:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-11-07 21:32:33 ----D---- C:\WINDOWS\ie7updates
2008-11-07 21:32:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-07 21:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-07 21:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-07 21:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-11-07 21:31:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-07 21:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-07 21:24:22 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-07 21:23:21 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-07 21:21:46 ----D---- C:\WINDOWS\Prefetch
2008-11-07 21:16:05 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-11-07 21:16:05 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-11-07 21:15:59 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-11-07 21:15:59 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-11-07 21:15:58 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-07 21:15:57 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-07 21:15:56 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-07 21:15:56 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-07 21:15:56 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-07 21:15:56 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-07 21:15:56 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-07 21:15:56 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-07 21:15:55 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-07 21:15:55 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-07 21:15:55 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-07 21:15:55 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-07 21:15:55 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-07 21:15:55 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-07 21:15:55 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-07 21:15:55 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-07 21:15:55 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-07 21:15:55 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-07 21:15:54 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-07 21:15:53 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-11-07 21:15:53 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-07 21:15:53 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-07 21:15:53 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-07 21:15:53 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-07 21:15:52 ----D---- C:\WINDOWS\system32\scripting
2008-11-07 21:15:51 ----D---- C:\WINDOWS\system32\en
2008-11-07 21:15:51 ----D---- C:\WINDOWS\l2schemas
2008-11-07 21:15:50 ----D---- C:\WINDOWS\system32\bits
2008-11-07 21:14:03 ----D---- C:\WINDOWS\network diagnostic
2008-11-07 21:13:21 ----A---- C:\WINDOWS\005456_.tmp
2008-11-07 21:13:20 ----A---- C:\WINDOWS\imsins.BAK
2008-11-07 20:59:24 ----A---- C:\WINDOWS\setuplog.txt
2008-11-07 19:07:54 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-07 17:37:12 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-07 17:36:56 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-07 17:36:56 ----D---- C:\Documents and Settings\Ramaddil\Application Data\SUPERAntiSpyware.com
2008-11-07 16:06:38 ----D---- C:\Documents and Settings\Ramaddil\Application Data\Malwarebytes
2008-11-07 16:06:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-07 16:06:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-07 15:55:26 ----D---- C:\Program Files\CCleaner
2008-11-07 15:30:44 ----D---- C:\Program Files\Trend Micro
2008-11-03 01:27:45 ----D---- C:\Program Files\KeyScrambler
2008-11-01 13:14:43 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-11-01 13:14:42 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-11-01 13:14:36 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-31 19:02:11 ----D---- C:\Program Files\Uniblue
2008-10-26 13:35:50 ----A---- C:\WINDOWS\1.ini
2008-10-15 17:31:36 ----D---- C:\Program Files\Curse
2008-10-15 15:47:59 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard

======List of files/folders modified in the last 1 months======

2008-11-09 18:38:43 ----D---- C:\Program Files\Symantec AntiVirus
2008-11-09 18:38:23 ----D---- C:\WINDOWS\Temp
2008-11-09 14:14:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-09 08:22:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-08 08:03:36 ----D---- C:\WINDOWS
2008-11-08 04:04:36 ----SHD---- C:\WINDOWS\Installer
2008-11-08 04:04:35 ----HD---- C:\Config.Msi
2008-11-08 02:27:07 ----D---- C:\Program Files\Internet Explorer
2008-11-08 00:09:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-07 22:33:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-07 21:52:36 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-07 21:52:35 ----RSD---- C:\WINDOWS\assembly
2008-11-07 21:40:24 ----AD---- C:\WINDOWS\system32
2008-11-07 21:38:29 ----HD---- C:\WINDOWS\inf
2008-11-07 21:38:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-07 21:38:27 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-07 21:38:20 ----D---- C:\WINDOWS\system32\en-US
2008-11-07 21:38:13 ----D---- C:\WINDOWS\system32\drivers
2008-11-07 21:36:32 ----D---- C:\WINDOWS\Debug
2008-11-07 21:35:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-07 21:34:58 ----D---- C:\WINDOWS\WinSxS
2008-11-07 21:33:02 ----D---- C:\Program Files\Messenger
2008-11-07 21:32:06 ----D---- C:\WINDOWS\Registration
2008-11-07 21:26:55 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-07 21:20:48 ----D---- C:\WINDOWS\system32\Setup
2008-11-07 21:20:48 ----D---- C:\WINDOWS\AppPatch
2008-11-07 21:20:47 ----D---- C:\WINDOWS\system32\wbem
2008-11-07 21:20:44 ----RSD---- C:\WINDOWS\Fonts
2008-11-07 21:19:40 ----D---- C:\WINDOWS\security
2008-11-07 21:18:40 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-07 21:15:59 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-07 21:15:59 ----D---- C:\WINDOWS\ime
2008-11-07 21:15:59 ----D---- C:\WINDOWS\Help
2008-11-07 21:15:53 ----D---- C:\WINDOWS\system32\usmt
2008-11-07 21:15:50 ----D---- C:\WINDOWS\peernet
2008-11-07 21:15:50 ----D---- C:\Program Files\Movie Maker
2008-11-07 21:14:40 ----D---- C:\WINDOWS\system32\Restore
2008-11-07 21:14:40 ----D---- C:\WINDOWS\system32\npp
2008-11-07 21:14:40 ----D---- C:\WINDOWS\mui
2008-11-07 21:14:39 ----D---- C:\WINDOWS\srchasst
2008-11-07 21:14:39 ----D---- C:\WINDOWS\msagent
2008-11-07 21:14:39 ----D---- C:\Program Files\NetMeeting
2008-11-07 21:14:38 ----D---- C:\WINDOWS\system32\Com
2008-11-07 21:14:38 ----D---- C:\Program Files\Windows Media Player
2008-11-07 21:14:37 ----D---- C:\Program Files\Windows NT
2008-11-07 21:14:37 ----D---- C:\Program Files\Outlook Express
2008-11-07 21:14:36 ----D---- C:\Program Files\Common Files\System
2008-11-07 21:14:30 ----D---- C:\WINDOWS\system32\oobe
2008-11-07 21:14:30 ----D---- C:\WINDOWS\system
2008-11-07 21:13:11 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-07 21:12:08 ----D---- C:\WINDOWS\EHome
2008-11-07 20:45:52 ----RSH---- C:\boot.ini
2008-11-07 20:45:52 ----N---- C:\WINDOWS\SYSTEM.INI
2008-11-07 20:45:52 ----A---- C:\WINDOWS\win.ini
2008-11-07 19:07:54 ----AD---- C:\Program Files
2008-11-07 19:05:49 ----D---- C:\Program Files\Common Files
2008-11-07 17:35:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-07 17:21:26 ----D---- C:\temp
2008-11-07 16:36:54 ----D---- C:\Music Other
2008-11-07 16:35:57 ----D---- C:\My Shared Folder
2008-11-07 15:58:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-07 15:56:34 ----D---- C:\WINDOWS\Minidump
2008-11-07 15:55:33 ----D---- C:\Program Files\Yahoo!
2008-11-07 15:47:44 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-11-07 15:34:14 ----D---- C:\Program Files\Apple Software Update
2008-11-07 15:34:12 ----SD---- C:\WINDOWS\Tasks
2008-11-07 10:19:14 ----D---- C:\Documents and Settings\Ramaddil\Application Data\HPAppData
2008-11-04 20:21:01 ----D---- C:\WINDOWS\nview
2008-11-04 10:08:07 ----D---- C:\World of Warcraft
2008-11-04 01:37:44 ----D---- C:\Program Files\Mozilla Firefox
2008-10-31 19:11:01 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-31 19:10:36 ----A---- C:\WINDOWS\system32\lsdelete.exe
2008-10-31 19:10:00 ----D---- C:\Program Files\Lavasoft
2008-10-31 17:29:45 ----AD---- C:\Documents and Settings\Ramaddil\Application Data\Command & Conquer 3 Tiberium Wars
2008-10-27 21:54:43 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2008-10-27 14:34:26 ----D---- C:\tempmovie
2008-10-27 14:30:09 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-10-26 13:33:16 ----D---- C:\Program Files\PokerStars.NET
2008-10-23 04:47:49 ----D---- C:\Cd Leys
2008-10-19 13:33:26 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-10-19 13:11:58 ----D---- C:\WINDOWS\pss
2008-10-15 22:18:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-15 16:24:13 ----D---- C:\Documents and Settings\Ramaddil\Application Data\IGN_DLM
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-07-29 30601]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-08-27 189320]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-17 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-17 500480]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-17 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-17 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-17 78336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 1110528]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2008-06-24 113896]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-22 68864]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081108.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081108.004\navex15.sys []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-07-26 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-04-14 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-07-26 415360]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-17 116224]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-25 47360]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 atwxbvpr;atwxbvpr; C:\WINDOWS\system32\drivers\atwxbvpr.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2006-08-17 340176]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 jgameenp;jgameenp; \??\C:\DOCUME~1\Ramaddil\LOCALS~1\Temp\jgameenp.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2005-07-22 13440]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.0 RC 15.8\RivaTuner32.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 st3wolf;st3wolf; C:\WINDOWS\System32\DRIVERS\st3wolf.sys [2003-04-27 99360]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-08-27 23944]
S3 TCCrystalCpuInfo;TCCrystalCpuInfo; \??\C:\DOCUME~1\Ramaddil\LOCALS~1\Temp\TCCpuInfo.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-31 611664]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-05-29 192104]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-05-29 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-10-07 31160]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-07-26 1181016]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-09-22 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-28 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-10-07 116664]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-08-27 214408]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-28 66872]
S4 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-10-07 1822648]

-----------------EOF-----------------

Edited by Ramaddil, 09 November 2008 - 08:21 PM.

  • 0

Advertisements

#2
Ramaddil
Posted 09 November 2008 - 10:36 PM

Ramaddil

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
If any more info is needed I will be happy to provide it

Edited by Ramaddil, 10 November 2008 - 12:21 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP