Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

an unhandled win32 exception occurred in svchost.exe [1556]


  • This topic is locked This topic is locked

#16
techvech

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
hii...
theres a problem ............i have run out of bandwidth......
the updates were of about 125MB +, so i can do that only next week, the next cycle............. :) :)

do you want me to posts the logs for OTL n MBAM ???

sorry.....but we'll have to wait for a few days.... is that fine with u ?

thanks :)

Edited by techvech, 15 September 2009 - 03:59 PM.

  • 0

Advertisements


#17
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,

Ok, sounds good. Just post back here when you can. If it's going to be longer than 7 days, can you please shoot me a PM on your return as I will lose notification of your replys after that.

No need to post an OTL log. I just need to see MBAM and Kaspersky this round.

You can go ahead and wait and post both of those logs at the same time. :)
  • 0

#18
techvech

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
thanks :)
i'll do that in a week or so....
  • 0

#19
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Do you still need help?

Edited by jwang01, 27 September 2009 - 02:44 PM.

  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#21
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Welcome back. :)


Go ahead and run MBAM and the Kaspersky online scan per my previous post. :)
  • 0

#22
techvech

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi!
Sorry for the delay

Here are the logs:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, October 6, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 05, 2009 17:14:57
Records in database: 2917118
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 184196
Threats found: 3
Infected objects found: 3
Suspicious objects found: 2
Scan duration: 04:42:45


File name / Threat / Threats count
C:\WINDOWS\system32\csrcs.exe//93e3rrQ16oC3.au3.tbl.decoded/C:\WINDOWS\system32\csrcs.exe//93e3rrQ16oC3.au3.tbl.decoded Suspicious: Packed.Win32.Krap.l 1
C:\Dev-Cpp\bin\addr2line.exe Infected: not-a-virus:NetTool.Win32.Scan.k 1
C:\Dev-Cpp\bin\ar.exe Infected: not-a-virus:NetTool.Win32.Scan.j 1
C:\Dev-Cpp\mingw32\bin\ar.exe Infected: not-a-virus:NetTool.Win32.Scan.j 1
C:\WINDOWS\system32\csrcs.exe Suspicious: Packed.Win32.Krap.l 1

Selected area has been scanned.



MALWAREBYTES ANTI MALWARE


Malwarebytes' Anti-Malware 1.41
Database version: 2914
Windows 5.1.2600 Service Pack 2

10/6/2009 11:03:46 AM
mbam-log-2009-10-06 (11-03-39).txt

Scan type: Quick Scan
Objects scanned: 127845
Time elapsed: 25 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> No action taken.


PS: Should i "remove selected items" after the MBAM scan finishes ?

Edited by techvech, 05 October 2009 - 11:43 PM.

  • 0

#23
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Yes, please have MBAM remove all the things it finds, and post the log again in your next reply. :)



Also, did you set up the Dev-Cpp program?
  • 0

#24
techvech

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
hi
here's the log


Malwarebytes' Anti-Malware 1.41
Database version: 2914
Windows 5.1.2600 Service Pack 2

10/7/2009 12:33:51 AM
mbam-log-2009-10-07 (00-33-51).txt

Scan type: Quick Scan
Objects scanned: 127845
Time elapsed: 25 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.




I had installed dev cpp long time back.. and as far as i can remember i downloaded it from their website..
  • 0

#25
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Are you still having issues booting into Safe Mode. If so, please do the following:


  • Please download SafeBoot Repair here by sUBs
  • Close all windows and programs.
  • Double click the SafeBootKeyRepair.exe and allow it to run.


Let me know if you are able to boot into safe mode after running the above fix. Also, can you tell me if yiu are experiancing any other problems? :)
  • 0

Advertisements


#26
techvech

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
hey
it works !!!!!!!!! :)
great........... thanks a ton :)

No i don't really face any problems, just a occasional Debug error while using yahoo messenger or IE8...
but nothing of sorts i used to have....

Do you reckon my computer is INFECTION FREE now ????
  • 0

#27
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,

hey
it works !!!!!!!!! :)
great........... thanks a ton :)

No problem. :)



Congratulations!! Your logs look clean! :)

Now we need to do a little house keeping and remove the tools we have used.

  • Click on OTL.exe
  • Click the Clean It button
  • If it tells you to reboot click Yes

MalwareBytes Anti-Malware will still remain on your system. You can easily remove it by unintalling it via Add/Remove programs. However, you may want to keep it as it is a very usefull tool to have.


Now we need to make sure your system files are still hidden. Some of the tools we use here may change that. It is very important to re-hide those
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.



Reseting System Restore Points.

Next you will need to reset your restore points to delete any malware that may be hiding there. Then create a fresh, clean restore point.


Windows XP:
  • Right click on My Computer
  • Click on Properties
  • Click on the tab that reads System Restore
  • Click turn off System Restore and apply
  • Reboot your Computer

2.Turn back on system restore.
  • Right click My Computer
  • Click on Properties
  • Click on the System Restore Tab
  • now un-check turn off system Restore and apply

Windows Vista:

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done


Now the next list is some programs I like to recommend to people to help keep your computer safer. Keep in mind that these are all optional.

MalwareBytes Anti Malware
This is an exellent On Access Anti-Malware Scanner.

SuperAntiSpyware
This is an Anti-Spyware program that will help protect your PC with Real Time Protection. You should have one Anti-Spyware program that scans in real time. This will help prevent your PC from picking up any more malware.


TFC
This will help delete all temporary files.

Firefox
This is an alternative for Internet Explorer. Firefox is a more secure internet browser.


You should also make sure Windows is up to date. You can simply go to Start and go to Windows Update to find out. I would recommend turning on Automatic Updates.

Heres how to do it:

  • Go to Start
  • Click on the Control Panel
  • Click on Security
  • Then click on Windows update
  • Then settings to turn Windows Update On/Off


You should check and make sure that you keep your Anti-Virus up to date. This is also a crucial part of your security. You can do this by clicking on your Anti-Virus and clicking on update. If your AV has an automatic update feature, i would recommend turning it on in the settings menu.

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein)

Good luck and safe surfing :)
  • 0

#28
techvech

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Windows XP:

•Right click on My Computer
•Click on Properties
•Click on the tab that reads System Restore
•Click turn off System Restore and apply
•Reboot your Computer


Couldn't find the System Restore tab

Start > All Programs >> Accessories >> System Tools >> System Restore


this also leads to nothing...
  • 0

#29
jwang01

jwang01

    Trusted Helper

  • Malware Removal
  • 2,567 posts
Hello,


Ok, let's try and figure this out. This seems to be a common problem with many different solutions. Something has corrupted or disabled it. Please try the following. If the first option does not fix it, try option two. :)


Option 1:

  • Download OTL to your desktop.


Then


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Services
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\SystemRestore]
    "DisableSR"=dword:00000000
    
    :Files
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Option Two:


You will need your Windows CD to do the following:


  • Insert your XP CD
  • Click Start/Run and type:rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf
  • Follow all the prompts


Let me know if any of those did the trick. :)
  • 0

#30
techvech

techvech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi !
The first step didn't enable it:
You want me to go ahead with the second method ?
Edit : i cannot go ahead with the second method.. :)

Heres the OTL log


OTL logfile created on: 10/9/2009 12:02:06 PM - Run 4
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\aashish\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 513.34 Mb Available Physical Memory | 50.63% Memory free
2.90 Gb Paging File | 2.40 Gb Available in Paging File | 82.72% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 6.06 Gb Free Space | 20.20% Space Free | Partition Type: NTFS
Drive D: | 25.89 Gb Total Space | 10.70 Gb Free Space | 41.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AASHISH-B4GS7NQ
Current User Name: aashish
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/05 20:39:07 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/10 04:40:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe
PRC - [2008/11/15 10:23:13 | 06,447,744 | ---- | M] () -- C:\Program Files\BitNami Drupal 6 Stack\mysql\bin\mysqld.exe
PRC - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2009/06/30 01:01:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2005/10/14 16:21:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2008/12/10 04:40:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe
PRC - [2009/05/28 19:02:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/07/31 19:06:24 | 00,458,752 | ---- | M] (Conexant Systems Inc.) -- C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
PRC - [2001/11/06 13:32:42 | 00,131,072 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2009/06/30 01:01:14 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/11/28 16:52:00 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2005/11/28 16:55:58 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/04/17 15:34:42 | 16,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/05 20:40:06 | 01,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/08/29 11:30:12 | 00,966,656 | ---- | M] () -- C:\Documents and Settings\aashish\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/05/28 19:02:28 | 00,380,416 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2001/07/13 10:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/09 11:55:42 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aashish\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/10/05 20:39:07 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2008/12/10 04:40:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- C:\Program Files\BitNami Drupal 6 Stack\apache2\bin\httpd.exe -- (drupalApache [Auto | Running])
SRV - [2008/11/15 10:23:13 | 06,447,744 | ---- | M] () -- C:\Program Files\BitNami Drupal 6 Stack\mysql\bin\mysqld.exe -- (drupalMySQL [Auto | Running])
SRV - [2009/06/30 22:47:42 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - File not found -- -- (gjunj [Disabled | Stopped])
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [On_Demand | Running])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/30 01:01:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2005/10/14 16:21:45 | 28,768,528 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])
SRV - [2005/10/14 16:20:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
SRV - [2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Disabled | Stopped])
SRV - [2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/05/28 19:02:26 | 00,053,760 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc [Auto | Running])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2005/10/14 16:21:12 | 00,239,320 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2005/10/14 03:53:50 | 00,087,768 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - File not found -- -- (tdgfv [Disabled | Stopped])
SRV - [1998/06/06 00:00:00 | 00,034,036 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge [On_Demand | Stopped])
SRV - [2004/08/04 00:56:52 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
SRV - [2008/11/10 02:18:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.14907
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..keyword.URL: "http://mystart.incre...est_v2&search="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/30 01:01:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\WaterProof\PHPEdit\3.4.2\Tools\FirefoxExtension\unpacked [2009/08/30 23:49:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/09 23:15:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/09 23:15:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/09 23:15:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/06/29 00:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Extensions
[2009/06/29 00:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/18 20:17:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions
[2009/07/06 23:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/29 16:39:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/07/05 16:50:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\mozilla\Firefox\Profiles\z5c7iqzw.default\extensions\[email protected]
[2009/08/31 01:37:19 | 00,002,149 | ---- | M] () -- C:\Documents and Settings\aashish\Application Data\Mozilla\FireFox\Profiles\z5c7iqzw.default\searchplugins\MyStart Search.xml
[2009/09/18 20:07:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/08 21:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/02 22:54:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/30 01:01:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/18 20:07:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/02/20 07:13:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/20 07:13:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/30 01:01:14 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/24 11:40:40 | 00,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDimdimControl.dll
[2009/02/20 07:13:35 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/09 23:15:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/09 23:15:55 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/09 23:15:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/02/20 01:03:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/20 01:03:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/20 01:03:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/20 01:03:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/20 01:03:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/20 01:03:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/20 01:03:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1446 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CnxDslTaskBar] C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe (Conexant Systems Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\aashish\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Scan link by Dr.Web - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {52A2AAAE-085D-4187-97EA-8C30DB990436} http://localhost/iis...common/i386.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/28 19:47:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0efaa14a-6886-11de-a264-0016d490f6c8}\Shell\AutoRun\command - "" = G:\etqcri.exe -- File not found
O33 - MountPoints2\{0efaa14a-6886-11de-a264-0016d490f6c8}\Shell\explore\Command - "" = G:\etqcri.exe -- File not found
O33 - MountPoints2\{0efaa14a-6886-11de-a264-0016d490f6c8}\Shell\open\Command - "" = G:\etqcri.exe -- File not found
O33 - MountPoints2\{336a8500-a610-11de-a964-fed7406a6df8}\Shell\AutoRun\command - "" = F:\geyxlg.exe -- File not found
O33 - MountPoints2\{336a8500-a610-11de-a964-fed7406a6df8}\Shell\explore\Command - "" = F:\geyxlg.exe -- File not found
O33 - MountPoints2\{336a8500-a610-11de-a964-fed7406a6df8}\Shell\open\Command - "" = F:\geyxlg.exe -- File not found
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e421db08-78e0-11de-a89f-806d6172696f}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[1 C:\Documents and Settings\aashish\Desktop\*.tmp files]
[2009/10/09 11:56:33 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/09 11:55:27 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\aashish\Desktop\OTL.exe
[2009/10/08 01:41:03 | 00,288,654 | ---- | C] ( ) -- C:\Documents and Settings\aashish\Desktop\SafeBootKeyRepair.exe
[2009/10/07 23:56:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\aashish\Desktop\New Folder
[2009/10/07 00:00:54 | 25,853,714 | ---- | C] (PLT) -- C:\Documents and Settings\aashish\Desktop\plt-4.2.2-bin-i386-win32.exe

========== Files - Modified Within 14 Days ==========

[1 C:\Documents and Settings\aashish\Desktop\*.tmp files]
[2009/10/09 11:59:32 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZyXEL DIAL UP.lnk
[2009/10/09 11:59:30 | 00,000,253 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZyXEL ADSL USB Modem Control Panel.lnk
[2009/10/09 11:58:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/09 11:58:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/09 11:58:05 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/09 11:56:16 | 00,305,152 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\websitematerial.sept.091.doc
[2009/10/09 11:55:42 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\aashish\Desktop\OTL.exe
[2009/10/09 11:45:08 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7ADC0B50-4764-441D-9201-DA2D7DD25D30}.job
[2009/10/08 01:53:02 | 02,768,208 | -H-- | M] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\IconCache.db
[2009/10/08 01:41:08 | 00,288,654 | ---- | M] ( ) -- C:\Documents and Settings\aashish\Desktop\SafeBootKeyRepair.exe
[2009/10/07 23:38:14 | 00,010,194 | ---- | M] () -- C:\Documents and Settings\aashish\My Documents\Wipro Career - Challenge for the Mind_ Reward for the Soul_.htm
[2009/10/07 00:52:42 | 00,058,056 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Med_Guide.pdf
[2009/10/07 00:32:27 | 00,805,888 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\TeachYourselfSchemeinFixnumDays.doc
[2009/10/07 00:00:56 | 25,853,714 | ---- | M] (PLT) -- C:\Documents and Settings\aashish\Desktop\plt-4.2.2-bin-i386-win32.exe
[2009/10/05 20:43:18 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/10/05 20:43:11 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/10/05 20:43:07 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/10/05 20:43:05 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/10/05 20:28:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/03 13:43:31 | 00,001,414 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2009/10/02 20:32:42 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/01 18:06:54 | 00,002,293 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\Macromedia Dreamweaver 8.lnk
[2009/09/27 00:23:45 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\aashish\Desktop\CONTACTS.xls

========== Files - No Company Name ==========
[2009/10/09 11:56:16 | 00,305,152 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\websitematerial.sept.091.doc
[2009/10/09 11:28:29 | 10,633,09312 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/07 23:38:14 | 00,010,194 | ---- | C] () -- C:\Documents and Settings\aashish\My Documents\Wipro Career - Challenge for the Mind_ Reward for the Soul_.htm
[2009/10/07 00:52:42 | 00,058,056 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\Med_Guide.pdf
[2009/10/07 00:32:21 | 00,805,888 | ---- | C] () -- C:\Documents and Settings\aashish\Desktop\TeachYourselfSchemeinFixnumDays.doc
[2009/09/05 01:15:49 | 00,030,032 | ---- | C] () -- C:\Documents and Settings\aashish\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/03 22:48:19 | 00,006,656 | ---- | C] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/29 00:48:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/06/28 23:45:48 | 00,000,273 | ---- | C] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\devcpp.cfg
[2009/06/28 23:45:40 | 00,004,121 | ---- | C] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\devcpp.ini
[2009/06/28 20:55:26 | 00,030,032 | ---- | C] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/28 20:00:06 | 02,768,208 | -H-- | C] () -- C:\Documents and Settings\aashish\Local Settings\Application Data\IconCache.db
[2009/06/28 19:59:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\aashish\Application Data\desktop.ini

========== LOP Check ==========

[2009/09/18 01:00:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\aashish\Application Data
[2009/07/25 12:02:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\DataLayer
[2009/08/07 21:36:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Dimdim
[2009/08/24 13:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\dvdcss
[2009/08/29 23:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\FileZilla
[2009/07/27 23:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Nokia Multimedia Player
[2009/08/10 01:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Notepad++
[2009/06/28 23:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\PC Suite
[2009/09/08 02:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\Thunderbird
[2009/08/24 21:17:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\TigerPlayer
[2009/08/30 23:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\aashish\Application Data\WaterProof
[2009/09/18 01:10:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/18 01:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/09/09 23:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/28 23:35:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2009/06/28 23:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/06/30 22:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/08 01:04:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/31 01:49:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/08/31 01:45:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/09/07 02:16:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/09/06 21:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/07 21:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/06/29 00:39:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/10/08 02:09:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/28 20:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/09/09 21:46:54 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/08/18 22:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/09 11:58:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/09 11:45:08 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7ADC0B50-4764-441D-9201-DA2D7DD25D30}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Edited by techvech, 09 October 2009 - 12:07 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP