Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Running Slow! [Closed]

Started by Rafi12 , Dec 28 2008 09:40 AM

  • This topic is locked This topic is locked

#16
Rafi12
Posted 31 December 2008 - 12:33 PM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Here you go :).

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule27\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"authentication packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\vssms32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Rafi12\Local Settings\Temp\Rar$EX00.609\aimb0YdXL.exe deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\4b2b31b3-.txt moved successfully.
File/Folder C:\WINDOWS\system32\vssms32.exe not found.
C:\WINDOWS\tasks\vboaaimb.job moved successfully.
C:\WINDOWS\system32\oveyofuf.ini moved successfully.
C:\WINDOWS\system32\xFgOqXyb.ini2 moved successfully.
C:\WINDOWS\system32\xFgOqXyb.ini moved successfully.
C:\WINDOWS\system32\cont_adsoftinc-remove.exe moved successfully.
File/Folder C:\WINDOWS\system32\wutupile.dll not found.
C:\WINDOWS\system32\melunule.dll.tmp moved successfully.
C:\WINDOWS\system32\zenonabi.dll.tmp moved successfully.
C:\WINDOWS\system32\tomavita.dll.tmp moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Rafi12\LOCALS~1\Temp\etilqs_UCYQYCBhOoB1gNTtvdZw scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12312008_131414

Files moved on Reboot...
File C:\DOCUME~1\Rafi12\LOCALS~1\Temp\etilqs_UCYQYCBhOoB1gNTtvdZw not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Rafi12\Local Settings\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\XUL.mfl moved successfully.
  • 0

Advertisements

#17
XmichouX
Posted 01 January 2009 - 07:26 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi

Please post me a new RSIT log.

Happy New Year :)

Regards,
  • 0

#18
Rafi12
Posted 01 January 2009 - 07:47 AM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Here it is. Happy New Year to u too.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rafi12 at 2009-01-01 08:44:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 43 GB (59%) free of 72 GB
Total RAM: 510 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:18 AM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Rafi12\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rafi12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabaz...er/tdserver.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co...sreqlab_srl.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 10077 bytes
  • 0

#19
Rafi12
Posted 01 January 2009 - 07:48 AM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Here's the other part.

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3582859218-466029492-1563943610-1008.job
C:\WINDOWS\tasks\Schedule Task Weekly.job
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A94B111-4504-4e26-AB05-E61E474AA38B}]
Ask Search Assistant BHO - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL [2007-09-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-17 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-25 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-25 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-25 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-25 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-17 185896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-31 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-01 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Google Update"=C:\Documents and Settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-31 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-12-17 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2007-11-13 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe [2005-07-22 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE [2008-05-20 3053056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-05-17 214560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-04-23 228088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SalaatTime]
C:\Program Files\Salaat Time\SalaatTime.exe [2008-05-15 13496320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-01 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-17 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE [2008-10-14 161264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MI1933~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rafi12^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MI1933~1\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1133652213\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1133652213\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1133652213\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1133652213\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1155049086\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1155049086\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1155049086\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1155049086\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\MapleStory.exe"="C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\NewPatcher.exe"="C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\Patcher.exe"="C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Nexon\MapleStory\Patcher.exe"="C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Rafi12\Desktop\OdinMS\OdinMS.exe"="C:\Documents and Settings\Rafi12\Desktop\OdinMS\OdinMS.exe:*:Enabled:MapleStory"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\WindSlayer\WindSlayer.exe"="C:\Program Files\WindSlayer\WindSlayer.exe:*:Enabled:WindSlayer"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\RAFI UDDIN\Desktop\MapleStory\MapleStory\Patcher.exe"="C:\Documents and Settings\RAFI UDDIN\Desktop\MapleStory\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Documents and Settings\Rafi12\Desktop\GzbotPRo\gzbotPRO.exe"="C:\Documents and Settings\Rafi12\Desktop\GzbotPRo\gzbotPRO.exe:*:Enabled:gzbotPRO"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\TightVNC\WinVNC.exe"="C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\softnyx\WolfTeam\Wolfteam.bin"="C:\Program Files\softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\dlcccoms.exe"="C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:dlcccoms"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\AUTORUN\AUTORUN.EXE


======List of files/folders created in the last 1 months======

2008-12-31 13:30:50 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-31 13:30:50 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-31 13:30:50 ----A---- C:\WINDOWS\system32\java.exe
2008-12-31 13:30:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-31 13:14:14 ----D---- C:\_OTMoveIt
2008-12-31 12:58:19 ----A---- C:\WINDOWS\imsins.BAK
2008-12-31 12:56:26 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-12-31 12:51:14 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-31 11:30:42 ----D---- C:\Avenger
2008-12-30 14:35:21 ----D---- C:\Documents and Settings\Rafi12\Application Data\WinRAR
2008-12-30 14:13:17 ----D---- C:\WINDOWS\ERUNT
2008-12-30 14:11:04 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-30 14:06:03 ----A---- C:\SAFEBOOT_REPAIR.TXT
2008-12-30 11:19:25 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2008-12-30 11:17:07 ----RASHOT---- C:\WINDOWS\winstart.bat
2008-12-30 11:16:39 ----D---- C:\Program Files\UnHackMe
2008-12-29 20:12:22 ----D---- C:\SDFix
2008-12-29 11:06:18 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-28 19:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-28 19:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-28 14:43:41 ----D---- C:\rsit
2008-12-28 09:05:49 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-28 08:51:53 ----D---- C:\WINDOWS\Prefetch
2008-12-28 08:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-28 08:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-28 08:39:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-28 08:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-28 08:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-28 08:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-28 08:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-28 08:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-28 08:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-28 08:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-28 08:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-28 08:38:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-28 08:38:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-28 08:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-28 08:38:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-28 08:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-28 08:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-28 08:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-28 08:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-28 08:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-28 08:33:43 ----D---- C:\WINDOWS\system32\scripting
2008-12-28 08:33:43 ----D---- C:\WINDOWS\l2schemas
2008-12-28 08:33:42 ----D---- C:\WINDOWS\system32\en
2008-12-28 08:33:42 ----D---- C:\WINDOWS\system32\bits
2008-12-28 08:31:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-28 08:25:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-27 23:00:51 ----D---- C:\WINDOWS\EHome
2008-12-27 22:53:16 ----D---- C:\WINDOWS\ERDNT
2008-12-27 22:52:53 ----D---- C:\Program Files\ERUNT
2008-12-27 22:32:55 ----D---- C:\Program Files\Trend Micro
2008-12-26 23:16:28 ----D---- C:\Program Files\Alwil Software
2008-12-22 17:06:38 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-21 12:41:26 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-12-21 12:32:59 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-21 12:30:43 ----RHD---- C:\MSOCache
2008-12-19 23:12:43 ----D---- C:\Program Files\Common Files\Download Manager
2008-12-19 19:53:48 ----D---- C:\Program Files\Microsoft Small Business
2008-12-19 19:48:23 ----D---- C:\Program Files\Microsoft.NET
2008-12-19 19:41:03 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-19 17:03:44 ----D---- C:\Documents and Settings\Rafi12\Application Data\Malwarebytes
2008-12-19 17:03:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 17:03:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-18 19:54:33 ----D---- C:\Documents and Settings\Rafi12\Application Data\Simply Super Software
2008-12-18 19:54:33 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-12-10 22:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 22:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 22:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-10 22:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-07 19:45:42 ----A---- C:\cmdline.txt
2008-12-06 19:12:48 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-12-06 11:33:42 ----D---- C:\Documents and Settings\Rafi12\Application Data\Roxio
2008-12-06 11:28:03 ----D---- C:\Documents and Settings\Rafi12\Application Data\Research In Motion
2008-12-06 11:27:22 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-12-06 11:25:03 ----D---- C:\Program Files\Roxio
2008-12-06 11:25:03 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-12-06 11:24:55 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-12-06 11:20:01 ----D---- C:\Documents and Settings\Rafi12\Application Data\Blackberry Desktop
2008-12-06 11:19:34 ----D---- C:\Program Files\Common Files\Research In Motion
2008-12-06 11:19:23 ----D---- C:\Program Files\Research In Motion

======List of files/folders modified in the last 1 months======

2009-01-01 08:40:52 ----D---- C:\Program Files\Mozilla Firefox
2009-01-01 08:40:34 ----D---- C:\WINDOWS\temp
2009-01-01 08:37:02 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-01-01 08:36:54 ----D---- C:\WINDOWS
2009-01-01 00:56:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-01 00:13:19 ----D---- C:\WINDOWS\system32
2008-12-31 22:54:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-31 22:11:34 ----D---- C:\WINDOWS\system32\drivers
2008-12-31 18:17:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-31 14:37:09 ----SHD---- C:\WINDOWS\Installer
2008-12-31 14:37:09 ----D---- C:\Program Files\Java
2008-12-31 14:34:03 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-31 14:24:35 ----RD---- C:\Program Files
2008-12-31 14:12:19 ----SD---- C:\WINDOWS\Tasks
2008-12-31 13:36:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-31 13:36:51 ----HD---- C:\WINDOWS\inf
2008-12-31 13:36:51 ----D---- C:\WINDOWS\system32\en-US
2008-12-31 13:36:51 ----D---- C:\WINDOWS\Media
2008-12-31 13:36:51 ----D---- C:\WINDOWS\Help
2008-12-31 13:36:50 ----D---- C:\Program Files\Internet Explorer
2008-12-31 13:07:28 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-31 11:50:13 ----D---- C:\Program Files\Spyware Doctor
2008-12-31 11:48:26 ----D---- C:\Program Files\Dl_cats
2008-12-30 13:01:20 ----HD---- C:\Documents and Settings\Rafi12\Application Data\ijjigame
2008-12-30 10:07:32 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-30 09:25:46 ----SHD---- C:\RECYCLER
2008-12-30 09:08:20 ----D---- C:\Documents and Settings
2008-12-29 20:52:14 ----D---- C:\Program Files\MUSICMATCH
2008-12-29 20:48:02 ----D---- C:\Perl
2008-12-29 12:34:02 ----SHD---- C:\System Volume Information
2008-12-29 12:34:02 ----D---- C:\WINDOWS\system32\Restore
2008-12-29 12:29:19 ----D---- C:\WINDOWS\security
2008-12-29 11:06:26 ----D---- C:\Program Files\DNA
2008-12-29 10:27:11 ----D---- C:\WINDOWS\system32\config
2008-12-29 00:14:34 ----D---- C:\WINDOWS\Debug
2008-12-28 16:36:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-28 15:59:26 ----RASH---- C:\boot.ini
2008-12-28 15:59:26 ----A---- C:\WINDOWS\win.ini
2008-12-28 15:59:26 ----A---- C:\WINDOWS\system.ini
2008-12-28 15:45:18 ----D---- C:\Program Files\Cheat Engine
2008-12-28 09:06:07 ----D---- C:\Program Files\AIM6
2008-12-28 09:05:30 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-28 09:05:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-12-28 08:54:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-28 08:51:24 ----RSD---- C:\WINDOWS\Fonts
2008-12-28 08:51:24 ----D---- C:\WINDOWS\system32\wbem
2008-12-28 08:51:24 ----D---- C:\WINDOWS\system32\Setup
2008-12-28 08:51:24 ----D---- C:\WINDOWS\AppPatch
2008-12-28 08:39:59 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-28 08:38:09 ----D---- C:\Program Files\Messenger
2008-12-28 08:34:02 ----D---- C:\WINDOWS\WinSxS
2008-12-28 08:33:57 ----D---- C:\WINDOWS\network diagnostic
2008-12-28 08:33:57 ----D---- C:\WINDOWS\ime
2008-12-28 08:33:44 ----D---- C:\WINDOWS\system32\usmt
2008-12-28 08:33:42 ----D---- C:\WINDOWS\PeerNet
2008-12-28 08:33:42 ----D---- C:\Program Files\Movie Maker
2008-12-28 08:31:28 ----D---- C:\WINDOWS\system32\npp
2008-12-28 08:31:27 ----D---- C:\WINDOWS\msagent
2008-12-28 08:31:26 ----D---- C:\WINDOWS\srchasst
2008-12-28 08:31:25 ----D---- C:\Program Files\NetMeeting
2008-12-28 08:31:24 ----D---- C:\WINDOWS\system32\Com
2008-12-28 08:31:22 ----D---- C:\Program Files\Windows NT
2008-12-28 08:31:22 ----D---- C:\Program Files\Windows Media Player
2008-12-28 08:31:21 ----D---- C:\Program Files\Outlook Express
2008-12-28 08:31:19 ----D---- C:\Program Files\Common Files\System
2008-12-28 08:31:06 ----D---- C:\WINDOWS\system32\oobe
2008-12-28 08:31:05 ----D---- C:\WINDOWS\system
2008-12-28 08:29:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-27 14:49:41 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-12-25 20:00:32 ----D---- C:\Program Files\Google
2008-12-25 19:58:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-22 18:24:23 ----D---- C:\Program Files\Common Files
2008-12-22 18:23:55 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-22 18:13:19 ----SD---- C:\Documents and Settings\Rafi12\Application Data\Microsoft
2008-12-21 12:43:16 ----D---- C:\Documents and Settings\Rafi12\Application Data\GetRightToGo
2008-12-21 12:41:45 ----RSD---- C:\WINDOWS\assembly
2008-12-21 12:38:43 ----D---- C:\Program Files\Microsoft Works
2008-12-21 12:38:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-21 12:38:06 ----D---- C:\Program Files\Microsoft Office
2008-12-21 12:34:21 ----D---- C:\WINDOWS\ShellNew
2008-12-19 21:06:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-19 20:06:31 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-19 19:42:46 ----D---- C:\WINDOWS\Registration
2008-12-13 16:42:14 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-06 11:27:05 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-06 11:25:54 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-12-03 17801]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 npkcrypt;npkcrypt; \??\C:\Program Files\Wizet\MapleStory\npkcrypt.sys []
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 BCM43XX;Linksys Wireless-G PCI Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Rafi12\LOCALS~1\Temp\catchme.sys []
S3 Dua1;Dua1; \??\C:\Documents and Settings\RAFI UDDIN\My Documents\My Music\DualEngi.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-01 25280]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53; \??\C:\Documents and Settings\Rafi12\Desktop\Moonlight\Moonlight\IlvMoney1224.sys []
S3 MooseKOPMA;MooseKOPMA; \??\C:\Documents and Settings\RAFI UDDIN\Desktop\Unused Desktop Shortcuts\MooseKOPMA.sys []
S3 MzBot.sys;MzBot.sys; \??\C:\WINDOWS\system32\MzBot.sys []
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 toBzM;toBzM; \??\C:\toBzM.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-31 152984]
R2 npkcmsvc;npkcmsvc; C:\Nexon\MapleStory\npkcmsvc.exe [2008-12-17 88728]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2005-11-22 712416]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-04-22 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-23 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23 166648]
S2 WMP54GSSVC;WMP54GSSVC; C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 dlcc_device;dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [2005-06-21 491520]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-22 88824]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-23 1010424]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
  • 0

#20
XmichouX
Posted 01 January 2009 - 01:56 PM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

Hi,

One or more of the identified infections is a Rogue.

A rogue is a false safety program which settles via pages of inopportune publicities, and which once installed, request to be bought to clean oneself-saying it infection.

For more informations about rogue programms, see here : > http://www.spywarewa...nti-spyware.htm

Please don't use MSConfig during the disinfection :)

1) Posted Image HijackThis
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

2) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):
  • Rapid Antivirus
  • SpywareBot
  • Viewpoint

Optional Removals :
Viewpoint Manager is considered as softtware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546

3) Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
explorer.exe

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

:files
C:\Windows\system32\msiconf.exe
C:\Program Files\Rapid Antivirus
C:\Program Files\SpywareBot
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\Viewpoint

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please post a new RSIT log now :)
  • 0

#21
Rafi12
Posted 01 January 2009 - 07:01 PM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Here's the OTMoveIt3 log.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\\ deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\msiconf.exe not found.
File/Folder C:\Program Files\Rapid Antivirus not found.
File/Folder C:\Program Files\SpywareBot not found.
C:\WINDOWS\tasks\SpywareBot Scheduled Scan.job moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint moved successfully.
File/Folder C:\Program Files\Viewpoint not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_778.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01012009_195418

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_778.dat not found!
  • 0

#22
Rafi12
Posted 01 January 2009 - 07:04 PM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Here's the RSIT log.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rafi12 at 2009-01-01 20:02:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 43 GB (59%) free of 72 GB
Total RAM: 510 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:38 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rafi12\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Rafi12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabaz...er/tdserver.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co...sreqlab_srl.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5036.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 9776 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3582859218-466029492-1563943610-1008.job
C:\WINDOWS\tasks\Schedule Task Weekly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A94B111-4504-4e26-AB05-E61E474AA38B}]
Ask Search Assistant BHO - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL [2007-09-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-17 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-25 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-25 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-25 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-25 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-17 185896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-31 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-01 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Google Update"=C:\Documents and Settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-31 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-12-17 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2005-05-15 332800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2007-11-13 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe [2005-07-22 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE [2008-05-20 3053056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2008-05-17 214560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-04-23 228088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SalaatTime]
C:\Program Files\Salaat Time\SalaatTime.exe [2008-05-15 13496320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-01 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-17 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2003-10-29 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE [2008-10-14 161264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MI1933~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rafi12^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MI1933~1\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1133652213\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1133652213\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1133652213\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1133652213\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\AOL\1155049086\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1155049086\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1155049086\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1155049086\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\MapleStory.exe"="C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\NewPatcher.exe"="C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\Patcher.exe"="C:\Documents and Settings\Rafi12\Desktop\MapleStory\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Nexon\MapleStory\Patcher.exe"="C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Rafi12\Desktop\OdinMS\OdinMS.exe"="C:\Documents and Settings\Rafi12\Desktop\OdinMS\OdinMS.exe:*:Enabled:MapleStory"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\WindSlayer\WindSlayer.exe"="C:\Program Files\WindSlayer\WindSlayer.exe:*:Enabled:WindSlayer"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\RAFI UDDIN\Desktop\MapleStory\MapleStory\Patcher.exe"="C:\Documents and Settings\RAFI UDDIN\Desktop\MapleStory\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Documents and Settings\Rafi12\Desktop\GzbotPRo\gzbotPRO.exe"="C:\Documents and Settings\Rafi12\Desktop\GzbotPRo\gzbotPRO.exe:*:Enabled:gzbotPRO"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\TightVNC\WinVNC.exe"="C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\softnyx\WolfTeam\Wolfteam.bin"="C:\Program Files\softnyx\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\dlcccoms.exe"="C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:dlcccoms"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 1 months======

2008-12-31 13:30:50 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-31 13:30:50 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-31 13:30:50 ----A---- C:\WINDOWS\system32\java.exe
2008-12-31 13:30:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-31 13:14:14 ----D---- C:\_OTMoveIt
2008-12-31 12:58:19 ----A---- C:\WINDOWS\imsins.BAK
2008-12-31 12:56:26 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-12-31 12:51:14 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-31 11:30:42 ----D---- C:\Avenger
2008-12-30 14:35:21 ----D---- C:\Documents and Settings\Rafi12\Application Data\WinRAR
2008-12-30 14:13:17 ----D---- C:\WINDOWS\ERUNT
2008-12-30 14:11:04 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-30 14:06:03 ----A---- C:\SAFEBOOT_REPAIR.TXT
2008-12-30 11:19:25 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2008-12-30 11:17:07 ----RASHOT---- C:\WINDOWS\winstart.bat
2008-12-30 11:16:39 ----D---- C:\Program Files\UnHackMe
2008-12-29 20:12:22 ----D---- C:\SDFix
2008-12-29 11:06:18 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-28 19:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-28 19:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-28 14:43:41 ----D---- C:\rsit
2008-12-28 09:05:49 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-28 08:51:53 ----D---- C:\WINDOWS\Prefetch
2008-12-28 08:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-28 08:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-28 08:39:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-28 08:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-28 08:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-28 08:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-28 08:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-28 08:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-28 08:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-28 08:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-28 08:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-28 08:38:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-28 08:38:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-28 08:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-28 08:38:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-28 08:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-28 08:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-28 08:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-28 08:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-28 08:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-28 08:33:43 ----D---- C:\WINDOWS\system32\scripting
2008-12-28 08:33:43 ----D---- C:\WINDOWS\l2schemas
2008-12-28 08:33:42 ----D---- C:\WINDOWS\system32\en
2008-12-28 08:33:42 ----D---- C:\WINDOWS\system32\bits
2008-12-28 08:31:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-28 08:25:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-27 23:00:51 ----D---- C:\WINDOWS\EHome
2008-12-27 22:53:16 ----D---- C:\WINDOWS\ERDNT
2008-12-27 22:52:53 ----D---- C:\Program Files\ERUNT
2008-12-27 22:32:55 ----D---- C:\Program Files\Trend Micro
2008-12-26 23:16:28 ----D---- C:\Program Files\Alwil Software
2008-12-22 17:06:38 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-21 12:41:26 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-12-21 12:32:59 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-21 12:30:43 ----RHD---- C:\MSOCache
2008-12-19 23:12:43 ----D---- C:\Program Files\Common Files\Download Manager
2008-12-19 19:53:48 ----D---- C:\Program Files\Microsoft Small Business
2008-12-19 19:48:23 ----D---- C:\Program Files\Microsoft.NET
2008-12-19 19:41:03 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-19 17:03:44 ----D---- C:\Documents and Settings\Rafi12\Application Data\Malwarebytes
2008-12-19 17:03:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 17:03:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-18 19:54:33 ----D---- C:\Documents and Settings\Rafi12\Application Data\Simply Super Software
2008-12-18 19:54:33 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-12-10 22:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 22:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 22:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-10 22:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-07 19:45:42 ----A---- C:\cmdline.txt
2008-12-06 19:12:48 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-12-06 11:33:42 ----D---- C:\Documents and Settings\Rafi12\Application Data\Roxio
2008-12-06 11:28:03 ----D---- C:\Documents and Settings\Rafi12\Application Data\Research In Motion
2008-12-06 11:27:22 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-12-06 11:25:03 ----D---- C:\Program Files\Roxio
2008-12-06 11:25:03 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-12-06 11:24:55 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-12-06 11:20:01 ----D---- C:\Documents and Settings\Rafi12\Application Data\Blackberry Desktop
2008-12-06 11:19:34 ----D---- C:\Program Files\Common Files\Research In Motion
2008-12-06 11:19:23 ----D---- C:\Program Files\Research In Motion

======List of files/folders modified in the last 1 months======

2009-01-01 20:00:46 ----D---- C:\WINDOWS\temp
2009-01-01 20:00:46 ----D---- C:\WINDOWS\system32
2009-01-01 19:55:56 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-01-01 19:54:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-01 19:54:18 ----SD---- C:\WINDOWS\Tasks
2009-01-01 19:48:00 ----D---- C:\Program Files\Mozilla Firefox
2009-01-01 15:38:17 ----D---- C:\WINDOWS
2009-01-01 15:29:56 ----D---- C:\Program Files\Dl_cats
2009-01-01 13:19:43 ----D---- C:\WINDOWS\system32\FxsTmp
2009-01-01 12:30:27 ----D---- C:\WINDOWS\system32\drivers
2008-12-31 22:54:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-31 18:17:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-31 14:37:09 ----SHD---- C:\WINDOWS\Installer
2008-12-31 14:37:09 ----D---- C:\Program Files\Java
2008-12-31 14:24:35 ----RD---- C:\Program Files
2008-12-31 13:36:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-31 13:36:51 ----HD---- C:\WINDOWS\inf
2008-12-31 13:36:51 ----D---- C:\WINDOWS\system32\en-US
2008-12-31 13:36:51 ----D---- C:\WINDOWS\Media
2008-12-31 13:36:51 ----D---- C:\WINDOWS\Help
2008-12-31 13:36:50 ----D---- C:\Program Files\Internet Explorer
2008-12-31 11:50:13 ----D---- C:\Program Files\Spyware Doctor
2008-12-30 13:01:20 ----HD---- C:\Documents and Settings\Rafi12\Application Data\ijjigame
2008-12-30 10:07:32 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-30 09:25:46 ----SHD---- C:\RECYCLER
2008-12-30 09:08:20 ----D---- C:\Documents and Settings
2008-12-29 20:52:14 ----D---- C:\Program Files\MUSICMATCH
2008-12-29 20:48:02 ----D---- C:\Perl
2008-12-29 12:34:02 ----SHD---- C:\System Volume Information
2008-12-29 12:34:02 ----D---- C:\WINDOWS\system32\Restore
2008-12-29 12:29:19 ----D---- C:\WINDOWS\security
2008-12-29 11:06:26 ----D---- C:\Program Files\DNA
2008-12-29 10:27:11 ----D---- C:\WINDOWS\system32\config
2008-12-29 00:14:34 ----D---- C:\WINDOWS\Debug
2008-12-28 16:36:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-28 15:59:26 ----RASH---- C:\boot.ini
2008-12-28 15:59:26 ----A---- C:\WINDOWS\win.ini
2008-12-28 15:59:26 ----A---- C:\WINDOWS\system.ini
2008-12-28 15:45:18 ----D---- C:\Program Files\Cheat Engine
2008-12-28 09:06:07 ----D---- C:\Program Files\AIM6
2008-12-28 09:05:30 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-28 09:05:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-12-28 08:54:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-28 08:51:24 ----RSD---- C:\WINDOWS\Fonts
2008-12-28 08:51:24 ----D---- C:\WINDOWS\system32\wbem
2008-12-28 08:51:24 ----D---- C:\WINDOWS\system32\Setup
2008-12-28 08:51:24 ----D---- C:\WINDOWS\AppPatch
2008-12-28 08:39:59 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-28 08:38:09 ----D---- C:\Program Files\Messenger
2008-12-28 08:34:02 ----D---- C:\WINDOWS\WinSxS
2008-12-28 08:33:57 ----D---- C:\WINDOWS\network diagnostic
2008-12-28 08:33:57 ----D---- C:\WINDOWS\ime
2008-12-28 08:33:44 ----D---- C:\WINDOWS\system32\usmt
2008-12-28 08:33:42 ----D---- C:\WINDOWS\PeerNet
2008-12-28 08:33:42 ----D---- C:\Program Files\Movie Maker
2008-12-28 08:31:28 ----D---- C:\WINDOWS\system32\npp
2008-12-28 08:31:27 ----D---- C:\WINDOWS\msagent
2008-12-28 08:31:26 ----D---- C:\WINDOWS\srchasst
2008-12-28 08:31:25 ----D---- C:\Program Files\NetMeeting
2008-12-28 08:31:24 ----D---- C:\WINDOWS\system32\Com
2008-12-28 08:31:22 ----D---- C:\Program Files\Windows NT
2008-12-28 08:31:22 ----D---- C:\Program Files\Windows Media Player
2008-12-28 08:31:21 ----D---- C:\Program Files\Outlook Express
2008-12-28 08:31:19 ----D---- C:\Program Files\Common Files\System
2008-12-28 08:31:06 ----D---- C:\WINDOWS\system32\oobe
2008-12-28 08:31:05 ----D---- C:\WINDOWS\system
2008-12-28 08:29:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-27 14:49:41 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-12-25 20:00:32 ----D---- C:\Program Files\Google
2008-12-25 19:58:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-22 18:24:23 ----D---- C:\Program Files\Common Files
2008-12-22 18:23:55 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-22 18:13:19 ----SD---- C:\Documents and Settings\Rafi12\Application Data\Microsoft
2008-12-21 12:43:16 ----D---- C:\Documents and Settings\Rafi12\Application Data\GetRightToGo
2008-12-21 12:41:45 ----RSD---- C:\WINDOWS\assembly
2008-12-21 12:38:43 ----D---- C:\Program Files\Microsoft Works
2008-12-21 12:38:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-21 12:38:06 ----D---- C:\Program Files\Microsoft Office
2008-12-21 12:34:21 ----D---- C:\WINDOWS\ShellNew
2008-12-19 21:06:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-19 20:06:31 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-19 19:42:46 ----D---- C:\WINDOWS\Registration
2008-12-13 16:42:14 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-06 11:27:05 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-06 11:25:54 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-12-03 17801]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 npkcrypt;npkcrypt; \??\C:\Program Files\Wizet\MapleStory\npkcrypt.sys []
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 BCM43XX;Linksys Wireless-G PCI Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Rafi12\LOCALS~1\Temp\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 Dua1;Dua1; \??\C:\Documents and Settings\RAFI UDDIN\My Documents\My Music\DualEngi.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-01 25280]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53; \??\C:\Documents and Settings\Rafi12\Desktop\Moonlight\Moonlight\IlvMoney1224.sys []
S3 MooseKOPMA;MooseKOPMA; \??\C:\Documents and Settings\RAFI UDDIN\Desktop\Unused Desktop Shortcuts\MooseKOPMA.sys []
S3 MzBot.sys;MzBot.sys; \??\C:\WINDOWS\system32\MzBot.sys []
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 toBzM;toBzM; \??\C:\toBzM.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva189;XDva189; \??\C:\WINDOWS\system32\XDva189.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-31 152984]
R2 npkcmsvc;npkcmsvc; C:\Nexon\MapleStory\npkcmsvc.exe [2008-12-17 88728]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2005-11-22 712416]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-04-22 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-23 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23 166648]
S2 WMP54GSSVC;WMP54GSSVC; C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 dlcc_device;dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [2005-06-21 491520]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-22 88824]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-23 1010424]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
  • 0

#23
XmichouX
Posted 02 January 2009 - 10:16 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

1) Download Rooter.exe (Eric 71) on your Desktop.
  • Double-click Rooter.exe, a window will open, you'll must to wait.
  • Post here the report which opens.
Note : The report is here : %SystemDrive%\Rooter.txt (%SystemDrive% being the partition where is installed Windows; C:\ typically)

2) Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • 0

#24
Rafi12
Posted 02 January 2009 - 10:51 AM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Here's the Rooter.txt,

.
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : Rafi12 ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:41 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

Fri 01/02/2009|11:49

----------------------\\ Search..

C:\WINDOWS\system32\BeKSAJjl.ini
C:\WINDOWS\system32\BeKSAJjl.ini2
C:\WINDOWS\system32\prrsYJlm.ini
C:\WINDOWS\system32\prrsYJlm.ini2
C:\WINDOWS\system32\tAdgQXbc.ini
C:\WINDOWS\system32\tAdgQXbc.ini2
C:\WINDOWS\system32\UEdggMoq.ini
C:\WINDOWS\system32\UEdggMoq.ini2
C:\WINDOWS\system32\xyGggfii.ini
C:\WINDOWS\system32\xyGggfii.ini2
==> VUNDO <==

----------------------\\ KoobFace !

C:\WINDOWS\joke.gif


1 - "C:\Rooter$\Rooter_1.txt" - Fri 01/02/2009|11:50

----------------------\\ Scan completed at 11:50
  • 0

#25
Rafi12
Posted 02 January 2009 - 12:08 PM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

First when i scanned my computer the scanner caused my computer to freeze and then i rebooted. The next scan caused a unusual restart of my computer. How can i fix this problem?
  • 0

Advertisements

#26
XmichouX
Posted 02 January 2009 - 01:46 PM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Regards,
  • 0

#27
Rafi12
Posted 02 January 2009 - 05:45 PM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

Here's the Combo Fix log.
ComboFix 09-01-01.02 - Rafi12 2009-01-02 18:29:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.305 [GMT -5:00]
Running from: c:\documents and settings\Rafi12\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\RAFI UDDIN\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Rafi12\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\windows\system32\BeKSAJjl.ini
c:\windows\system32\BeKSAJjl.ini2
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekagknkkyfv.sys
c:\windows\system32\prrsYJlm.ini
c:\windows\system32\prrsYJlm.ini2
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekalog.dat
c:\windows\system32\senekamupltpkr.dll
c:\windows\system32\senekaovnralnq.dll
c:\windows\system32\senekaunyvbqpu.dll
c:\windows\system32\tAdgQXbc.ini
c:\windows\system32\tAdgQXbc.ini2
c:\windows\system32\UEdggMoq.ini
c:\windows\system32\UEdggMoq.ini2
c:\windows\system32\xyGggfii.ini
c:\windows\system32\xyGggfii.ini2

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-01-02 11:48 . 2009-01-02 11:50 <DIR> d-------- C:\Rooter$
2009-01-01 20:22 . 2009-01-01 20:22 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Apple Computer
2008-12-31 19:36 . 2008-12-31 19:36 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Nexon
2008-12-31 17:54 . 2008-12-31 17:54 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\acccore
2008-12-31 13:30 . 2008-12-31 13:30 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 13:23 . 2008-12-31 13:28 <DIR> d-------- c:\documents and settings\Rafi12\.SunDownloadManager
2008-12-31 13:14 . 2008-12-31 13:14 <DIR> d-------- C:\_OTMoveIt
2008-12-31 12:58 . 2008-12-31 12:58 1,393 --a------ c:\windows\imsins.BAK
2008-12-31 12:56 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2008-12-31 11:37 . 2008-12-31 11:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzNjc1Mzl8_
2008-12-31 11:37 . 2008-12-31 11:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus
2008-12-30 14:19 . 2008-12-30 14:19 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-30 14:13 . 2008-12-30 14:13 <DIR> d-------- c:\windows\ERUNT
2008-12-30 12:49 . 2008-12-30 17:14 76,288 --a------ c:\windows\111.gbna2
2008-12-30 11:17 . 2008-12-30 11:17 (2) -rahs-ot- c:\windows\winstart.bat
2008-12-30 11:16 . 2008-12-30 13:54 <DIR> d-------- c:\program files\UnHackMe
2008-12-30 09:26 . 2008-12-30 09:26 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Malwarebytes
2008-12-30 09:08 . 2005-10-14 20:20 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Jasc Software Inc
2008-12-30 09:08 . 2008-12-30 09:10 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\GTek
2008-12-30 09:08 . 2008-12-30 09:08 <DIR> d-------- c:\documents and settings\Juhi.RAFI
2008-12-29 20:41 . 2001-08-17 13:28 542,879 --a------ c:\windows\system32\dllcache\hsf_msft.sys
2008-12-29 20:41 . 2001-08-17 13:28 391,199 --a------ c:\windows\system32\dllcache\hsf_k56k.sys
2008-12-29 20:41 . 2001-08-17 13:28 289,887 --a------ c:\windows\system32\dllcache\hsf_fall.sys
2008-12-29 20:41 . 2001-08-17 13:28 199,711 --a------ c:\windows\system32\dllcache\hsf_faxx.sys
2008-12-29 20:41 . 2001-08-17 13:28 150,239 --a------ c:\windows\system32\dllcache\hsf_amos.sys
2008-12-29 20:41 . 2001-08-17 13:28 115,807 --a------ c:\windows\system32\dllcache\hsf_fsks.sys
2008-12-29 20:41 . 2001-08-17 13:28 67,167 --a------ c:\windows\system32\dllcache\hsf_bsc2.sys
2008-12-29 20:41 . 2001-08-17 13:28 57,471 --a------ c:\windows\system32\dllcache\hsf_samp.sys
2008-12-29 20:41 . 2001-08-17 22:36 19,456 --a------ c:\windows\system32\dllcache\hr1w.dll
2008-12-29 20:41 . 2001-08-17 22:36 9,759 --a------ c:\windows\system32\dllcache\hsf_inst.dll
2008-12-29 20:41 . 2001-08-17 13:52 5,760 --a------ c:\windows\system32\dllcache\hpt4qic.sys
2008-12-29 20:39 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2008-12-29 20:38 . 2004-08-03 21:32 137,088 --a------ c:\windows\system32\dllcache\essm2e.sys
2008-12-29 20:37 . 2001-08-17 12:17 629,952 --a------ c:\windows\system32\dllcache\eqn.sys
2008-12-29 20:36 . 2001-08-17 13:28 634,134 --a------ c:\windows\system32\dllcache\el656ct5.sys
2008-12-29 20:35 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2008-12-29 20:34 . 2001-08-17 22:36 256,512 --a------ c:\windows\system32\dllcache\devcon32.dll
2008-12-29 20:33 . 2001-08-17 12:13 980,034 --a------ c:\windows\system32\dllcache\cicap.sys
2008-12-29 20:32 . 2001-08-17 13:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys
2008-12-29 20:31 . 2001-08-17 13:28 762,780 --a------ c:\windows\system32\dllcache\3cwmcru.sys
2008-12-29 20:30 . 2008-02-21 01:12 36,864 --a------ c:\windows\system32\MD5.ocx
2008-12-29 20:12 . 2008-12-31 21:40 <DIR> d-------- C:\SDFix
2008-12-28 14:43 . 2008-12-28 14:44 <DIR> d-------- C:\rsit
2008-12-28 09:05 . 2008-12-28 09:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\system32\scripting
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\system32\en
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\system32\bits
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\l2schemas
2008-12-28 08:31 . 2008-12-28 08:31 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-27 23:00 . 2008-12-28 08:25 <DIR> d-------- c:\windows\EHome
2008-12-27 22:52 . 2008-12-27 22:53 <DIR> d-------- c:\program files\ERUNT
2008-12-27 22:32 . 2008-12-27 22:32 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 23:16 . 2008-12-26 23:16 <DIR> d-------- c:\program files\Alwil Software
2008-12-24 18:39 . 2008-12-25 22:55 18,432 --a------ c:\windows\111.gzbt3
2008-12-22 18:06 . 2008-12-22 18:07 <DIR> d-------- c:\documents and settings\RAFI UDDIN\Application Data\SUPERAntiSpyware.com
2008-12-22 17:06 . 2008-12-22 18:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-21 12:41 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-21 12:32 . 2008-12-21 12:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 12:30 . 2008-12-21 12:30 <DIR> dr-h----- C:\MSOCache
2008-12-19 23:12 . 2008-12-19 23:12 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-12-19 19:53 . 2008-12-19 21:06 <DIR> d-------- c:\program files\Microsoft Small Business
2008-12-19 19:48 . 2008-12-21 12:37 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-19 19:41 . 2008-12-19 19:52 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Malwarebytes
2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 17:03 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 17:03 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 15:53 . 2008-12-22 18:25 <DIR> d-------- c:\documents and settings\RAFI UDDIN\Application Data\Spyware Terminator
2008-12-18 19:54 . 2008-12-18 19:54 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Simply Super Software
2008-12-18 19:54 . 2008-12-18 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-06 11:33 . 2008-12-06 11:33 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Roxio
2008-12-06 11:28 . 2008-12-06 11:28 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Research In Motion
2008-12-06 11:28 . 2008-12-06 11:52 256 --a------ c:\windows\system32\pool.bin
2008-12-06 11:27 . 2008-12-06 11:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-06 11:25 . 2008-12-06 11:25 <DIR> d-------- c:\program files\Roxio
2008-12-06 11:25 . 2008-12-06 11:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-12-06 11:24 . 2008-12-06 11:25 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-12-06 11:20 . 2008-12-06 11:20 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Blackberry Desktop
2008-12-06 11:20 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-12-06 11:20 . 2008-12-06 11:20 4,128 --a------ C:\INFCACHE.1
2008-12-06 11:19 . 2008-12-06 11:19 <DIR> d-------- c:\program files\Research In Motion
2008-12-06 11:19 . 2008-12-06 11:19 <DIR> d-------- c:\program files\Common Files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 22:09 27,236 ----a-w c:\documents and settings\Rafi12\Application Data\wklnhst.dat
2009-01-02 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-02 16:47 --------- d-----w c:\program files\Dl_cats
2009-01-01 03:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-31 19:37 --------- d-----w c:\program files\Java
2008-12-31 16:50 --------- d-----w c:\program files\Spyware Doctor
2008-12-30 18:01 --------- d--h--w c:\documents and settings\Rafi12\Application Data\ijjigame
2008-12-30 01:52 --------- d-----w c:\program files\MUSICMATCH
2008-12-29 16:26 --------- d-----w c:\documents and settings\RAFI UDDIN\Application Data\DNA
2008-12-29 16:06 --------- d-----w c:\program files\DNA
2008-12-28 20:45 --------- d-----w c:\program files\Cheat Engine
2008-12-28 14:06 --------- d-----w c:\program files\AIM6
2008-12-28 14:05 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-28 14:05 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-27 19:49 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-12-26 01:00 --------- d-----w c:\program files\Google
2008-12-22 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-21 17:43 --------- d-----w c:\documents and settings\Rafi12\Application Data\GetRightToGo
2008-12-21 17:38 --------- d-----w c:\program files\Microsoft Works
2008-12-13 21:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-06 16:27 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-11-23 03:15 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-23 03:03 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2008-11-18 20:41 --------- d-----w c:\documents and settings\Rafi12\Application Data\Twain
2008-11-16 23:31 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\gadcom
2008-11-16 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 15:09 --------- d-----w c:\documents and settings\Rafi12\Application Data\SUPERAntiSpyware.com
2008-11-16 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-11-16 01:21 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\GetModule
2008-11-11 19:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 19:13 --------- d-----w c:\program files\WarRock
2008-11-08 13:37 --------- d-----w c:\program files\Conduit
2008-11-04 01:01 --------- d-----w c:\documents and settings\Rafi12\Application Data\DNA
2008-11-02 14:58 --------- d-----w c:\program files\Symantec
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-10 00:58 64,736 -c--a-w c:\documents and settings\Rafi12\Application Data\GDIPFONTCACHEV1.DAT
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-05 00:40 9,998 ----a-w c:\documents and settings\RAFI UDDIN\Application Data\wklnhst.dat
2008-08-20 19:46 64,736 ----a-w c:\documents and settings\RAFI UDDIN\Application Data\GDIPFONTCACHEV1.DAT
2008-12-02 16:49 642,048 ----a-w c:\program files\mozilla firefox\components\nsadsoftinc.dll
2006-10-12 03:09 94,208 --sh--w c:\windows\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2007-09-22 61440]

[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-01 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-31 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-17 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-01 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rafi12^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-17 19:19 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2005-05-15 02:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
--a------ 2007-11-13 16:46 135168 c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-06 01:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a--c--- 2005-07-22 14:03 425984 c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-01-27 01:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-05-20 20:11 3053056 c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-05-17 20:03 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-04-23 11:43 228088 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SalaatTime]
--------- 2008-05-15 21:01 13496320 c:\program files\Salaat Time\SalaatTime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 19:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-01 15:48 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-17 20:03 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\RAFI UDDIN\\Desktop\\MapleStory\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\softnyx\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC Server
"6000:TCP"= 6000:TCP:Touchpad Media Server

R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2006-08-30 2368]
S3 Dua1;Dua1;\??\c:\documents and settings\RAFI UDDIN\My Documents\My Music\DualEngi.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\Rafi12\Desktop\Moonlight\Moonlight\IlvMoney1224.sys []
S3 MooseKOPMA;MooseKOPMA;\??\c:\documents and settings\RAFI UDDIN\Desktop\Unused Desktop Shortcuts\MooseKOPMA.sys [2006-05-13 3712]
S3 MzBot.sys;MzBot.sys;\??\c:\windows\system32\MzBot.sys [2007-04-01 3584]
S3 toBzM;toBzM;\??\C:\toBzM.sys []
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{624363bf-4251-11da-bb66-806d6172696f}]
\Shell\AutoRun\command - d:\autorun\AUTORUN.EXE

*Newly Created Service* - GTNDIS5
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3582859218-466029492-1563943610-1008.job
- c:\documents and settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-31 13:56]

2008-12-08 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: *.servername
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd

c:\windows\Downloaded Program Files\sysreqlab_ind.dll - O16 -: {5727FF4C-EF4E-4d96-A96C-03AD91910448}
hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
FF - ProfilePath - c:\documents and settings\Rafi12\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsadsoftinc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Rafi12\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 18:34:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\seneka]
"imagepath"="\systemroot\system32\drivers\senekagknkkyfv.sys"
.
Completion time: 2009-01-02 18:39:29
ComboFix-quarantined-files.txt 2009-01-02 23:39:26

Pre-Run: 43,828,596,736 bytes free
Post-Run: 44,556,550,144 bytes free

383 --- E O F --- 2008-12-29 00:17:23
  • 0

#28
XmichouX
Posted 03 January 2009 - 08:35 AM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

Run a CFscript :

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
seneka

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{624363bf-4251-11da-bb66-806d6172696f}]

File::
c:\windows\system32\pool.bin
C:\WINDOWS\joke.gif
c:\windows\111.gbna2
c:\windows\111.gzbt3
c:\windows\system32\drivers\senekagknkkyfv.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,
  • 0

#29
Rafi12
Posted 03 January 2009 - 09:41 AM

Rafi12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi,

ComboFix 09-01-01.02 - Rafi12 2009-01-03 10:08:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.261 [GMT -5:00]
Running from: c:\documents and settings\Rafi12\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rafi12\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
c:\windows\111.gbna2
c:\windows\111.gzbt3
c:\windows\joke.gif
c:\windows\system32\drivers\senekagknkkyfv.sys
c:\windows\system32\pool.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\111.gbna2
c:\windows\111.gzbt3
c:\windows\joke.gif
c:\windows\system32\pool.bin

.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.

2009-01-02 19:31 . 2009-01-02 19:31 833,216 --a------ c:\windows\system32\rn.tmp
2009-01-02 19:12 . 2009-01-02 19:12 1,640 --a------ c:\windows\system32\msexcr.ini
2009-01-02 11:48 . 2009-01-02 11:50 <DIR> d-------- C:\Rooter$
2009-01-01 20:22 . 2009-01-01 20:22 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Apple Computer
2008-12-31 19:36 . 2008-12-31 19:36 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Nexon
2008-12-31 17:54 . 2008-12-31 17:54 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\acccore
2008-12-31 13:30 . 2008-12-31 13:30 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 13:23 . 2008-12-31 13:28 <DIR> d-------- c:\documents and settings\Rafi12\.SunDownloadManager
2008-12-31 13:14 . 2008-12-31 13:14 <DIR> d-------- C:\_OTMoveIt
2008-12-31 12:58 . 2008-12-31 12:58 1,393 --a------ c:\windows\imsins.BAK
2008-12-31 12:56 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2008-12-31 11:37 . 2008-12-31 11:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzNjc1Mzl8_
2008-12-31 11:37 . 2008-12-31 11:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus
2008-12-30 14:19 . 2008-12-30 14:19 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2008-12-30 14:13 . 2008-12-30 14:13 <DIR> d-------- c:\windows\ERUNT
2008-12-30 11:17 . 2008-12-30 11:17 (2) -rahs-ot- c:\windows\winstart.bat
2008-12-30 11:16 . 2008-12-30 13:54 <DIR> d-------- c:\program files\UnHackMe
2008-12-30 09:26 . 2008-12-30 09:26 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Malwarebytes
2008-12-30 09:08 . 2005-10-14 20:20 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\Jasc Software Inc
2008-12-30 09:08 . 2008-12-30 09:10 <DIR> d-------- c:\documents and settings\Juhi.RAFI\Application Data\GTek
2008-12-30 09:08 . 2008-12-30 09:08 <DIR> d-------- c:\documents and settings\Juhi.RAFI
2008-12-29 20:41 . 2001-08-17 13:28 542,879 --a------ c:\windows\system32\dllcache\hsf_msft.sys
2008-12-29 20:41 . 2001-08-17 13:28 391,199 --a------ c:\windows\system32\dllcache\hsf_k56k.sys
2008-12-29 20:41 . 2001-08-17 13:28 289,887 --a------ c:\windows\system32\dllcache\hsf_fall.sys
2008-12-29 20:41 . 2001-08-17 13:28 199,711 --a------ c:\windows\system32\dllcache\hsf_faxx.sys
2008-12-29 20:41 . 2001-08-17 13:28 150,239 --a------ c:\windows\system32\dllcache\hsf_amos.sys
2008-12-29 20:41 . 2001-08-17 13:28 115,807 --a------ c:\windows\system32\dllcache\hsf_fsks.sys
2008-12-29 20:41 . 2001-08-17 13:28 67,167 --a------ c:\windows\system32\dllcache\hsf_bsc2.sys
2008-12-29 20:41 . 2001-08-17 13:28 57,471 --a------ c:\windows\system32\dllcache\hsf_samp.sys
2008-12-29 20:41 . 2001-08-17 22:36 19,456 --a------ c:\windows\system32\dllcache\hr1w.dll
2008-12-29 20:41 . 2001-08-17 22:36 9,759 --a------ c:\windows\system32\dllcache\hsf_inst.dll
2008-12-29 20:41 . 2001-08-17 13:52 5,760 --a------ c:\windows\system32\dllcache\hpt4qic.sys
2008-12-29 20:39 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2008-12-29 20:38 . 2004-08-03 21:32 137,088 --a------ c:\windows\system32\dllcache\essm2e.sys
2008-12-29 20:37 . 2001-08-17 12:17 629,952 --a------ c:\windows\system32\dllcache\eqn.sys
2008-12-29 20:36 . 2001-08-17 13:28 634,134 --a------ c:\windows\system32\dllcache\el656ct5.sys
2008-12-29 20:35 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2008-12-29 20:34 . 2001-08-17 22:36 256,512 --a------ c:\windows\system32\dllcache\devcon32.dll
2008-12-29 20:33 . 2001-08-17 12:13 980,034 --a------ c:\windows\system32\dllcache\cicap.sys
2008-12-29 20:32 . 2001-08-17 13:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys
2008-12-29 20:31 . 2001-08-17 13:28 762,780 --a------ c:\windows\system32\dllcache\3cwmcru.sys
2008-12-29 20:30 . 2008-02-21 01:12 36,864 --a------ c:\windows\system32\MD5.ocx
2008-12-29 20:12 . 2008-12-31 21:40 <DIR> d-------- C:\SDFix
2008-12-28 14:43 . 2008-12-28 14:44 <DIR> d-------- C:\rsit
2008-12-28 09:05 . 2008-12-28 09:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\system32\scripting
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\system32\en
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\system32\bits
2008-12-28 08:33 . 2008-12-28 08:33 <DIR> d-------- c:\windows\l2schemas
2008-12-28 08:31 . 2008-12-28 08:31 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-27 23:00 . 2008-12-28 08:25 <DIR> d-------- c:\windows\EHome
2008-12-27 22:52 . 2008-12-27 22:53 <DIR> d-------- c:\program files\ERUNT
2008-12-27 22:32 . 2008-12-27 22:32 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 23:16 . 2008-12-26 23:16 <DIR> d-------- c:\program files\Alwil Software
2008-12-22 18:06 . 2008-12-22 18:07 <DIR> d-------- c:\documents and settings\RAFI UDDIN\Application Data\SUPERAntiSpyware.com
2008-12-22 17:06 . 2008-12-22 18:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-21 12:41 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-21 12:32 . 2008-12-21 12:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-21 12:30 . 2008-12-21 12:30 <DIR> dr-h----- C:\MSOCache
2008-12-19 23:12 . 2008-12-19 23:12 <DIR> d-------- c:\program files\Common Files\Download Manager
2008-12-19 19:53 . 2008-12-19 21:06 <DIR> d-------- c:\program files\Microsoft Small Business
2008-12-19 19:48 . 2008-12-21 12:37 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-19 19:41 . 2008-12-19 19:52 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Malwarebytes
2008-12-19 17:03 . 2008-12-19 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 17:03 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 17:03 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 15:53 . 2008-12-22 18:25 <DIR> d-------- c:\documents and settings\RAFI UDDIN\Application Data\Spyware Terminator
2008-12-18 19:54 . 2008-12-18 19:54 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Simply Super Software
2008-12-18 19:54 . 2008-12-18 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-06 11:33 . 2008-12-06 11:33 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Roxio
2008-12-06 11:28 . 2008-12-06 11:28 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Research In Motion
2008-12-06 11:27 . 2008-12-06 11:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-06 11:25 . 2008-12-06 11:25 <DIR> d-------- c:\program files\Roxio
2008-12-06 11:25 . 2008-12-06 11:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-12-06 11:24 . 2008-12-06 11:25 <DIR> d-------- c:\program files\Common Files\Roxio Shared
2008-12-06 11:20 . 2008-12-06 11:20 <DIR> d-------- c:\documents and settings\Rafi12\Application Data\Blackberry Desktop
2008-12-06 11:20 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-12-06 11:20 . 2008-12-06 11:20 4,128 --a------ C:\INFCACHE.1
2008-12-06 11:19 . 2008-12-06 11:19 <DIR> d-------- c:\program files\Research In Motion
2008-12-06 11:19 . 2008-12-06 11:19 <DIR> d-------- c:\program files\Common Files\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 14:25 --------- d-----w c:\program files\Cheat Engine
2009-01-03 03:15 27,236 ----a-w c:\documents and settings\Rafi12\Application Data\wklnhst.dat
2009-01-02 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-02 16:47 --------- d-----w c:\program files\Dl_cats
2009-01-01 03:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-31 19:37 --------- d-----w c:\program files\Java
2008-12-31 16:50 --------- d-----w c:\program files\Spyware Doctor
2008-12-30 18:01 --------- d--h--w c:\documents and settings\Rafi12\Application Data\ijjigame
2008-12-30 01:52 --------- d-----w c:\program files\MUSICMATCH
2008-12-29 16:26 --------- d-----w c:\documents and settings\RAFI UDDIN\Application Data\DNA
2008-12-29 16:06 --------- d-----w c:\program files\DNA
2008-12-28 14:06 --------- d-----w c:\program files\AIM6
2008-12-28 14:05 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-28 14:05 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-27 19:49 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-12-26 01:00 --------- d-----w c:\program files\Google
2008-12-22 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-21 17:43 --------- d-----w c:\documents and settings\Rafi12\Application Data\GetRightToGo
2008-12-21 17:38 --------- d-----w c:\program files\Microsoft Works
2008-12-13 21:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-06 16:27 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-11-23 03:15 --------- d-----w c:\program files\SystemRequirementsLab
2008-11-23 03:03 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS
2008-11-18 20:41 --------- d-----w c:\documents and settings\Rafi12\Application Data\Twain
2008-11-16 23:31 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\gadcom
2008-11-16 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-16 15:09 --------- d-----w c:\documents and settings\Rafi12\Application Data\SUPERAntiSpyware.com
2008-11-16 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-11-16 01:21 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\GetModule
2008-11-11 19:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 19:13 --------- d-----w c:\program files\WarRock
2008-11-08 13:37 --------- d-----w c:\program files\Conduit
2008-11-04 01:01 --------- d-----w c:\documents and settings\Rafi12\Application Data\DNA
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-10 00:58 64,736 -c--a-w c:\documents and settings\Rafi12\Application Data\GDIPFONTCACHEV1.DAT
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-05 00:40 9,998 ----a-w c:\documents and settings\RAFI UDDIN\Application Data\wklnhst.dat
2008-08-20 19:46 64,736 ----a-w c:\documents and settings\RAFI UDDIN\Application Data\GDIPFONTCACHEV1.DAT
2008-12-02 16:49 642,048 ----a-w c:\program files\mozilla firefox\components\nsadsoftinc.dll
2006-10-12 03:09 94,208 --sh--w c:\windows\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-02_18.39.03.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-03 14:05:14 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2007-09-22 61440]

[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-01 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-31 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-17 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-01 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rafi12^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-17 19:19 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2005-05-15 02:04 332800 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
--a------ 2007-11-13 16:46 135168 c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-12-06 01:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a--c--- 2005-07-22 14:03 425984 c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-01-27 01:02 86016 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-05-20 20:11 3053056 c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-05-17 20:03 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-04-23 11:43 228088 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SalaatTime]
--------- 2008-05-15 21:01 13496320 c:\program files\Salaat Time\SalaatTime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 19:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-01 15:48 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-17 20:03 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\RAFI UDDIN\\Desktop\\MapleStory\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\softnyx\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:VNC Server
"6000:TCP"= 6000:TCP:Touchpad Media Server

R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2006-08-30 2368]
S3 Dua1;Dua1;\??\c:\documents and settings\RAFI UDDIN\My Documents\My Music\DualEngi.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\Rafi12\Desktop\Moonlight\Moonlight\IlvMoney1224.sys []
S3 MooseKOPMA;MooseKOPMA;\??\c:\documents and settings\RAFI UDDIN\Desktop\Unused Desktop Shortcuts\MooseKOPMA.sys [2006-05-13 3712]
S3 MzBot.sys;MzBot.sys;\??\c:\windows\system32\MzBot.sys [2007-04-01 3584]
S3 toBzM;toBzM;\??\C:\toBzM.sys []
S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys []
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3582859218-466029492-1563943610-1008.job
- c:\documents and settings\Rafi12\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-31 13:56]

2008-12-08 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: *.servername
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd

c:\windows\Downloaded Program Files\sysreqlab_ind.dll - O16 -: {5727FF4C-EF4E-4d96-A96C-03AD91910448}
hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
FF - ProfilePath - c:\documents and settings\Rafi12\Application Data\Mozilla\Firefox\Profiles\mkn3f6u9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsadsoftinc.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Rafi12\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 10:12:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-03 10:18:31
ComboFix-quarantined-files.txt 2009-01-03 15:18:28
ComboFix2.txt 2009-01-02 23:39:30

Pre-Run: 44,557,459,456 bytes free
Post-Run: 44,548,247,552 bytes free

354 --- E O F --- 2008-12-29 00:17:23
  • 0

#30
XmichouX
Posted 03 January 2009 - 12:07 PM

XmichouX

    Trusted Helper

  • Retired Staff
  • 1,292 posts
Hi,

Run a CFscript :

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\rn.tmp
c:\windows\system32\msexcr.ini

Folder::
c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP