Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
i have many tasks runnin in my task manager but i can't remove them
they are running in system name and i cannot see them in my system startup
names are ---
1) wdfmgr.exe
2) spoolsv.exe
3) lsass.exe
4) services.exe
5) winlogon.exe
6) csrss.exe
7) smss.exe
8) mcusrte.exe
9) ctfmon.exe
10) ctpmon.exe
and my comp have a red cross shield shown in corner asking me to install registry cleaner and then after instaling asking me to intal itsaurabhthelord
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
0 
whats is thread
and i have done hijack
this is the notepad data-
Logfile of HijackThis v1.99.1
Scan saved at 10:39:15 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Program Files\Opera\Opera.exe
E:\Program Files\Hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sex.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinZip] "E:\WINDOWS\system32\wzip32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Registry Toolkit] E:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Malware Sweeper] E:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/s...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/s...
O17 - HKLM\System\CCS\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.213.6,202.56.230.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.213.6,202.56.230.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.213.6,202.56.230.6
O20 - Winlogon Notify: rpcc - E:\WINDOWS\system32\rpcc.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exesaurabhthelord
0
Remove your viruses
http://www.pandasoftware.com/produc...This page will scan your computer and remove your viruses
0
Very basically you started a thread when you made your post and that is one strand of information at this forum. Thread Information
More importantly you have a rootkit and a virus.
Please download SDFix by AndyManchesta and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, a menu with options should appear.
Select the first option, to run Windows in "Safe Mode", then press "Enter".
Choose your usual account.
Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt
0
SDFix: Version 1.67Run by Shubham - Thu 02/22/2007 @ 2:17:47.76
Microsoft Windows XP [Version 5.1.2600]
Running From: E:\SDFix
Safe Mode:
Checking Services:Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...Normal Mode:
Checking Files:No Trojan Files Found...
ADS Check:E:\WINDOWS\system32
No streams found.
Final Check:Remaining Services:
------------------[COLOR=RED][B]Rootkit huy32 maybe active, Use a Rootkit scanner![/COLOR][/B]
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\\Documents and Settings\\Shubham\\My Documents\\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\\svchost.exe"="E:\\Documents and Settings\\Shubham\\My Documents\\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\\svchost.exe:*:Enabled:Generic Host Process for Win32 Services"
Remaining Files:
---------------Checking For Files with Hidden Attributes :
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Outlook Express\msimn.exe
E:\WINDOWS\Temp\$_2341233.TMP
E:\WINDOWS\Temp\$_2341235.TMPAdd/Remove Programs List:
Ad-Aware SE Personal
Adobe Photoshop 6.0
BitLord 1.1
FLV Player 1.3.3
GridinSoft Notepad
HijackThis 1.99.1
Hijackthis 1.99.1
HP Document Viewer 5.3
HP Imaging Device Functions 5.3
HP Solution Center & Imaging Support Tools 5.3
HP Extended Capabilities 5.3
PowerQuest PartitionMagic 8.0
IrfanView (remove only)
K-Lite Mega Codec Pack 1.52
Kundli for Windows (Professional Edition)
LimeWire PRO 4.12.3
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Shockwave Player
Malware Sweeper 2.3.0.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Mozilla Firefox (1.5.0.4)
Mozilla Firefox (2.0.0.1)
MSN Music Assistant
QuickTime Alternative 1.33
Real Alternative 1.23
Macromedia Flash Player 8
SmartMovie Converter
Norton AntiVirus 2005 (Symantec Corporation)
Uplink
Virtual DJ - Atomix Productions
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinRAR archiver
WinZip
XP Codec Pack
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec
Yahoo! Toolbar
Yahoo! Messenger
Yahoo! Toolbar
CP_Package_Variety1
Destinations
AiO_Scan
MySQL Connector/ODBC 3.51
HP Software Update
DocumentViewer
1400_Help
CP_Package_Variety3
Google Talk (remove only)
Symantec
Google Toolbar for Internet Explorer
1400
Internet Worm Protection
Unload
SymNet
TrayApp
J2SE Runtime Environment 5.0 Update 9
Windows Communication Foundation
Norton AntiVirus Help
Nero 7 Premium
Microsoft XML Parser and SDK
Platform4 Player
Macromedia Extension Manager
EasyGPRS
WebReg
Lock Folder XP 3.6
HP PSC & OfficeJet 5.3.B
Opera 9.10
Platform4 Player ActiveX Control
eSupportQFolder
PartitionMagic
CustomerResearchQFolder
Microsoft .NET Framework 3.0
Microsoft .NET Framework 2.0
SPBBC
AiOSoftware
DocumentViewerQFolder
ProductContext
Logitech Desktop Messenger
Microsoft Office Professional Edition 2003
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Readme
ScannerCopy
DeviceManagementQFolder
Adobe Reader 7.0.5
MSXML 6.0 Parser
WPF v3.0.6605.0
Caesar IV
CP_Package_Variety2
BufferChm
Windows Workflow Foundation
Digit Archive 0.2
Symantec Technical Support Web Controls
Scan
1400Trb
Norton AntiVirus 2005
Symantec Network Drivers Update
Microsoft .NET Framework 1.1
Fax
Norton AntiVirus SYMLT MSI
Symantec Script Blocking Installer
ccCommon
HPProductAssistant
Norton AntiVirus Parent MSI
ECHO is off.
SolutionCenter
Status
Norton WMI Update
HP Image Zone ExpressFinished
saurabhthelord
0
Please download Comboscan from this link:
Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next post.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
Please alert me when you post back.
0
ComboScan v20070221.16 run by Shubham on 2007-02-24 at 01:56:38
Computer is in Normal Mode.
----------------------Successfully created restore point.
Performed disk cleanup.
-- HijackThis (run as Shubham.----------------------Logfile of HijackThis v1.99.1
Scan saved at 1:57:25 AM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\Shubham\My Documents\comboscan.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Hijackthis\Shubham.exeO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinZip] "E:\WINDOWS\system32\wzip32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Registry Toolkit] E:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/s...
O17 - HKLM\System\CCS\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-- HijackThis Fixed Entries (E:\Program Files\Hijackthis\backups\) --------------backup-20070215-011419-966 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sex.com/
backup-20070215-011419-929 O2 - BHO: (no name) - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - (no file)
backup-20070215-011419-708 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20070215-011419-676 O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
backup-20070215-011419-491 O4 - HKCU\..\Run: [Malware Sweeper] E:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
backup-20070215-011802-177 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
backup-20070215-011803-943 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
backup-20070215-011803-298 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
backup-20070215-011804-438 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
backup-20070215-011805-863 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/s...
backup-20070220-082645-153 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
backup-20070220-082645-850 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
backup-20070220-082645-630 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20070220-082645-697 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20070220-082646-609 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar3.dll
backup-20070220-082646-604 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20070220-082646-871 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar3.dll
backup-20070220-082646-303 O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
backup-20070220-082646-972 O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
backup-20070220-082647-174 O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
backup-20070220-082647-186 O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20070223-021100-452 O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet-- File Associat-------
.bat - batfile - "%1" %*
.chm - chm.file - "E:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.exe %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.exe %1
.js - jsfile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.exe %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------0R a347bus - E:\WINDOWS\system32\drivers\a347bus.sys
0R a347scsi - E:\WINDOWS\system32\drivers\a347scsi.sys
3R allegro (ESS Allegro Audio Driver (WDM)) - E:\WINDOWS\system32\drivers\es198x.sys
3S CCDECODE (Closed Caption Decoder) - E:\WINDOWS\system32\drivers\ccdecode.sys
3R ch7009 - E:\WINDOWS\system32\drivers\ch7009.sys
3R ch7017 - E:\WINDOWS\system32\drivers\ch7017.sys
3R fs454 - E:\WINDOWS\system32\drivers\fs454.sys
3S HCF_MSFT - E:\WINDOWS\system32\drivers\HCF_MSFT.sys
3S hidusb (Microsoft HID Class Driver) - E:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - E:\WINDOWS\system32\drivers\HPZid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - E:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - E:\WINDOWS\system32\drivers\HPZius12.sys
2R HWiNFO32 (HWiNFO32 Kernel Driver) - E:\Program Files\HWiNFO32\HWiNFO32.SYS
3S i81x - E:\WINDOWS\system32\drivers\i81xnt5.sys
3S iAimFP0 - E:\WINDOWS\system32\drivers\wADV01nt.sys
3S iAimFP1 - E:\WINDOWS\system32\drivers\wADV02NT.sys
3S iAimFP2 - E:\WINDOWS\system32\drivers\wADV05NT.sys
3S iAimFP3 - E:\WINDOWS\system32\drivers\wSiINTxx.sys
3S iAimFP4 - E:\WINDOWS\system32\drivers\wVchNTxx.sys
3S iAimTV0 - E:\WINDOWS\system32\drivers\wATV01nt.sys
3S iAimTV1 - E:\WINDOWS\system32\drivers\wATV02NT.sys
3S iAimTV2 - E:\WINDOWS\system32\DRIVERS\wATV03nt.sys (not found)
3S iAimTV3 - E:\WINDOWS\system32\drivers\wATV04nt.sys
3S iAimTV4 - E:\WINDOWS\system32\drivers\wCh7xxNT.sys
3R igdmini - E:\WINDOWS\system32\drivers\igdmini.sys
1S kbdhid (Keyboard HID Driver) - E:\WINDOWS\system32\drivers\kbdhid.sys
2S LF30FS - G:\Lock Folder XP 3.6\LF30XP.sys (not found)
3R lvds - E:\WINDOWS\system32\drivers\lvds.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - E:\WINDOWS\system32\drivers\mstee.sys
3R ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - E:\WINDOWS\system32\drivers\msmpu401.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - E:\WINDOWS\system32\drivers\nabtsfec.sys
3R NAVENG - E:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVENG.SYS
3R NAVEX15 - E:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVEX15.SYS
3S NdisIP (Microsoft TV/Video Connection) - E:\WINDOWS\system32\drivers\ndisip.sys
3R ns2501 - E:\WINDOWS\system32\drivers\ns2501.sys
3R ns387 - E:\WINDOWS\system32\drivers\ns387.sys
2R NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - E:\WINDOWS\system32\drivers\nwlnkipx.sys
2R NwlnkNb (NWLink NetBIOS) - E:\WINDOWS\system32\drivers\nwlnknb.sys
2R NwlnkSpx (NWLink SPX/SPXII Protocol) - E:\WINDOWS\system32\drivers\nwlnkspx.sys
1R P3 (Intel PentiumIII Processor Driver) - E:\WINDOWS\system32\drivers\p3.sys
1R PQNTDrv - E:\WINDOWS\system32\drivers\PQNTDRV.sys
0R PxHelp20 - E:\WINDOWS\system32\drivers\PxHelp20.sys
3S QCDonner (Logitech QuickCam Express(PID_0840)) - E:\WINDOWS\system32\drivers\lvcd.sys
3R ROOTMODEM (Microsoft Legacy Modem Driver) - E:\WINDOWS\system32\drivers\rootmdm.sys
3R RTL8023xp (TRENDnet TE100 PCBUSR PC Card) - E:\WINDOWS\system32\drivers\TE100XP.SYS
3S rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - E:\WINDOWS\system32\drivers\R8139n51.sys
3R SAVRT - E:\Program Files\Norton AntiVirus\SAVRT.SYS
1R SAVRTPEL - E:\Program Files\Norton AntiVirus\Savrtpel.sys
3R sii164 - E:\WINDOWS\system32\drivers\sii164.sys
3S SLIP (BDA Slip De-Framer) - E:\WINDOWS\system32\drivers\slip.sys
1R SPBBCDrv - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0R sptd - E:\WINDOWS\system32\drivers\sptd.sys
3S StillCam (Still Serial Digital Camera Driver) - E:\WINDOWS\system32\drivers\serscan.sys
3S streamip (BDA IPSink) - E:\WINDOWS\system32\drivers\streamip.sys
3R SYMDNS - E:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - E:\Program Files\Symantec\SYMEVENT.SYS
3R SYMFW - E:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - E:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - E:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20070221.002\SymIDSCo.sys
2R symlcbrd - E:\WINDOWS\system32\drivers\symlcbrd.sys
3R SYMNDIS - E:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - E:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - E:\WINDOWS\system32\drivers\symtdi.sys
3R th164 - E:\WINDOWS\system32\drivers\th164.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - E:\WINDOWS\system32\drivers\usbccgp.sys
3S usbprint (Microsoft USB PRINTER Class) - E:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - E:\WINDOWS\system32\drivers\usbscan.sys
3S usbstor (USB Mass Storage Driver) - E:\WINDOWS\system32\drivers\usbstor.sys
3R Winachcf - E:\WINDOWS\system32\drivers\winachcf.sys
3S WSTCODEC (World Standard Teletext Codec) - E:\WINDOWS\system32\drivers\wstcodec.sys[COLOR=red][B]huy32 driver present[/B][/COLOR]
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------4S Alerter - E:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - E:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - E:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R AudioSrv (Windows Audio) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R Automatic LiveUpdate Scheduler - "E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R BITS (Background Intelligent Transfer Service) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R Browser (Computer Browser) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R ccEvtMgr (Symantec Event Manager) - "E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccSetMgr (Symantec Settings Manager) - "E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3S cisvc (Indexing Service) - E:\WINDOWS\System32\cisvc.exe
4S ClipSrv (ClipBook) - E:\WINDOWS\system32\clipsrv.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2S CLTNetCnService (Symantec Lic NetConnect service) - "E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
3S COMSysApp (COM+ System Application) - E:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - E:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - E:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - E:\WINDOWS\System32\dmadmin.exe /com
2R dmserver (Logical Disk Manager) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - E:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - E:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3S FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - E:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
3S gusvc (Google Updater Service) - "E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
2R helpsvc (Help and Support) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R HidServ (HID Input Service) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - E:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S idsvc (Windows CardSpace) - "E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
3S ImapiService (IMAPI CD-Burning COM Service) - E:\WINDOWS\System32\imapi.exe
2R lanmanserver (Server) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3S LiveUpdate - "E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe"
2R LmHosts (TCP/IP NetBIOS Helper) - E:\WINDOWS\System32\svchost.exe -k LocalService
4S Messenger - E:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - E:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - E:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - E:\WINDOWS\system32\msiexec.exe /V
2R navapsvc (Norton AntiVirus Auto-Protect Service) - "E:\Program Files\Norton AntiVirus\navapsvc.exe"
3S NBService - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
4S NetDDE (Network DDE) - E:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - E:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - E:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - E:\WINDOWS\System32\svchost.exe -k netsvcs
4S NetTcpPortSharing (Net.Tcp Port Sharing Service) - "E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
3R Nla (Network Location Awareness (NLA)) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R NPFMntor (Norton AntiVirus Firewall Monitor Service) - "E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
3S NtLmSsp (NT LM Security Support Provider) - E:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - E:\WINDOWS\system32\svchost.exe -k netsvcs
3S ose (Office Source Engine) - "E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.exe"
2R PlugPlay (Plug and Play) - E:\WINDOWS\system32\services.exe
2R Pml Driver HPZ12 - E:\WINDOWS\System32\HPZipm12.exe
2R PolicyAgent (IPSEC Services) - E:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - E:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - E:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - E:\WINDOWS\system32\svchost.exe -k netsvcs
2R RemoteRegistry (Remote Registry) - E:\WINDOWS\system32\svchost.exe -k LocalService
3S RpcLocator (Remote Procedure Call (RPC) Locator) - E:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - E:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - E:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - E:\WINDOWS\system32\lsass.exe
3S SAVScan - "E:\Program Files\Norton AntiVirus\SAVScan.exe"
2S SBService (ScriptBlocking Service) - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
3S SCardSvr (Smart Card) - E:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - E:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - E:\WINDOWS\system32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R SNDSrvc (Symantec Network Drivers Service) - "E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2R SPBBCSvc (Symantec SPBBCSvc) - "E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2R Spooler (Print Spooler) - E:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - E:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - E:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - E:\WINDOWS\System32\dllhost.exe /Processid:{D7F10BE8-1288-4D48-A8A2-F5A31987C318}
2R Symantec Core LC - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
3S SysmonLog (Performance Logs and Alerts) - E:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - E:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - E:\WINDOWS\System32\svchost.exe -k netsvcs
3S TlntSvr (Telnet) - E:\WINDOWS\System32\tlntsvr.exe
2R TrkWks (Distributed Link Tracking Client) - E:\WINDOWS\system32\svchost.exe -k netsvcs
2R UMWdf (Windows User Mode Driver Framework) - E:\WINDOWS\System32\wdfmgr.exe
3S upnphost (Universal Plug and Play Device Host) - E:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - E:\WINDOWS\System32\ups.exe
3S Visual Studio Analyzer RPC bridge - E:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
3S VSS (Volume Shadow Copy) - E:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - E:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - E:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3S Wmi (Windows Management Instrumentation Driver Extensions) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - E:\WINDOWS\System32\wbem\wmiapsrv.exe
2R wscsvc (Security Center) - E:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - E:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - E:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - E:\WINDOWS\System32\svchost.exe -k netsvcs
-- Scheduled T---------2007-02-24 01:00:02 272 --ah----- E:\WINDOWS\Tasks\AD49C1C790B27683.job<AD49C1~1.JOB>
2007-02-16 20:00:02 534 --a------ E:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Shubham.job<NORTON~1.JOB>
-- Files created between 2007-01-24 and 20----------2007-02-23 09:27:44 0 d-------- E:\Program Files\HWiNFO32
2007-02-22 23:02:54 0 d--hs---- E:\FOUND.147
2007-02-22 08:43:30 0 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo!
2007-02-22 02:04:49 0 d-------- E:\SDFix
2007-02-21 01:00:02 0 d--hs---- E:\FOUND.146
2007-02-17 21:14:34 0 d--hs---- E:\FOUND.145
2007-02-17 20:41:06 0 d--hs---- E:\FOUND.144
2007-02-17 20:32:34 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\SecuROM
2007-02-17 20:02:53 0 d-------- E:\Program Files\Sierra
2007-02-17 19:58:23 0 d-------- E:\Documents and Settings\Shubham\Application Data\InstallShield<INSTAL~1>
2007-02-17 07:00:04 0 d-------- E:\Program Files\Uplink
2007-02-17 06:58:56 0 d-------- E:\Documents and Settings\Shubham\WINDOWS
2007-02-17 04:12:54 0 d--hs---- E:\FOUND.143
2007-02-17 00:19:37 0 d-------- E:\www.bitreactor.to_The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2.The.Witch.King-RELOADED<WWWBIT~1.KIN>
2007-02-16 22:15:52 0 d--hs---- E:\FOUND.142
2007-02-15 01:23:51 0 d-------- E:\Program Files\LimeWire
2007-02-15 00:56:38 0 d-------- E:\Program Files\directx
2007-02-15 00:37:53 0 d-------- E:\Program Files\Railroad Tycoon 3<RAILRO~1>
2007-02-14 07:12:18 0 d-------- E:\Documents and Settings\Shubham\Application Data\Help
2007-02-13 20:47:53 0 d-------- E:\Program Files\Symantec Technical Support<SYMANT~1>
2007-02-13 14:31:04 4608 --a------ E:\WINDOWS\system32\drivers\symlcbrd.sys
2007-02-13 14:30:15 91904 --a------ E:\WINDOWS\system32\S32EVNT1.DLL
2007-02-13 14:30:15 124016 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-13 14:29:40 0 d-------- E:\Program Files\Symantec
2007-02-13 14:29:34 0 d-------- E:\Documents and Settings\All Users\Application Data\Symantec
2007-02-13 12:34:19 10164 --a------ E:\WINDOWS\system32\34183782ld.exe<341837~1.EXE>
2007-02-13 09:00:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\Talkback
2007-02-13 08:55:00 512688 --a------ E:\WINDOWS\system32\XceedCry.dll
2007-02-13 08:55:00 423784 --a------ E:\WINDOWS\system32\XceedBkp.dll
2007-02-13 08:54:57 10752 --a------ E:\WINDOWS\system32\md5.dll
2007-02-13 08:54:53 0 d-------- E:\Program Files\MalwareSweeper.com<MALWAR~1.COM>
2007-02-13 08:34:33 0 d-------- E:\Program Files\MalwareBot<MALWAR~1>
2007-02-13 08:17:30 0 d--hs---- E:\FOUND.140
2007-02-13 07:38:53 0 d-------- E:\Program Files\SymNetDrv<SYMNET~1>
2007-02-13 02:46:54 0 d--hs---- E:\FOUND.141
2007-02-13 00:02:53 0 d-------- E:\Program Files\Nero
2007-02-13 00:02:53 0 d-------- E:\Program Files\Common Files\Ahead
2007-02-12 22:48:15 0 d-------- E:\Documents and Settings\LocalService\Application Data\Symantec
2007-02-12 22:38:36 0 d-------- E:\Program Files\Hijackthis<HIJACK~1>
2007-02-12 21:35:31 0 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-02-12 21:24:46 0 d-------- E:\Program Files\Registry Toolkit<REGIST~1>
2007-02-12 20:57:21 26136 --a------ E:\WINDOWS\system32\57209932ld.exe<572099~1.EXE>
2007-02-11 16:33:14 0 d--hs---- E:\FOUND.139
2007-02-11 13:17:18 0 d--hs---- E:\FOUND.138
2007-02-09 17:13:58 21780 --a------ E:\WINDOWS\system32\1358762ld.exe<135876~1.EXE>
2007-02-08 22:30:43 7260 --a------ E:\WINDOWS\system32\30423432ld.exe<304234~1.EXE>
2007-02-08 18:58:06 0 d--hs---- E:\FOUND.137
2007-02-08 16:23:00 0 d--hs---- E:\FOUND.136
2007-02-08 11:12:22 0 d--hs---- E:\FOUND.135
2007-02-08 10:35:41 0 d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-02-08 10:06:15 0 d-------- E:\Program Files\McAfee Privacy Service 6.02 Install<MCAFEE~1.02I>
2007-02-08 09:58:25 0 d-------- E:\Documents and Settings\Shubham\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-02-08 09:21:06 5248 --a------ E:\WINDOWS\system32\drivers\a347scsi.sys
2007-02-08 09:21:06 160640 --a------ E:\WINDOWS\system32\drivers\a347bus.sys
2007-02-07 11:07:38 0 d--hs---- E:\FOUND.134
2007-02-04 18:15:27 0 d-------- E:\Program Files\cdromplus<CDROMP~1>
2007-02-04 18:15:26 0 d-------- E:\Documents and Settings\Shubham\Application Data\cdromplus<CDROMP~1>
2007-02-04 18:14:26 0 d-------- E:\Documents and Settings\Shubham\Application Data\NetPumper<NETPUM~1>
2007-02-04 18:14:16 0 d-------- E:\Program Files\NetPumper<NETPUM~1>
2007-02-03 13:38:05 0 d-------- E:\Program Files\VIRTUA~1
2007-01-31 19:20:11 0 d-------- E:\Program Files\RegCleaner<REGCLE~1>
2007-01-31 17:39:39 0 d-------- E:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-01-31 17:36:11 786432 --ah----- E:\Documents and Settings\Administrator\NTUSER.DAT
2007-01-31 17:34:48 0 d--hs---- E:\FOUND.133
2007-01-31 17:19:37 620123 --a------ E:\WINDOWS\system32\RegistryCleanerSetup.exe<REGIST~1.EXE>
2007-01-31 16:44:38 0 d-------- E:\Program Files\Common Files\Everstrike Software<EVERST~1>
2007-01-30 17:44:36 0 d--hs---- E:\FOUND.132
2007-01-28 17:22:17 0 d-------- E:\Program Files\Alcohol Soft<ALCOHO~1>
2007-01-28 17:16:56 639224 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2007-01-26 14:26:37 2297552 --a------ E:\WINDOWS\system32\d3dx9_26.dll
2007-01-26 10:51:08 286208 --a------ E:\WINDOWS\system32\cncs232.dll
2007-01-26 10:51:08 1003465 --a------ E:\WINDOWS\Acount maker.exe<ACOUNT~1.EXE>
2007-01-26 09:39:00 0 d--hs---- E:\FOUND.131
2007-01-25 20:52:00 0 d-------- E:\VirtualDJ<VIRTUA~1>
2007-01-25 14:22:32 0 d-------- E:\Documents and Settings\Shubham\Application Data\Ahead
2007-01-24 22:47:16 0 d--hs---- E:\FOUND.130
2007-01-24 13:36:42 0 d-------- E:\Program Files\Norton AntiVirus<NORTON~1>
2007-01-24 13:36:05 0 d-------- E:\Documents and Settings\Shubham\Application Data\Symantec
2007-01-24 13:35:22 0 d-------- E:\Program Files\Common Files\Symantec Shared<SYMANT~1>
-- Find3M Re-----------2007-02-23 00:27:56 664 --a------ E:\WINDOWS\system32\d3d9caps.dat
2007-02-18 07:59:30 768 --a------ E:\WINDOWS\system32\d3d8caps.dat
2007-02-17 20:32:32 98304 --a------ E:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-02-13 09:00:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Mozilla
2007-02-12 21:15:26 32791 --a------ E:\Documents and Settings\Shubham\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~1.LOG>
2007-02-12 21:14:14 2097 --a------ E:\Documents and Settings\Shubham\Application Data\HPSU_48BitScanUpdate.log<HPSU_4~1.LOG>
2007-02-12 21:10:46 45747 --a------ E:\Documents and Settings\Shubham\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-02-10 14:07:06 335 --a------ E:\WINDOWS\nsreg.dat
2007-01-23 16:11:48 0 d-------- E:\Program Files\MSBuild
2007-01-23 15:56:32 0 d-------- E:\Program Files\Reference Assemblies<REFERE~1>
2007-01-23 15:32:44 0 d-------- E:\Program Files\Digit Archive 0.2<DIGITA~1.2>
2007-01-21 16:53:22 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\yahoo!
2007-01-20 13:43:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Adobe
2007-01-17 21:26:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\LimeWire
2007-01-14 17:48:34 0 d-------- E:\Program Files\FLVPlayer<FLVPLA~1>
2007-01-14 11:50:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Sun
2007-01-11 13:56:20 0 d-------- E:\Documents and Settings\Shubham\Application Data\Azureus
2007-01-08 00:11:42 0 d-------- E:\Documents and Settings\Shubham\Application Data\Philips
2007-01-07 21:26:46 0 d-------- E:\Program Files\NIGHTSTUD V1.0d<NIGHTS~1.0D>
2007-01-07 21:24:58 379 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb41.dat<INTERN~2.DAT>
2007-01-07 21:20:44 20480 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb4169.dat<INTERN~1.DAT>
2007-01-07 20:07:48 13046 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb9543.dat<INTERN~3.DAT>
2007-01-07 20:07:48 151 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb6246.dat<IN7E8A~1.DAT>
2007-01-07 20:07:48 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb1469.dat<IN8C8A~1.DAT>
2007-01-06 22:04:48 0 d-------- E:\Documents and Settings\Shubham\Application Data\Media Player Classic<MEDIAP~1>
2007-01-06 15:38:58 0 d-------- E:\Documents and Settings\Shubham\Application Data\Lavasoft
2007-01-06 15:38:24 0 d-------- E:\Program Files\Lavasoft
2007-01-06 15:27:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Macromedia<MACROM~1>
2007-01-06 15:26:28 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb3622.dat<IN6082~1.DAT>
2007-01-06 15:26:28 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb354.dat<IN016B~1.DAT>
2007-01-06 15:26:26 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb7715.dat<IN7480~1.DAT>
2007-01-06 15:26:26 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb2239.dat<INTERN~4.DAT>
2007-01-06 14:08:18 0 d-------- E:\Documents and Settings\Shubham\Application Data\Google
2007-01-06 14:07:44 23 --a------ E:\Documents and Settings\Shubham\Application Data\inifile41.ini<INIFIL~1.INI>
2007-01-06 14:06:42 0 d-------- E:\Documents and Settings\Shubham\Application Data\Identities<IDENTI~1>
-- Registry -----------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"E:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WinZip"="\"E:\\WINDOWS\\system32\\wzip32.exe\""
"SunJavaUpdateSched"="\"E:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"HP Software Update"="E:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Registry Toolkit"="E:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"ccApp"="\"E:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NeroFilterCheck"="E:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Symantec NetDriver Monitor"="E:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.exe "
"item"="Adobe Reader Speed Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="E:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"backup"="E:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.exe /tsr"
"item"="Microsoft Office OneNote 2003 Quick Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
"backup"="E:\\WINDOWS\\pss\\Reality Fusion GameCam SE.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\REALIT~1\\REALIT~1\\Program\\RFTRay.exe "
"item"="Reality Fusion GameCam SE"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bol IM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RediffMessenger"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="E:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctpmon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctpmon"
"hkey"="HKCU"
"command"="ctpmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="p_981116"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\p_981116.exe /Q:A"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explorer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKLM"
"command"="E:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="E:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetsrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetsrv"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\inetsrv.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KindPhone]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GplSpamList"
"hkey"="HKCU"
"command"="E:\\DOCUME~1\\Shubham\\APPLIC~1\\CDROMP~1\\GplSpamList.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMS"
"hkey"="HKLM"
"command"="E:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="e:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MPFTRAY"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\MCAFEE.COM\\PERSON~1\\MPFTRAY.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nicksupdater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nicksupdater"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCAR updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SCAR updater"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="E:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wait meta chin soft]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DoesList"
"hkey"="HKLM"
"command"="E:\\Documents and Settings\\All Users\\Application Data\\mfcddeafwaitmeta\\DoesList.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
Shell\AutoRun\command K:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O]
Shell\AutoRun\command O:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b601a920-b8a4-11db-b52c-00e04c900a6d}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command E:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
-- End of ComboScan: finished at 2007-02-24 at 01:5-
there is no option for attaching any file so i am also pasting this supplementary.txtComboScan v20070221.16 run by Shubham on 2007-02-24 at 01:56:38
Supplementary logfile - please post this as an attachment with your post.
------------------------ System Informa------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: EnglishCPU 0: Intel Pentium III processor
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 254.55 MiB / 57.68 MiB
Pagefile Memory (total/avail): 625.34 MiB / 402.67 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1997.22 MiBC: is Fixed (FAT32) - 13.69 GiB total, 5.15 GiB free.
D: is Fixed (FAT32) - 0.29 GiB total, 0.29 GiB free.
E: is Fixed (FAT32) - 19.52 GiB total, 5.62 GiB free.
F: is Fixed (FAT32) - 9.76 GiB total, 4.86 GiB free.
G: is Fixed (FAT32) - 7.98 GiB total, 7.98 GiB free.
L: is CDROM (No Media)
-- Security Ce---------AUOptions is disabled.
AUState says computer is ready and waiting.
Windows Internal Firewall is enabled.FW: Norton Internet Worm Protection v2005 (Symantec)
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation)
-- Environment Varia---ALLUSERSPROFILE=E:\Documents and Settings\All Users
APPDATA=E:\Documents and Settings\Shubham\Application Data
CLASSPATH=E:\j2sdk1.4.2_08\lib;E:\j2sdk1.4.2_08\lib;E:\Sun\AppServer\lib;E:\Sun\AppServer\bin;E:\Sun\AppServer\lib\j2ee.jar
CLIENTNAME=Console
CommonProgramFiles=E:\Program Files\Common Files
COMPUTERNAME=BROTHERS
ComSpec=E:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=E:
HOMEPATH=\Documents and Settings\Shubham
j2ee_home=E:\Sun\AppServer
j2sdk1.4.2_08_home=E:\j2sdk1.4.2_08\bin
LOGONSERVER=\\BROTHERS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\System32\Wbem;E:\Program Files\Java\jdk1.5.0\bin;E:\Sun\AppServer\bin;E:\Sun\AppServer\lib;E:\Sun\AppServer\lib\j2ee.jar;E:\j2sdk1.4.2_08\lib\tools.jar;E:\Sun\AppServer\domains\domain1\bin;E:\Sun\AppServer\domains\domain1\lib;E:\j2sdk1.4.2_08\lib;E:\j2sdk1.4.2_08\bin;C:\orawin95\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=E:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=E:
SystemRoot=E:\WINDOWS
TEMP=E:\DOCUME~1\Shubham\LOCALS~1\Temp
TMP=E:\DOCUME~1\Shubham\LOCALS~1\Temp
USERDOMAIN=BROTHERS
USERNAME=Shubham
USERPROFILE=E:\Documents and Settings\Shubham
windir=E:\WINDOWS
-- User Prof-----------Shubham [I](admin)[/I]
Administrator [I](admin)[/I]
Guest [I](guest)[/I]
-- Add/Remove Prog-------> E:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> E:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> E:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> E:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> E:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.exe E:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Photoshop 6.0 --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Adobe\Photoshop 6.0\Uninst.isu"
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
BitLord 1.1 --> E:\Program Files\Bit Lord 1.1\uninst.exe
Caesar IV --> E:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\setup.exe -runfromtemp -l0x0009 -removeonly
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CiD Help --> E:\DOCUME~1\Shubham\APPLIC~1\CDROMP~1\GplSpamList.exe -uninstall
Digit Archive 0.2 --> MsiExec.exe /I{C267B397-8AEC-457C-BFA5-31AA434CBDE7}
EasyGPRS --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{56108448-9B38-4FF8-BE61-2ED13C19D0FE}\Setup.exe" -l0x9
FLV Player 1.3.3 --> "E:\Program Files\FLVPlayer\uninstall.exe"
Google Talk (remove only) --> "E:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "e:\program files\google\googletoolbar3.dll"
Hijackthis 1.99.1 --> "E:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> E:\Program Files\Hijackthis\HijackThis.exe /uninstall
HP Document Viewer 5.3 --> E:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> E:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> E:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "E:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> E:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HWiNFO32 Version 1.72 --> "E:\Program Files\HWiNFO32\unins000.exe"
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
IrfanView (remove only) --> E:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
K-Lite Mega Codec Pack 1.52 --> "E:\Program Files\K-Lite Codec Pack\unins001.exe"
Kundli for Windows (Professional Edition) --> E:\WINDOWS\uninst.exe -f"E:\Program Files\Kundli\DeIsL1.isu" -c"E:\Program Files\Kundli\_ISREG32.DLL"
LimeWire PRO 4.12.3 --> "E:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> E:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "E:\Program Files\Symantec\LiveUpdate\LSETUP.exe" /U
Lock Folder XP 3.6 --> "G:\Lock Folder XP 3.6\Uninstall.exe" "E:\Program Files\Common Files\Everstrike Software\Lock Folder XP 3.6\install.log"
Logitech Desktop Messenger --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash Player 8 --> E:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Macromedia Shockwave Player --> E:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.exe E:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Malware Sweeper 2.3.0.0 --> "E:\Program Files\MalwareSweeper.com\MalwareSweeper\unins000.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual Studio 6.0 Enterprise Edition --> "E:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection E:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (1.5.0.4) --> E:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.4 (en-US)"
Mozilla Firefox (2.0.0.1) --> E:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection E:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser --> MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Nero 7 Premium --> MsiExec.exe /I{38E0C491-5230-4373-B62E-F1A6E94B1033}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> E:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Opera 9.10 --> MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
Platform4 Player --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3FEF132F-973E-4255-A8A5-81C83FD6F858}\setup.exe" -uninst
Platform4 Player ActiveX Control --> RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{605C5258-7549-4F4C-9E40-D8327CE6C62E}\setup.exe" -uninst
PowerQuest PartitionMagic 8.0 --> E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime Alternative 1.33 --> "E:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.23 --> "E:\Program Files\Real Alternative\unins000.exe"
SmartMovie Converter --> "E:\Program Files\Lonely Cat Games\SmartMovie Converter\IIUninst.exe" E:\Program Files\Lonely Cat Games\SmartMovie Converter\install.log
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Uplink --> E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Uplink\Uninst.isu"
Virtual DJ - Atomix Productions --> E:\PROGRA~1\VIRTUA~1\UNWISE.exe E:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Windows Communication Foundation --> MsiExec.exe /X{33246AD5-4405-46BE-9A4F-2CC4AE0E05B4}
Windows Imaging Component --> "E:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Workflow Foundation --> MsiExec.exe /I{BCE58548-34C9-4BBC-B357-5ECFF05C8CCA}
WinRAR archiver --> E:\Program Files\WinRAR\uninstall.exe
WinZip --> "E:\Program Files\WinZip\WINZIP32.exe" /uninstall
WPF v3.0.6605.0 --> MsiExec.exe /X{B28C9B85-0407-4BB9-9CDA-C32E60D2BA65}
XML Paper Specification Shared Components Pack 1.0 --> "E:\WINDOWS\$NtUninstallXpsEPSC$\spuninst\spuninst.exe"
XP Codec Pack --> E:\Program Files\XP Codec Pack\Uninstall.exe
XviD MPEG-4 Video Codec --> "E:\Program Files\XviD\unins000.exe"
Yahoo! Messenger --> E:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.exe /U E:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> E:\PROGRA~1\YAHOO!\COMMON\unyt.exe
-- End of ComboScan: finished at 2007-02-24 at 01:5-saurabhthelord
0
Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish.Then post a new Comboscan log please.
0
ComboScan v20070221.16 run by Shubham on 2007-02-26 at 23:12:33
Computer is in Normal Mode.
------------------------ HijackThis (run as Shubham.----------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:13:21 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Opera\Opera.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Documents and Settings\Shubham\My Documents\comboscan.exe
E:\Program Files\Hijackthis\Shubham.exe
C:\Program Files\BitLord\BitLord.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinZip] "E:\WINDOWS\system32\wzip32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Registry Toolkit] E:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe /autostart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/s...
O17 - HKLM\System\CCS\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-- Files created between 2007-01-26 and 20----------2007-02-26 23:06:26 0 d-------- E:\NoLopBackups<NOLOPB~1>
2007-02-26 22:56:14 0 d--hs---- E:\FOUND.151
2007-02-26 04:05:22 0 d--hs---- E:\FOUND.150
2007-02-25 21:01:48 0 d--hs---- E:\FOUND.149
2007-02-25 04:19:08 0 d--hs---- E:\FOUND.148
2007-02-23 09:27:44 0 d-------- E:\Program Files\HWiNFO32
2007-02-22 23:02:54 0 d--hs---- E:\FOUND.147
2007-02-22 08:43:30 0 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo!
2007-02-22 02:04:49 0 d-------- E:\SDFix
2007-02-21 01:00:02 0 d--hs---- E:\FOUND.146
2007-02-17 21:14:34 0 d--hs---- E:\FOUND.145
2007-02-17 20:41:06 0 d--hs---- E:\FOUND.144
2007-02-17 20:32:34 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\SecuROM
2007-02-17 20:02:53 0 d-------- E:\Program Files\Sierra
2007-02-17 19:58:23 0 d-------- E:\Documents and Settings\Shubham\Application Data\InstallShield<INSTAL~1>
2007-02-17 07:00:04 0 d-------- E:\Program Files\Uplink
2007-02-17 06:58:56 0 d-------- E:\Documents and Settings\Shubham\WINDOWS
2007-02-17 04:12:54 0 d--hs---- E:\FOUND.143
2007-02-17 00:19:37 0 d-------- E:\www.bitreactor.to_The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2.The.Witch.King-RELOADED<WWWBIT~1.KIN>
2007-02-16 22:15:52 0 d--hs---- E:\FOUND.142
2007-02-15 01:23:51 0 d-------- E:\Program Files\LimeWire
2007-02-15 00:56:38 0 d-------- E:\Program Files\directx
2007-02-15 00:37:53 0 d-------- E:\Program Files\Railroad Tycoon 3<RAILRO~1>
2007-02-14 07:12:18 0 d-------- E:\Documents and Settings\Shubham\Application Data\Help
2007-02-13 20:47:53 0 d-------- E:\Program Files\Symantec Technical Support<SYMANT~1>
2007-02-13 14:31:04 4608 --a------ E:\WINDOWS\system32\drivers\symlcbrd.sys
2007-02-13 14:30:15 91904 --a------ E:\WINDOWS\system32\S32EVNT1.DLL
2007-02-13 14:30:15 124016 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-13 14:29:40 0 d-------- E:\Program Files\Symantec
2007-02-13 14:29:34 0 d-------- E:\Documents and Settings\All Users\Application Data\Symantec
2007-02-13 12:34:19 10164 --a------ E:\WINDOWS\system32\34183782ld.exe<341837~1.EXE>
2007-02-13 09:00:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\Talkback
2007-02-13 08:55:00 512688 --a------ E:\WINDOWS\system32\XceedCry.dll
2007-02-13 08:55:00 423784 --a------ E:\WINDOWS\system32\XceedBkp.dll
2007-02-13 08:54:57 10752 --a------ E:\WINDOWS\system32\md5.dll
2007-02-13 08:54:53 0 d-------- E:\Program Files\MalwareSweeper.com<MALWAR~1.COM>
2007-02-13 08:34:33 0 d-------- E:\Program Files\MalwareBot<MALWAR~1>
2007-02-13 08:17:30 0 d--hs---- E:\FOUND.140
2007-02-13 07:38:53 0 d-------- E:\Program Files\SymNetDrv<SYMNET~1>
2007-02-13 02:46:54 0 d--hs---- E:\FOUND.141
2007-02-13 00:02:53 0 d-------- E:\Program Files\Nero
2007-02-13 00:02:53 0 d-------- E:\Program Files\Common Files\Ahead
2007-02-12 22:48:15 0 d-------- E:\Documents and Settings\LocalService\Application Data\Symantec
2007-02-12 22:38:36 0 d-------- E:\Program Files\Hijackthis<HIJACK~1>
2007-02-12 21:35:31 0 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-02-12 21:24:46 0 d-------- E:\Program Files\Registry Toolkit<REGIST~1>
2007-02-12 20:57:21 26136 --a------ E:\WINDOWS\system32\57209932ld.exe<572099~1.EXE>
2007-02-11 16:33:14 0 d--hs---- E:\FOUND.139
2007-02-11 13:17:18 0 d--hs---- E:\FOUND.138
2007-02-09 17:13:58 21780 --a------ E:\WINDOWS\system32\1358762ld.exe<135876~1.EXE>
2007-02-08 22:30:43 7260 --a------ E:\WINDOWS\system32\30423432ld.exe<304234~1.EXE>
2007-02-08 18:58:06 0 d--hs---- E:\FOUND.137
2007-02-08 16:23:00 0 d--hs---- E:\FOUND.136
2007-02-08 11:12:22 0 d--hs---- E:\FOUND.135
2007-02-08 10:35:41 0 d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-02-08 10:06:15 0 d-------- E:\Program Files\McAfee Privacy Service 6.02 Install<MCAFEE~1.02I>
2007-02-08 09:58:25 0 d-------- E:\Documents and Settings\Shubham\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-02-08 09:21:06 5248 --a------ E:\WINDOWS\system32\drivers\a347scsi.sys
2007-02-08 09:21:06 160640 --a------ E:\WINDOWS\system32\drivers\a347bus.sys
2007-02-07 11:07:38 0 d--hs---- E:\FOUND.134
2007-02-04 18:15:27 0 d-------- E:\Program Files\cdromplus<CDROMP~1>
2007-02-04 18:15:26 0 d-------- E:\Documents and Settings\Shubham\Application Data\cdromplus<CDROMP~1>
2007-02-04 18:14:26 0 d-------- E:\Documents and Settings\Shubham\Application Data\NetPumper<NETPUM~1>
2007-02-04 18:14:16 0 d-------- E:\Program Files\NetPumper<NETPUM~1>
2007-02-03 13:38:05 0 d-------- E:\Program Files\VIRTUA~1
2007-01-31 19:20:11 0 d-------- E:\Program Files\RegCleaner<REGCLE~1>
2007-01-31 17:39:39 0 d-------- E:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-01-31 17:36:11 786432 --ah----- E:\Documents and Settings\Administrator\NTUSER.DAT
2007-01-31 17:34:48 0 d--hs---- E:\FOUND.133
2007-01-31 17:19:37 620123 --a------ E:\WINDOWS\system32\RegistryCleanerSetup.exe<REGIST~1.EXE>
2007-01-31 16:44:38 0 d-------- E:\Program Files\Common Files\Everstrike Software<EVERST~1>
2007-01-30 17:44:36 0 d--hs---- E:\FOUND.132
2007-01-28 17:22:17 0 d-------- E:\Program Files\Alcohol Soft<ALCOHO~1>
2007-01-28 17:16:56 639224 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2007-01-26 14:26:37 2297552 --a------ E:\WINDOWS\system32\d3dx9_26.dll
2007-01-26 10:51:08 286208 --a------ E:\WINDOWS\system32\cncs232.dll
2007-01-26 10:51:08 1003465 --a------ E:\WINDOWS\Acount maker.exe<ACOUNT~1.EXE>
2007-01-26 09:39:00 0 d--hs---- E:\FOUND.131
-- Find3M Re-----------2007-02-26 01:27:24 664 --a------ E:\WINDOWS\system32\d3d9caps.dat
2007-02-18 07:59:30 768 --a------ E:\WINDOWS\system32\d3d8caps.dat
2007-02-17 20:32:32 98304 --a------ E:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-02-13 09:00:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Mozilla
2007-02-12 21:15:26 32791 --a------ E:\Documents and Settings\Shubham\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~1.LOG>
2007-02-12 21:14:14 2097 --a------ E:\Documents and Settings\Shubham\Application Data\HPSU_48BitScanUpdate.log<HPSU_4~1.LOG>
2007-02-12 21:10:46 45747 --a------ E:\Documents and Settings\Shubham\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-02-10 14:07:06 335 --a------ E:\WINDOWS\nsreg.dat
2007-01-25 14:22:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Ahead
2007-01-24 13:36:44 0 d-------- E:\Program Files\Norton AntiVirus<NORTON~1>
2007-01-24 13:36:06 0 d-------- E:\Documents and Settings\Shubham\Application Data\Symantec
2007-01-24 13:35:24 0 d-------- E:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-23 16:11:48 0 d-------- E:\Program Files\MSBuild
2007-01-23 15:56:32 0 d-------- E:\Program Files\Reference Assemblies<REFERE~1>
2007-01-23 15:32:44 0 d-------- E:\Program Files\Digit Archive 0.2<DIGITA~1.2>
2007-01-21 16:53:22 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\yahoo!
2007-01-20 13:43:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Adobe
2007-01-17 21:26:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\LimeWire
2007-01-14 17:48:34 0 d-------- E:\Program Files\FLVPlayer<FLVPLA~1>
2007-01-14 11:50:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Sun
2007-01-11 13:56:20 0 d-------- E:\Documents and Settings\Shubham\Application Data\Azureus
2007-01-08 00:11:42 0 d-------- E:\Documents and Settings\Shubham\Application Data\Philips
2007-01-07 21:26:46 0 d-------- E:\Program Files\NIGHTSTUD V1.0d<NIGHTS~1.0D>
2007-01-07 21:24:58 379 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb41.dat<INTERN~2.DAT>
2007-01-07 21:20:44 20480 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb4169.dat<INTERN~1.DAT>
2007-01-07 20:07:48 13046 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb9543.dat<INTERN~3.DAT>
2007-01-07 20:07:48 151 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb6246.dat<IN7E8A~1.DAT>
2007-01-07 20:07:48 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb1469.dat<IN8C8A~1.DAT>
2007-01-06 22:04:48 0 d-------- E:\Documents and Settings\Shubham\Application Data\Media Player Classic<MEDIAP~1>
2007-01-06 15:38:58 0 d-------- E:\Documents and Settings\Shubham\Application Data\Lavasoft
2007-01-06 15:38:24 0 d-------- E:\Program Files\Lavasoft
2007-01-06 15:27:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Macromedia<MACROM~1>
2007-01-06 15:26:28 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb3622.dat<IN6082~1.DAT>
2007-01-06 15:26:28 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb354.dat<IN016B~1.DAT>
2007-01-06 15:26:26 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb7715.dat<IN7480~1.DAT>
2007-01-06 15:26:26 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb2239.dat<INTERN~4.DAT>
2007-01-06 14:08:18 0 d-------- E:\Documents and Settings\Shubham\Application Data\Google
2007-01-06 14:07:44 23 --a------ E:\Documents and Settings\Shubham\Application Data\inifile41.ini<INIFIL~1.INI>
2007-01-06 14:06:42 0 d-------- E:\Documents and Settings\Shubham\Application Data\Identities<IDENTI~1>
-- Registry -----------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"E:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"googletalk"="E:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WinZip"="\"E:\\WINDOWS\\system32\\wzip32.exe\""
"SunJavaUpdateSched"="\"E:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"HP Software Update"="E:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Registry Toolkit"="E:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"ccApp"="\"E:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NeroFilterCheck"="E:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Symantec NetDriver Monitor"="E:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.exe "
"item"="Adobe Reader Speed Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="E:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"backup"="E:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.exe /tsr"
"item"="Microsoft Office OneNote 2003 Quick Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
"backup"="E:\\WINDOWS\\pss\\Reality Fusion GameCam SE.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\REALIT~1\\REALIT~1\\Program\\RFTRay.exe "
"item"="Reality Fusion GameCam SE"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bol IM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RediffMessenger"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="E:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctpmon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctpmon"
"hkey"="HKCU"
"command"="ctpmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="p_981116"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\p_981116.exe /Q:A"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explorer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKLM"
"command"="E:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="E:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetsrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="inetsrv"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\inetsrv.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KindPhone]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GplSpamList"
"hkey"="HKCU"
"command"="E:\\DOCUME~1\\Shubham\\APPLIC~1\\CDROMP~1\\GplSpamList.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMS"
"hkey"="HKLM"
"command"="E:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="e:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MPFTRAY"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\MCAFEE.COM\\PERSON~1\\MPFTRAY.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nicksupdater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nicksupdater"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCAR updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SCAR updater"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="E:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wait meta chin soft]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DoesList"
"hkey"="HKLM"
"command"="E:\\Documents and Settings\\All Users\\Application Data\\mfcddeafwaitmeta\\DoesList.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
Shell\AutoRun\command K:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O]
Shell\AutoRun\command O:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b601a920-b8a4-11db-b52c-00e04c900a6d}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command E:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
-- End of ComboScan: finished at 2007-02-26 at 23:1-saurabhthelord
0
Go to add/remove progtams and uninstall this program if found ( you have the much safer "Azureus", you should use it):
LimeWire
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe modeDownload and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
O4 - HKLM\..\Run: [WinZip] "E:\WINDOWS\system32\wzip32.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Exit Hijack This but remain in safe mode.
Run Killbox from safe mode.
Please download Killbox by Option^Explicit. If you already have "Killbox" update to this newer version.
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):E:\WINDOWS\system32\wzip32.exe
E:\WINDOWS\system32\34183782ld.exe
E:\WINDOWS\system32\57209932ld.exe
E:\WINDOWS\system32\1358762ld.exe
E:\WINDOWS\system32\30423432ld.exe
E:\WINDOWS\Acount maker.exe
E:\WINDOWS\system32\d3d9caps.dat
E:\WINDOWS\system32\d3d8caps.dat
E:\Program Files\NIGHTSTUD V1.0d
E:\Documents and Settings\Shubham\Application Data\internaldb41.dat
E:\Documents and Settings\Shubham\Application Data\internaldb4169.dat
E:\Documents and Settings\Shubham\Application Data\internaldb9543.dat
E:\Documents and Settings\Shubham\Application Data\internaldb6246.dat
E:\Documents and Settings\Shubham\Application Data\internaldb1469.dat
E:\Documents and Settings\Shubham\Application Data\internaldb3622.dat<IN6082~1.DAT
E:\Documents and Settings\Shubham\Application Data\internaldb354.dat<IN016B~1.DAT
E:\Documents and Settings\Shubham\Application Data\internaldb7715.dat<IN7480~1.DAT
E:\Documents and Settings\Shubham\Application Data\internaldb2239.dat<INTERN~4.DAT>
E:\Documents and Settings\Shubham\Application Data\inifile41.ini
E:\WINDOWS\system32\inetsrv.exe
E:\Documents and Settings\All Users\Application Data\mfcddeafwaitmeta\DoesList.exe
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt.Navigate to and delete these folders if found:
E:\Documents and Settings\All Users\Application Data\mfcddeafwaitmeta
E:\Program Files\LimeWire
E:\Documents and Settings\Shubham\Application Data\LimeWire
If your computer does not restart automatically, please restart it manually.
Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WinZip"=-[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inetsrv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nicksupdater]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCAR updater]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wait meta chin soft]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXGo to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Post the AVG log and a new comboscan log please.
0
will tis remove bitlord and lime wire
or any software installed in my computersaurabhthelord
0
It will uninstall LimeWire. If we don't at least uninstall it untill we get the computer cleaned we probably will not get it cleaned.There are much better programs out there not loaded with spyware.
0
AVG Anti-Spyware - Scan Report
+ Created at: 4:16:59 AM 3/2/2007+ Scan result:
E:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe -> Adware.Beginto : No action taken.
E:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe -> Adware.SmartShoppe : No action taken.
E:\WINDOWS\system32\SmartShopper\SmartShopper.dll -> Adware.SmartShopper : No action taken.
E:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe -> Adware.TrafficSol : No action taken.
C:\data -> Downloader.IstBar.nh : No action taken.
C:\WINDOWS\SYSTEM32\dllcache\win32\psshutdown.exe -> Not-A-Virus.HackTool.Win32.Brumer.e : No action taken.
:mozilla.44:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.46:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\WINDOWS\Cookies\saurabh@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.39:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\WINDOWS\Cookies\saurabh@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.21:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\WINDOWS\Cookies\saurabh@searchportal.information[1].txt -> TrackingCookie.Information : No action taken.
:mozilla.61:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\WINDOWS\Cookies\saurabh@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
E:\Documents and Settings\Shubham\Cookies\shubham@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.43:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.45:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.18:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\k11a799k.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\k11a799k.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.20:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\k11a799k.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
E:\Program Files\NetPumper\ZM\minime.exe -> Trojan.Inject.ba : No action taken.
C:\hwftnai.exe -> Trojan.ProcKill.DJ : No action taken.
C:\ibiocpq.exe -> Trojan.ProcKill.DJ : No action taken.
C:\ytkd.exe -> Trojan.ProcKill.DJ : No action taken.
::Report endwithout any of steps taken
AVG Anti-Spyware - Scan Report
+ Created at: 4:18:52 AM 3/2/2007+ Scan result:
E:\WINDOWS\7-7c15eb3352bcc3049d7e9e974ad283bf.exe -> Adware.Beginto : Cleaned with backup (quarantined).
E:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe -> Adware.SmartShoppe : Cleaned with backup (quarantined).
E:\WINDOWS\system32\SmartShopper\SmartShopper.dll -> Adware.SmartShopper : Cleaned with backup (quarantined).
E:\WINDOWS\5-a0c18a429b8010fee34ee31d9073371d.exe -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\data -> Downloader.IstBar.nh : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dllcache\win32\psshutdown.exe -> Not-A-Virus.HackTool.Win32.Brumer.e : Ignored.
:mozilla.44:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.46:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\WINDOWS\Cookies\saurabh@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\Cookies\saurabh@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.21:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\Cookies\saurabh@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
:mozilla.61:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\WINDOWS\Cookies\saurabh@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
E:\Documents and Settings\Shubham\Cookies\shubham@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.43:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.45:E:\Documents and Settings\Shubham\Application Data\Mozilla\Firefox\Profiles\tvrxsmn1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.18:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\k11a799k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\k11a799k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\k11a799k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
E:\Program Files\NetPumper\ZM\minime.exe -> Trojan.Inject.ba : Cleaned with backup (quarantined).
C:\hwftnai.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\ibiocpq.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\ytkd.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
::Report end
this one is after removing viruscombo scan
ComboScan v20070221.16 run by Shubham on 2007-03-02 at 04:28:30
Computer is in Normal Mode.
------------------------ HijackThis (run as Shubham.----------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:29:22 AM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitLord\BitLord.exe
E:\Program Files\Opera\Opera.exe
E:\Documents and Settings\Shubham\My Documents\comboscan.exe
E:\Program Files\Hijackthis\Shubham.exe
E:\Program Files\Messenger\msmsgs.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Registry Toolkit] E:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/s...
O17 - HKLM\System\CCS\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-- Files created between 2007-02-02 and 20----------2007-03-02 00:59:22 3968 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-02 00:59:18 0 d-------- E:\Program Files\Grisoft
2007-03-02 00:51:36 0 d-------- E:\!KillBox
2007-02-26 23:06:26 0 d-------- E:\NoLopBackups<NOLOPB~1>
2007-02-26 22:56:14 0 d--hs---- E:\FOUND.151
2007-02-26 04:05:22 0 d--hs---- E:\FOUND.150
2007-02-25 21:01:48 0 d--hs---- E:\FOUND.149
2007-02-25 04:19:08 0 d--hs---- E:\FOUND.148
2007-02-23 09:27:44 0 d-------- E:\Program Files\HWiNFO32
2007-02-22 23:02:54 0 d--hs---- E:\FOUND.147
2007-02-22 08:43:30 0 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo!
2007-02-22 02:04:49 0 d-------- E:\SDFix
2007-02-21 01:00:02 0 d--hs---- E:\FOUND.146
2007-02-17 21:14:34 0 d--hs---- E:\FOUND.145
2007-02-17 20:41:06 0 d--hs---- E:\FOUND.144
2007-02-17 20:32:34 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\SecuROM
2007-02-17 20:02:53 0 d-------- E:\Program Files\Sierra
2007-02-17 19:58:23 0 d-------- E:\Documents and Settings\Shubham\Application Data\InstallShield<INSTAL~1>
2007-02-17 07:00:04 0 d-------- E:\Program Files\Uplink
2007-02-17 06:58:56 0 d-------- E:\Documents and Settings\Shubham\WINDOWS
2007-02-17 04:12:54 0 d--hs---- E:\FOUND.143
2007-02-17 00:19:37 0 d-------- E:\www.bitreactor.to_The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2.The.Witch.King-RELOADED<WWWBIT~1.KIN>
2007-02-16 22:15:52 0 d--hs---- E:\FOUND.142
2007-02-15 00:56:38 0 d-------- E:\Program Files\directx
2007-02-15 00:37:53 0 d-------- E:\Program Files\Railroad Tycoon 3<RAILRO~1>
2007-02-14 07:12:18 0 d-------- E:\Documents and Settings\Shubham\Application Data\Help
2007-02-13 20:47:53 0 d-------- E:\Program Files\Symantec Technical Support<SYMANT~1>
2007-02-13 14:31:04 4608 --a------ E:\WINDOWS\system32\drivers\symlcbrd.sys
2007-02-13 14:30:15 91904 --a------ E:\WINDOWS\system32\S32EVNT1.DLL
2007-02-13 14:30:15 124016 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-13 14:29:40 0 d-------- E:\Program Files\Symantec
2007-02-13 14:29:34 0 d-------- E:\Documents and Settings\All Users\Application Data\Symantec
2007-02-13 09:00:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\Talkback
2007-02-13 08:55:00 512688 --a------ E:\WINDOWS\system32\XceedCry.dll
2007-02-13 08:55:00 423784 --a------ E:\WINDOWS\system32\XceedBkp.dll
2007-02-13 08:54:57 10752 --a------ E:\WINDOWS\system32\md5.dll
2007-02-13 08:54:53 0 d-------- E:\Program Files\MalwareSweeper.com<MALWAR~1.COM>
2007-02-13 08:34:33 0 d-------- E:\Program Files\MalwareBot<MALWAR~1>
2007-02-13 08:17:30 0 d--hs---- E:\FOUND.140
2007-02-13 07:38:53 0 d-------- E:\Program Files\SymNetDrv<SYMNET~1>
2007-02-13 02:46:54 0 d--hs---- E:\FOUND.141
2007-02-13 00:02:53 0 d-------- E:\Program Files\Nero
2007-02-13 00:02:53 0 d-------- E:\Program Files\Common Files\Ahead
2007-02-12 22:48:15 0 d-------- E:\Documents and Settings\LocalService\Application Data\Symantec
2007-02-12 22:38:36 0 d-------- E:\Program Files\Hijackthis<HIJACK~1>
2007-02-12 21:35:31 0 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-02-12 21:24:46 0 d-------- E:\Program Files\Registry Toolkit<REGIST~1>
2007-02-11 16:33:14 0 d--hs---- E:\FOUND.139
2007-02-11 13:17:18 0 d--hs---- E:\FOUND.138
2007-02-08 18:58:06 0 d--hs---- E:\FOUND.137
2007-02-08 16:23:00 0 d--hs---- E:\FOUND.136
2007-02-08 11:12:22 0 d--hs---- E:\FOUND.135
2007-02-08 10:35:41 0 d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-02-08 10:06:15 0 d-------- E:\Program Files\McAfee Privacy Service 6.02 Install<MCAFEE~1.02I>
2007-02-08 09:58:25 0 d-------- E:\Documents and Settings\Shubham\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-02-08 09:21:06 5248 --a------ E:\WINDOWS\system32\drivers\a347scsi.sys
2007-02-08 09:21:06 160640 --a------ E:\WINDOWS\system32\drivers\a347bus.sys
2007-02-07 11:07:38 0 d--hs---- E:\FOUND.134
2007-02-04 18:15:27 0 d-------- E:\Program Files\cdromplus<CDROMP~1>
2007-02-04 18:15:26 0 d-------- E:\Documents and Settings\Shubham\Application Data\cdromplus<CDROMP~1>
2007-02-04 18:14:26 0 d-------- E:\Documents and Settings\Shubham\Application Data\NetPumper<NETPUM~1>
2007-02-04 18:14:16 0 d-------- E:\Program Files\NetPumper<NETPUM~1>
2007-02-03 13:38:05 0 d-------- E:\Program Files\VIRTUA~1
-- Find3M Re-----------2007-02-17 20:32:32 98304 --a------ E:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-02-13 09:00:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Mozilla
2007-02-12 21:15:26 32791 --a------ E:\Documents and Settings\Shubham\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~1.LOG>
2007-02-12 21:14:14 2097 --a------ E:\Documents and Settings\Shubham\Application Data\HPSU_48BitScanUpdate.log<HPSU_4~1.LOG>
2007-02-12 21:10:46 45747 --a------ E:\Documents and Settings\Shubham\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-02-10 14:07:06 335 --a------ E:\WINDOWS\nsreg.dat
2007-01-31 19:20:12 0 d-------- E:\Program Files\RegCleaner<REGCLE~1>
2007-01-31 19:11:56 620123 --a------ E:\WINDOWS\system32\RegistryCleanerSetup.exe<REGIST~1.EXE>
2007-01-31 16:44:40 0 d-------- E:\Program Files\Common Files\Everstrike Software<EVERST~1>
2007-01-28 17:22:18 0 d-------- E:\Program Files\Alcohol Soft<ALCOHO~1>
2007-01-26 10:51:10 286208 --a------ E:\WINDOWS\system32\cncs232.dll
2007-01-25 14:22:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Ahead
2007-01-24 13:36:44 0 d-------- E:\Program Files\Norton AntiVirus<NORTON~1>
2007-01-24 13:36:06 0 d-------- E:\Documents and Settings\Shubham\Application Data\Symantec
2007-01-24 13:35:24 0 d-------- E:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-23 16:11:48 0 d-------- E:\Program Files\MSBuild
2007-01-23 15:56:32 0 d-------- E:\Program Files\Reference Assemblies<REFERE~1>
2007-01-23 15:32:44 0 d-------- E:\Program Files\Digit Archive 0.2<DIGITA~1.2>
2007-01-21 16:53:22 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\yahoo!
2007-01-20 13:43:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Adobe
2007-01-14 17:48:34 0 d-------- E:\Program Files\FLVPlayer<FLVPLA~1>
2007-01-14 11:50:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Sun
2007-01-11 13:56:20 0 d-------- E:\Documents and Settings\Shubham\Application Data\Azureus
2007-01-08 00:11:42 0 d-------- E:\Documents and Settings\Shubham\Application Data\Philips
2007-01-07 21:26:46 0 d-------- E:\Program Files\NIGHTSTUD V1.0d<NIGHTS~1.0D>
2007-01-06 22:04:48 0 d-------- E:\Documents and Settings\Shubham\Application Data\Media Player Classic<MEDIAP~1>
2007-01-06 15:38:58 0 d-------- E:\Documents and Settings\Shubham\Application Data\Lavasoft
2007-01-06 15:38:24 0 d-------- E:\Program Files\Lavasoft
2007-01-06 15:27:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Macromedia<MACROM~1>
2007-01-06 15:26:28 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb3622.dat<IN6082~1.DAT>
2007-01-06 15:26:28 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb354.dat<IN016B~1.DAT>
2007-01-06 15:26:26 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb7715.dat<IN7480~1.DAT>
2007-01-06 15:26:26 0 --a------ E:\Documents and Settings\Shubham\Application Data\internaldb2239.dat<INTERN~4.DAT>
2007-01-06 14:08:18 0 d-------- E:\Documents and Settings\Shubham\Application Data\Google
2007-01-06 14:06:42 0 d-------- E:\Documents and Settings\Shubham\Application Data\Identities<IDENTI~1>
-- Registry -----------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"E:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"googletalk"="E:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"BitComet"="\"C:\\Program Files\\BitLord\\BitLord.exe\""[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"E:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"HP Software Update"="E:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Registry Toolkit"="E:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"ccApp"="\"E:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NeroFilterCheck"="E:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Symantec NetDriver Monitor"="E:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"!AVG Anti-Spyware"="\"E:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.exe "
"item"="Adobe Reader Speed Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="E:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"backup"="E:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.exe /tsr"
"item"="Microsoft Office OneNote 2003 Quick Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
"backup"="E:\\WINDOWS\\pss\\Reality Fusion GameCam SE.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\REALIT~1\\REALIT~1\\Program\\RFTRay.exe "
"item"="Reality Fusion GameCam SE"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bol IM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RediffMessenger"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="E:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctpmon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctpmon"
"hkey"="HKCU"
"command"="ctpmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="p_981116"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\p_981116.exe /Q:A"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explorer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKLM"
"command"="E:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="E:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KindPhone]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GplSpamList"
"hkey"="HKCU"
"command"="E:\\DOCUME~1\\Shubham\\APPLIC~1\\CDROMP~1\\GplSpamList.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMS"
"hkey"="HKLM"
"command"="E:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="e:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MPFTRAY"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\MCAFEE.COM\\PERSON~1\\MPFTRAY.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="E:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
Shell\AutoRun\command K:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O]
Shell\AutoRun\command O:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b601a920-b8a4-11db-b52c-00e04c900a6d}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command E:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
-- End of ComboScan: finished at 2007-03-02 at 04:3-
and
and
and o
one question from my side
that can i remove the fix.reg on desktop and place it anywhere else
saurabhthelord
0
Run Killbox from safe mode and delete these files.
E:\WINDOWS\RavMonE.exe
E:\Documents and Settings\Shubham\Application Data\internaldb3622.dat
E:\Documents and Settings\Shubham\Application Data\internaldb354.dat
E:\Documents and Settings\Shubham\Application Data\internaldb7715.dat
E:\Documents and Settings\Shubham\Application Data\internaldb2239.dat
Post a new comboscan please.
0
ComboScan v20070221.16 run by Shubham on 2007-03-03 at 00:27:14
Computer is in Normal Mode.
------------------------ HijackThis (run as Shubham.----------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:29:22 AM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitLord\BitLord.exe
E:\Program Files\Opera\Opera.exe
E:\Documents and Settings\Shubham\My Documents\comboscan.exe
E:\Program Files\Hijackthis\Shubham.exe
E:\Program Files\Messenger\msmsgs.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Registry Toolkit] E:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/s...
O17 - HKLM\System\CCS\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-- Files created between 2007-02-03 and 20----------2007-03-02 05:28:32 664 --a------ E:\WINDOWS\system32\d3d9caps.dat
2007-03-02 00:59:22 3968 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-02 00:59:18 0 d-------- E:\Program Files\Grisoft
2007-03-02 00:51:36 0 d-------- E:\!KillBox
2007-02-26 23:06:26 0 d-------- E:\NoLopBackups<NOLOPB~1>
2007-02-26 22:56:14 0 d--hs---- E:\FOUND.151
2007-02-26 04:05:22 0 d--hs---- E:\FOUND.150
2007-02-25 21:01:48 0 d--hs---- E:\FOUND.149
2007-02-25 04:19:08 0 d--hs---- E:\FOUND.148
2007-02-23 09:27:44 0 d-------- E:\Program Files\HWiNFO32
2007-02-22 23:02:54 0 d--hs---- E:\FOUND.147
2007-02-22 08:43:30 0 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo!
2007-02-22 02:04:49 0 d-------- E:\SDFix
2007-02-21 01:00:02 0 d--hs---- E:\FOUND.146
2007-02-17 21:14:34 0 d--hs---- E:\FOUND.145
2007-02-17 20:41:06 0 d--hs---- E:\FOUND.144
2007-02-17 20:32:34 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\SecuROM
2007-02-17 20:02:53 0 d-------- E:\Program Files\Sierra
2007-02-17 19:58:23 0 d-------- E:\Documents and Settings\Shubham\Application Data\InstallShield<INSTAL~1>
2007-02-17 07:00:04 0 d-------- E:\Program Files\Uplink
2007-02-17 06:58:56 0 d-------- E:\Documents and Settings\Shubham\WINDOWS
2007-02-17 04:12:54 0 d--hs---- E:\FOUND.143
2007-02-17 00:19:37 0 d-------- E:\www.bitreactor.to_The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2.The.Witch.King-RELOADED<WWWBIT~1.KIN>
2007-02-16 22:15:52 0 d--hs---- E:\FOUND.142
2007-02-15 00:56:38 0 d-------- E:\Program Files\directx
2007-02-15 00:37:53 0 d-------- E:\Program Files\Railroad Tycoon 3<RAILRO~1>
2007-02-14 07:12:18 0 d-------- E:\Documents and Settings\Shubham\Application Data\Help
2007-02-13 20:47:53 0 d-------- E:\Program Files\Symantec Technical Support<SYMANT~1>
2007-02-13 14:31:04 4608 --a------ E:\WINDOWS\system32\drivers\symlcbrd.sys
2007-02-13 14:30:15 91904 --a------ E:\WINDOWS\system32\S32EVNT1.DLL
2007-02-13 14:30:15 124016 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-13 14:29:40 0 d-------- E:\Program Files\Symantec
2007-02-13 14:29:34 0 d-------- E:\Documents and Settings\All Users\Application Data\Symantec
2007-02-13 09:00:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\Talkback
2007-02-13 08:55:00 512688 --a------ E:\WINDOWS\system32\XceedCry.dll
2007-02-13 08:55:00 423784 --a------ E:\WINDOWS\system32\XceedBkp.dll
2007-02-13 08:54:57 10752 --a------ E:\WINDOWS\system32\md5.dll
2007-02-13 08:54:53 0 d-------- E:\Program Files\MalwareSweeper.com<MALWAR~1.COM>
2007-02-13 08:34:33 0 d-------- E:\Program Files\MalwareBot<MALWAR~1>
2007-02-13 08:17:30 0 d--hs---- E:\FOUND.140
2007-02-13 07:38:53 0 d-------- E:\Program Files\SymNetDrv<SYMNET~1>
2007-02-13 02:46:54 0 d--hs---- E:\FOUND.141
2007-02-13 00:02:53 0 d-------- E:\Program Files\Nero
2007-02-13 00:02:53 0 d-------- E:\Program Files\Common Files\Ahead
2007-02-12 22:48:15 0 d-------- E:\Documents and Settings\LocalService\Application Data\Symantec
2007-02-12 22:38:36 0 d-------- E:\Program Files\Hijackthis<HIJACK~1>
2007-02-12 21:35:31 0 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-02-12 21:24:46 0 d-------- E:\Program Files\Registry Toolkit<REGIST~1>
2007-02-11 16:33:14 0 d--hs---- E:\FOUND.139
2007-02-11 13:17:18 0 d--hs---- E:\FOUND.138
2007-02-08 18:58:06 0 d--hs---- E:\FOUND.137
2007-02-08 16:23:00 0 d--hs---- E:\FOUND.136
2007-02-08 11:12:22 0 d--hs---- E:\FOUND.135
2007-02-08 10:35:41 0 d-------- E:\Documents and Settings\All Users\Application Data\McAfee
2007-02-08 10:06:15 0 d-------- E:\Program Files\McAfee Privacy Service 6.02 Install<MCAFEE~1.02I>
2007-02-08 09:58:25 0 d-------- E:\Documents and Settings\Shubham\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-02-08 09:21:06 5248 --a------ E:\WINDOWS\system32\drivers\a347scsi.sys
2007-02-08 09:21:06 160640 --a------ E:\WINDOWS\system32\drivers\a347bus.sys
2007-02-07 11:07:38 0 d--hs---- E:\FOUND.134
2007-02-04 18:15:27 0 d-------- E:\Program Files\cdromplus<CDROMP~1>
2007-02-04 18:15:26 0 d-------- E:\Documents and Settings\Shubham\Application Data\cdromplus<CDROMP~1>
2007-02-04 18:14:26 0 d-------- E:\Documents and Settings\Shubham\Application Data\NetPumper<NETPUM~1>
2007-02-04 18:14:16 0 d-------- E:\Program Files\NetPumper<NETPUM~1>
2007-02-03 13:38:05 0 d-------- E:\Program Files\VIRTUA~1
-- Find3M Re-----------2007-02-17 20:32:32 98304 --a------ E:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-02-13 09:00:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Mozilla
2007-02-12 21:15:26 32791 --a------ E:\Documents and Settings\Shubham\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~1.LOG>
2007-02-12 21:14:14 2097 --a------ E:\Documents and Settings\Shubham\Application Data\HPSU_48BitScanUpdate.log<HPSU_4~1.LOG>
2007-02-12 21:10:46 45747 --a------ E:\Documents and Settings\Shubham\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-02-10 14:07:06 335 --a------ E:\WINDOWS\nsreg.dat
2007-01-31 19:20:12 0 d-------- E:\Program Files\RegCleaner<REGCLE~1>
2007-01-31 19:11:56 620123 --a------ E:\WINDOWS\system32\RegistryCleanerSetup.exe<REGIST~1.EXE>
2007-01-31 16:44:40 0 d-------- E:\Program Files\Common Files\Everstrike Software<EVERST~1>
2007-01-28 17:22:18 0 d-------- E:\Program Files\Alcohol Soft<ALCOHO~1>
2007-01-26 10:51:10 286208 --a------ E:\WINDOWS\system32\cncs232.dll
2007-01-25 14:22:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Ahead
2007-01-24 13:36:44 0 d-------- E:\Program Files\Norton AntiVirus<NORTON~1>
2007-01-24 13:36:06 0 d-------- E:\Documents and Settings\Shubham\Application Data\Symantec
2007-01-24 13:35:24 0 d-------- E:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-23 16:11:48 0 d-------- E:\Program Files\MSBuild
2007-01-23 15:56:32 0 d-------- E:\Program Files\Reference Assemblies<REFERE~1>
2007-01-23 15:32:44 0 d-------- E:\Program Files\Digit Archive 0.2<DIGITA~1.2>
2007-01-21 16:53:22 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\yahoo!
2007-01-20 13:43:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Adobe
2007-01-14 17:48:34 0 d-------- E:\Program Files\FLVPlayer<FLVPLA~1>
2007-01-14 11:50:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Sun
2007-01-11 13:56:20 0 d-------- E:\Documents and Settings\Shubham\Application Data\Azureus
2007-01-08 00:11:42 0 d-------- E:\Documents and Settings\Shubham\Application Data\Philips
2007-01-07 21:26:46 0 d-------- E:\Program Files\NIGHTSTUD V1.0d<NIGHTS~1.0D>
2007-01-06 22:04:48 0 d-------- E:\Documents and Settings\Shubham\Application Data\Media Player Classic<MEDIAP~1>
2007-01-06 15:38:58 0 d-------- E:\Documents and Settings\Shubham\Application Data\Lavasoft
2007-01-06 15:38:24 0 d-------- E:\Program Files\Lavasoft
2007-01-06 15:27:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Macromedia<MACROM~1>
2007-01-06 14:08:18 0 d-------- E:\Documents and Settings\Shubham\Application Data\Google
2007-01-06 14:06:42 0 d-------- E:\Documents and Settings\Shubham\Application Data\Identities<IDENTI~1>
-- Registry -----------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"E:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"
"BitComet"="\"C:\\Program Files\\BitLord\\BitLord.exe\""
"Yahoo! Pager"="\"E:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"E:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"HP Software Update"="E:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Registry Toolkit"="E:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"ccApp"="\"E:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"NeroFilterCheck"="E:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Symantec NetDriver Monitor"="E:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"!AVG Anti-Spyware"="\"E:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.exe "
"item"="Adobe Reader Speed Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="E:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"backup"="E:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.exe /tsr"
"item"="Microsoft Office OneNote 2003 Quick Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
"backup"="E:\\WINDOWS\\pss\\Reality Fusion GameCam SE.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\REALIT~1\\REALIT~1\\Program\\RFTRay.exe "
"item"="Reality Fusion GameCam SE"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bol IM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RediffMessenger"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="E:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctpmon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctpmon"
"hkey"="HKCU"
"command"="ctpmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="p_981116"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\p_981116.exe /Q:A"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explorer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKCU"
"command"="E:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="E:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KindPhone]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GplSpamList"
"hkey"="HKCU"
"command"="E:\\DOCUME~1\\Shubham\\APPLIC~1\\CDROMP~1\\GplSpamList.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMS"
"hkey"="HKLM"
"command"="E:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="e:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MPFTRAY"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\MCAFEE.COM\\PERSON~1\\MPFTRAY.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="E:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
Shell\AutoRun\command K:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O]
Shell\AutoRun\command O:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b601a920-b8a4-11db-b52c-00e04c900a6d}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command E:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
-- End of ComboScan: finished at 2007-03-03 at 00:3-saurabhthelord
0
You still have a virus.
We will need a scan from "AutoRuns" which may take more than one post to get the scan posted.
Download "Autoruns" from this link:
http://download.sysinternals.com/Files/Autoruns.zip
Save it and unzip it to its own folder.
Open folder and double click autoruns.exe
Wait for scan to finish.
Click the "options" menu and check "include empty sections" & "varify code signatures".
click the "users" menu and checkmark "Fire"
If it does not scan again automatically; click the "file" menu and click "refresh".Wait for scan to finish.
Click the floppy icon> save log> post log.
It may take more than one post to get it all in.
0
in user menu there is no option "fire"
there are three options they are-
Brothers\shubham
Brothers\Administrator
Brothers\Guest
tell me what should i dosaurabhthelord
0
I guess that is misleading but if "fire" doesn't appear:
If it does not scan again automatically; click the "file" menu and click "refresh".
Then it should run.
0
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
+ rdpclip RDP Clip Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ E:\WINDOWS\system32\userinit.exe Userinit Logon Application (Verified) Microsoft Windows Publisher e:\windows\system32\userinit.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exe Windows Explorer (Verified) Microsoft Windows Publisher e:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ !AVG Anti-Spyware AVG Anti-Spyware (Not verified) Anti-Malware Development a.s. e:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
+ ccApp Symantec User Session (Verified) Symantec Corporation e:\program files\common files\symantec shared\ccapp.exe
+ HP Software Update Hewlett-Packard Product Assistant (Not verified) Hewlett-Packard Co. e:\program files\hp\hp software update\hpwuschd2.exe
+ NeroFilterCheck NeroCheck (Not verified) Nero AG e:\program files\common files\ahead\lib\nerocheck.exe
+ Registry Toolkit File not found: E:\Program Files\Registry Toolkit\RegToolkit.exe
+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. e:\program files\java\jre1.5.0_09\bin\jusched.exe
+ Symantec NetDriver Monitor Symantec Security Drivers Install Monitor (Verified) Symantec Corporation e:\program files\symnetdrv\sndmon.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
E:\Documents and Settings\All Users\Start Menu\Programs\Startup
E:\Documents and Settings\Shubham\Start Menu\Programs\Startup
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero Home (Not verified) Nero AG e:\program files\common files\ahead\lib\nmbgmonitor.exe
+ BitComet BitLord (Not verified) www.BitLord.com c:\program files\bitlord\bitlord.exe
+ ctfmon.exe CTF Loader (Verified) Microsoft Windows Publisher e:\windows\system32\ctfmon.exe
+ Yahoo! Pager Yahoo! Messenger (Verified) Yahoo! Inc. e:\program files\yahoo!\messenger\yahoomessenger.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation e:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation e:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation e:\windows\system32\mscoree.dll
+ Class Install Handler OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ deflate OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ gzip OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ lzdhtml OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ text/webviewhtml Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher e:\windows\system32\shell32.dll
+ text/xml Microsoft Office XML MIME Filter (Verified) Microsoft Corporation e:\program files\common files\microsoft shared\office11\msoxmlmf.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ about Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\mshtml.dll
+ cdl OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ dvd ActiveX control for streaming video (Verified) Microsoft Windows Publisher e:\windows\system32\msvidctl.dll
+ file OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ ftp OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ gopher OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ http OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ https OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ its Microsoft® InfoTech Storage System Library (Verified) Microsoft Windows XP Publisher e:\windows\system32\itss.dll
+ javascript Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\mshtml.dll
+ lid ActiveX control for streaming video (Verified) Microsoft Windows Publisher e:\windows\system32\msvidctl.dll
+ local OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ mailto Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\mshtml.dll
+ mhtml Microsoft Internet Messaging API (Verified) Microsoft Windows Component Publisher e:\windows\system32\inetcomm.dll
+ mk OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher e:\windows\system32\urlmon.dll
+ ms-its Microsoft® InfoTech Storage System Library (Verified) Microsoft Windows XP Publisher e:\windows\system32\itss.dll
+ mso-offdap Microsoft Office XP Web Components (Verified) Microsoft Corporation e:\program files\common files\microsoft shared\web components\10\owc10.dll
+ mso-offdap11 Microsoft Office Web Components 2003 (Verified) Microsoft Corporation e:\program files\common files\microsoft shared\web components\11\owc11.dll
+ res Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\mshtml.dll
+ sysimage Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\mshtml.dll
+ tv ActiveX control for streaming video (Verified) Microsoft Windows Publisher e:\windows\system32\msvidctl.dll
+ vbscript Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\mshtml.dll
+ wia WIA Scripting Layer (Verified) Microsoft Windows Publisher e:\windows\system32\wiascr.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Address Book 6 Outlook Express Setup Library (Verified) Microsoft Windows Publisher e:\program files\outlook express\setup50.exe
+ Browser Customizations Microsoft Internet Explorer Customization DLL (Verified) Microsoft Windows Publisher e:\windows\system32\iedkcs32.dll
+ Internet Explorer Windows NT User Data Migration Tool (Verified) Microsoft Windows Publisher e:\windows\system32\shmgrate.exe
+ Internet Explorer Windows Setup API (Verified) Microsoft Windows Publisher e:\windows\system32\setupapi.dll
+ Internet Explorer 6 IE 5.0 Per-User Install Utility (Verified) Microsoft Windows Publisher e:\windows\system32\ie4uinit.exe
+ Microsoft Outlook Express 6 Outlook Express Setup Library (Verified) Microsoft Windows Publisher e:\program files\outlook express\setup50.exe
+ Microsoft Windows Media Player ADVPACK (Verified) Microsoft Windows Publisher e:\windows\system32\advpack.dll
+ Microsoft Windows Media Player 6.4 ADVPACK (Verified) Microsoft Windows Publisher e:\windows\system32\advpack.dll
+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation e:\windows\system32\mscories.dll
+ NetMeeting 3.01 ADVPACK (Verified) Microsoft Windows Publisher e:\windows\system32\advpack.dll
+ Outlook Express Windows NT User Data Migration Tool (Verified) Microsoft Windows Publisher e:\windows\system32\shmgrate.exe
+ Themes Setup Microsoft(C) Register Server (Verified) Microsoft Windows Publisher e:\windows\system32\regsvr32.exe
+ Windows Desktop Update Microsoft(C) Register Server (Verified) Microsoft Windows Publisher e:\windows\system32\regsvr32.exe
+ Windows Media Player Microsoft Windows Media Player Setup Utility (Verified) Microsoft Windows Component Publisher e:\windows\inf\unregmp2.exe
+ Windows Messenger 4.7 ADVPACK (Verified) Microsoft Windows Publisher e:\windows\system32\advpack.dll
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ Browseui preloader Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Component Categories cache daemon Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CDBurn Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher e:\windows\system32\shell32.dll
+ PostBootReminder Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher e:\windows\system32\shell32.dll
+ SysTray Systray shell service object (Verified) Microsoft Windows Publisher e:\windows\system32\stobject.dll
+ WebCheck Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook (Not verified) Anti-Malware Development a.s. e:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
+ shell32.dll Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher e:\windows\system32\shell32.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ %DESC_PublishDropTarget% Photo Printing Wizard (Verified) Microsoft Windows Publisher e:\windows\system32\photowiz.dll
+ &Address Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ .CAB file viewer Cabinet File Viewer Shell Extension (Verified) Microsoft Windows Publisher e:\windows\system32\cabview.dll
+ Accessible Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ ActiveX Cache Folder Object Control Viewer (Verified) Microsoft Windows Publisher e:\windows\system32\occache.dll
+ Address Bar Parser Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Address EditBox Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Administrative Tools Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ AlcoholShellEx AXShlEx.dll (Not verified) Alcohol Soft Development Team e:\program files\alcohol soft\alcohol 120\axshlex.dll
+ Audio Media Properties Handler Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher e:\windows\system32\shmedia.dll
+ Augmented Shell Folder Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Augmented Shell Folder 2 Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Auto Update Property Sheet Extension Automatic Updates Control Panel (Verified) Microsoft Windows XP Publisher e:\windows\system32\wuaucpl.cpl
+ Avi Properties Handler Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher e:\windows\system32\shmedia.dll
+ BandProxy Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Briefcase Windows Briefcase (Verified) Microsoft Windows Publisher e:\windows\system32\syncui.dll
+ CDF Extension Copy Hook Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Channel File Channel Definition File Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\cdfview.dll
+ Channel Handler Object Channel Definition File Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\cdfview.dll
+ Channel Menu Channel Definition File Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\cdfview.dll
+ Channel Properties Channel Definition File Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\cdfview.dll
+ Channel Shortcut Channel Definition File Viewer (Verified) Microsoft Windows Component Publisher e:\windows\system32\cdfview.dll
+ Code Download Agent Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
+ Compatibility Page Compatibility Tab Shell Extension DLL (Verified) Microsoft Windows Publisher e:\windows\system32\slayerxp.dll
+ Compressed (zipped) Folder Compressed (zipped) Folders (Verified) Microsoft Windows Publisher e:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders (Verified) Microsoft Windows Publisher e:\windows\system32\zipfldr.dll
+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders (Verified) Microsoft Windows Publisher e:\windows\system32\zipfldr.dll
+ ConnectionAgent Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
+ Crypto PKO Extension Crypto Shell Extensions (Verified) Microsoft Windows Publisher e:\windows\system32\cryptext.dll
+ Crypto Sign Extension Crypto Shell Extensions (Verified) Microsoft Windows Publisher e:\windows\system32\cryptext.dll
+ Custom MRU AutoCompleted List Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Darwin App Publisher Shell Application Manager (Verified) Microsoft Windows Publisher e:\windows\system32\appwiz.cpl
+ Developer Studio Components Microsoft(R) Developer Studio Explorer Shell Extensions (Not verified) Microsoft Corporation e:\program files\microsoft visual studio\common\msdev98\bin\ide\devxpgl.dll
+ DfsShell Distributed File System shell extension (Verified) Microsoft Windows Publisher e:\windows\system32\dfsshlex.dll
+ Directory Context Menu Verbs Directory Service Common UI (Verified) Microsoft Windows Publisher e:\windows\system32\dsuiext.dll
+ Directory Object Find Directory Service Find (Verified) Microsoft Windows Publisher e:\windows\system32\dsquery.dll
+ Directory Property UI Directory Service Common UI (Verified) Microsoft Windows Publisher e:\windows\system32\dsuiext.dll
+ Directory Query UI Directory Service Find (Verified) Microsoft Windows Publisher e:\windows\system32\dsquery.dll
+ Directory Start/Search Find Directory Service Find (Verified) Microsoft Windows Publisher e:\windows\system32\dsquery.dll
+ Disk Copy Extension Windows DiskCopy (Verified) Microsoft Windows Publisher e:\windows\system32\diskcopy.dll
+ Disk Quota UI Windows Shell Disk Quota UI DLL (Verified) Microsoft Windows Publisher e:\windows\system32\dskquoui.dll
+ Display Adapter CPL Extension Advanced display adapter properties (Verified) Microsoft Windows Publisher e:\windows\system32\deskadp.dll
+ Display CPL Extension e:\windows\system32\iegdgui.dll
+ Display Monitor CPL Extension Advanced display monitor properties (Verified) Microsoft Windows Publisher e:\windows\system32\deskmon.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ Display TroubleShoot CPL Extension Advanced display performance properties (Verified) Microsoft Windows Publisher e:\windows\system32\deskperf.dll
+ Download Status Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ DS Security Page Directory Service Security UI (Verified) Microsoft Windows Publisher e:\windows\system32\dssec.dll
+ E-mail Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Explorer Band Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Extensions Manager Folder Extensions Manager (Verified) Microsoft Windows Component Publisher e:\windows\system32\extmgr.dll
+ Favorites Band Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Fonts Windows Font Folder (Verified) Microsoft Windows Publisher e:\windows\system32\fontext.dll
+ Fonts Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ For &People... Find People (Verified) Microsoft Windows Publisher e:\program files\outlook express\wabfind.dll
+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension (Verified) Microsoft Windows Publisher e:\windows\system32\msieftp.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation e:\windows\system32\mscoree.dll
+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher e:\windows\system32\shimgvw.dll
+ Get a Passport Wizard Map Network Drives/Network Places Wizard (Verified) Microsoft Windows Publisher e:\windows\system32\netplwiz.dll
+ Global Folder Settings Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Help and Support Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Help and Support Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ History Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ HTML Thumbnail Extractor Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher e:\windows\system32\shimgvw.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library (Verified) Microsoft Windows Publisher e:\windows\system32\hticons.dll
+ ICC Profile Microsoft Color Matching System User Interface DLL (Verified) Microsoft Windows Publisher e:\windows\system32\icmui.dll
+ ICM Monitor Management Microsoft Color Matching System User Interface DLL (Verified) Microsoft Windows Publisher e:\windows\system32\icmui.dll
+ ICM Printer Management Microsoft Color Matching System User Interface DLL (Verified) Microsoft Windows Publisher e:\windows\system32\icmui.dll
+ ICM Scanner Management Microsoft Color Matching System User Interface DLL (Verified) Microsoft Windows Publisher e:\windows\system32\icmui.dll
+ IE4 Suite Splash Screen Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ In-pane search Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Installed Apps Enumerator Shell Application Manager (Verified) Microsoft Windows Publisher e:\windows\system32\appwiz.cpl
+ Internet Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Internet Name Space Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ InternetShortcut Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ ISFBand OC Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler (Verified) Microsoft Windows Publisher e:\windows\msagent\agentpsh.dll
+ Microsoft AutoComplete Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Microsoft Browser Architecture Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Microsoft BrowserBand Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services (Verified) Microsoft Windows Publisher e:\program files\common files\system\ole db\oledb32.dll
+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher e:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher e:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher e:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher e:\windows\system32\docprop2.dll
+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher e:\windows\system32\docprop2.dll
+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher e:\windows\system32\docprop2.dll
+ Microsoft History AutoComplete List Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Microsoft Internet Toolbar Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Microsoft Office HTML Icon Handler Microsoft Office 2003 component (Verified) Microsoft Corporation e:\program files\microsoft office\office11\msohev.dll
+ Microsoft Office Outlook Custom Icon Handler Outlook Shell Hook for Start/Find (Verified) Microsoft Corporation e:\program files\microsoft office\office11\olkfstub.dll
+ Microsoft Office Outlook Desktop Icon Handler Microsoft Shell Extension Library (Verified) Microsoft Corporation e:\program files\microsoft office\office11\mlshext.dll
+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Microsoft Url History Service Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Microsoft Url Search Hook Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Microsoft.XPS.Shell.Metadata.1 Package Document Shell Extension Handler (Not verified) Microsoft Corporation e:\windows\system32\xpsshhdr.dll
+ Microsoft.XPS.Shell.Thumbnail.1 Package Document Shell Extension Handler (Not verified) Microsoft Corporation e:\windows\system32\xpsshhdr.dll
+ Midi Properties Handler Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher e:\windows\system32\shmedia.dll
+ MMC Icon Handler MMC Shell Extension DLL (Verified) Microsoft Windows Publisher e:\windows\system32\mmcshext.dll
+ MRU AutoComplete List Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Multimedia File Property Sheet Control Panel Drivers Applet (Verified) Microsoft Windows Publisher e:\windows\system32\mmsys.cpl
+ MyDocs Copy Hook My Documents Folder UI (Verified) Microsoft Windows Publisher e:\windows\system32\mydocs.dll
+ MyDocs Drop Target My Documents Folder UI (Verified) Microsoft Windows Publisher e:\windows\system32\mydocs.dll
+ MyDocs Properties My Documents Folder UI (Verified) Microsoft Windows Publisher e:\windows\system32\mydocs.dll
+ Network Connections Network Connections Shell (Verified) Microsoft Windows Publisher e:\windows\system32\netshell.dll
+ Network Connections Network Connections Shell (Verified) Microsoft Windows Publisher e:\windows\system32\netshell.dll
+ NTFS Security Page Security Shell Extension (Verified) Microsoft Windows Publisher e:\windows\system32\rshx32.dll
+ Offline Files Folder Client Side Caching UI (Verified) Microsoft Windows Publisher e:\windows\system32\cscui.dll
+ Offline Files Folder Options Client Side Caching UI (Verified) Microsoft Windows Publisher e:\windows\system32\cscui.dll
+ Offline Files Menu Client Side Caching UI (Verified) Microsoft Windows Publisher e:\windows\system32\cscui.dll
+ OLE Docfile Property Page OLE DocFile Property Page (Verified) Microsoft Windows Publisher e:\windows\system32\docprop.dll
+ PlusPack CPL Extension Windows Theme API (Verified) Microsoft Windows Publisher e:\windows\system32\themeui.dll
+ Portable Media Devices Portable Media Devices Shell Extension (Verified) Microsoft Windows Component Publisher e:\windows\system32\audiodev.dll
+ Portable Media Devices Menu Portable Media Devices Shell Extension (Verified) Microsoft Windows Component Publisher e:\windows\system32\audiodev.dll
+ PostAgent Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
+ Previous Versions Previous Versions property page (Verified) Microsoft Windows Publisher e:\windows\system32\twext.dll
+ Previous Versions Property Page Previous Versions property page (Verified) Microsoft Windows Publisher e:\windows\system32\twext.dll
+ Print Ordering via the Web Map Network Drives/Network Places Wizard (Verified) Microsoft Windows Publisher e:\windows\system32\netplwiz.dll
+ Printers Security Page Security Shell Extension (Verified) Microsoft Windows Publisher e:\windows\system32\rshx32.dll
+ Registered ActiveX Controls Microsoft(R) Developer Studio Explorer Shell Extensions (Not verified) Microsoft Corporation e:\program files\microsoft visual studio\common\msdev98\bin\ide\devxpgl.dll
+ Registry Tree Options Utility Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Remote Sessions CPL Extension Remote Sessions CPL Extension (Verified) Microsoft Windows Publisher e:\windows\system32\remotepg.dll
+ Run... Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI (Verified) Microsoft Windows Publisher e:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI (Verified) Microsoft Windows Publisher e:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI (Verified) Microsoft Windows Publisher e:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI (Verified) Microsoft Windows Publisher e:\windows\system32\wiashext.dll
+ Scanners & Cameras Imaging Devices Shell Folder UI (Verified) Microsoft Windows Publisher e:\windows\system32\wiashext.dll
+ Scheduled Tasks Task Scheduler interface DLL (Verified) Microsoft Windows Publisher e:\windows\system32\mstask.dll
+ Search Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Search Assistant OC Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Search Band Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Sendmail service Send Mail (Verified) Microsoft Windows Publisher e:\windows\system32\sendmail.dll
+ Sendmail service Send Mail (Verified) Microsoft Windows Publisher e:\windows\system32\sendmail.dll
+ Set Program Access and Defaults Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Shell Application Manager Shell Application Manager (Verified) Microsoft Windows Publisher e:\windows\system32\appwiz.cpl
+ Shell Automation Inproc Service Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Shell Band Site Menu Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Shell DeskBar Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Shell DeskBarApp Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Shell DocObject Viewer Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Shell extensions for Microsoft Windows Network objects Network object shell UI (Verified) Microsoft Windows Publisher e:\windows\system32\ntlanui2.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. e:\program files\k-lite codec pack\real\rpshell.dll
+ Shell extensions for sharing Shell extensions for sharing (Verified) Microsoft Windows Publisher e:\windows\system32\ntshrui.dll
+ Shell extensions for sharing Shell extensions for sharing (Verified) Microsoft Windows Publisher e:\windows\system32\ntshrui.dll
+ Shell extensions for Windows Script Host Microsoft (r) Shell Extension for Windows Script Host (Verified) Microsoft Windows Publisher e:\windows\system32\wshext.dll
+ Shell Icon Handler for Application References Application Deployment Support Library (Not verified) Microsoft Corporation e:\windows\system32\dfshim.dll
+ Shell Image Data Factory Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher e:\windows\system32\shimgvw.dll
+ Shell Image Property Handler Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher e:\windows\system32\shimgvw.dll
+ Shell Image Verbs Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher e:\windows\system32\shimgvw.dll
+ Shell properties for a DS object Directory Service Find (Verified) Microsoft Windows Publisher e:\windows\system32\dsquery.dll
+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard (Verified) Microsoft Windows Publisher e:\windows\system32\netplwiz.dll
+ Shell Rebar BandSite Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Shell Scrap DataHandler Shell scrap object handler (Verified) Microsoft Windows Publisher e:\windows\system32\shscrap.dll
+ Shell Search Band Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ ShellLink for Application References Application Deployment Support Library (Not verified) Microsoft Corporation e:\windows\system32\dfshim.dll
+ Subscription Folder Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
+ Subscription Mgr Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher e:\windows\system32\shimgvw.dll
+ Taskbar and Start Menu Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher e:\windows\system32\shell32.dll
+ Tasks Folder Icon Handler Task Scheduler interface DLL (Verified) Microsoft Windows Publisher e:\windows\system32\mstask.dll
+ Tasks Folder Shell Extension Task Scheduler interface DLL (Verified) Microsoft Windows Publisher e:\windows\system32\mstask.dll
+ Temporary Internet Files Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Temporary Internet Files Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ The Internet Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
+ Track Popup Bar Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ TrayAgent Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
+ TridentImageExtractor Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ User Accounts Map Network Drives/Network Places Wizard (Verified) Microsoft Windows Publisher e:\windows\system32\netplwiz.dll
+ User Assist Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ Video Media Properties Handler Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher e:\windows\system32\shmedia.dll
+ Video Thumbnail Extractor Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher e:\windows\system32\shmedia.dll
+ Wav Properties Handler Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher e:\windows\system32\shmedia.dll
+ Web Folders Microsoft Web Folders (Verified) Microsoft Corporation e:\program files\common files\microsoft shared\web folders\msonsext.dll
+ Web Printer Shell Extension Print UI DLL (Verified) Microsoft Windows Publisher e:\windows\system32\printui.dll
+ Web Publishing Wizard Map Network Drives/Network Places Wizard (Verified) Microsoft Windows Publisher e:\windows\system32\netplwiz.dll
+ Web Search Shell Browser UI Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\browseui.dll
+ WebCheck Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
+ WebCheck SyncMgr Handler Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
+ WebCheckChannelAgent Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
+ WebCheckWebCrawler Web Site Monitor (Verified) Microsoft Windows Publisher e:\windows\system32\webcheck.dll
+ WindowBlinds CPL Extension WindowBlinds Basic UI (Not verified) Stardock.Net, Inc e:\program files\stardock\object desktop\windowblinds\wbui.dll
+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher (Verified) Microsoft Windows Component Publisher e:\windows\system32\wmpshell.dll
+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher (Verified) Microsoft Windows Component Publisher e:\windows\system32\wmpshell.dll
+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher (Verified) Microsoft Windows Component Publisher e:\windows\system32\wmpshell.dll
+ WinRAR shell extension e:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP e:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP e:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP e:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP e:\program files\winzip\wzshlstb.dll
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher e:\windows\system32\shell32.dll
+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher e:\windows\system32\shell32.dll
+ {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher e:\windows\system32\shell32.dll
+ {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher e:\windows\system32\shell32.dll
HKCU\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Ctf\LangBarAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CNavExtBho Class Norton AntiVirusNAVShellExt Module (Verified) Symantec Corporation e:\program files\norton antivirus\navshext.dll
+ SSVHelper Class Java(TM) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. e:\program files\java\jre1.5.0_09\bin\ssv.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ shdocvw.dll Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher e:\windows\system32\shdocvw.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ Norton AntiVirus Norton AntiVirusNAVShellExt Module (Verified) Symantec Corporation e:\program files\norton antivirus\navshext.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Extensions
HKLM\Software\Microsoft\Internet Explorer\Extensions
Task Scheduler
+ Norton AntiVirus - Scan my computer - Shubham.job Norton AntiVirus Scanner Module (Verified) Symantec Corporation e:\program files\norton antivirus\navw32.exe
HKLM\System\CurrentControlSet\Services
+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\audiosrv.dll
+ Automatic LiveUpdate Scheduler Manages the scheduling of Automatic LiveUpdate sessions (Verified) Symantec Corporation e:\program files\symantec\liveupdate\aluschedulersvc.exe
+ AVG Anti-Spyware Guard AVG Anti-Spyware guard (Not verified) Anti-Malware Development a.s. e:\program files\grisoft\avg anti-spyware 7.5\guard.exe
+ BITS Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. (Verified) Microsoft Windows Publisher e:\windows\system32\qmgr.dll
+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\browser.dll
+ ccEvtMgr Symantec Event Manager (Verified) Symantec Corporation e:\program files\common files\symantec shared\ccevtmgr.exe
+ ccSetMgr Symantec Settings Manager (Verified) Symantec Corporation e:\program files\common files\symantec shared\ccsetmgr.exe
+ CLTNetCnService Symantec Lic NetConnect Service File not found: E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\cryptsvc.dll
+ DcomLaunch Provides launch functionality for DCOM services. (Verified) Microsoft Windows XP Publisher e:\windows\system32\rpcss.dll
+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. (Verified) Microsoft Windows Publisher e:\windows\system32\dhcpcsvc.dll
+ dmserver Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\dmserver.dll
+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\dnsrslvr.dll
+ ERSvc Allows error reporting for services and applictions running in non-standard environments. (Verified) Microsoft Windows Publisher e:\windows\system32\ersvc.dll
+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. (Verified) Microsoft Windows Publisher e:\windows\system32\services.exe
+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ HidServ Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\hidserv.dll
+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows XP Publisher e:\windows\system32\srvsvc.dll
+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\wkssvc.dll
+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. (Verified) Microsoft Windows Publisher e:\windows\system32\lmhsvc.dll
+ navapsvc Handles Norton AntiVirus Auto-Protect events. (Verified) Symantec Corporation e:\program files\norton antivirus\navapsvc.exe
+ NPFMntor Detects installation of Symantec Firewall clients (Verified) Symantec Corporation e:\program files\norton antivirus\iwp\npfmntor.exe
+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. (Verified) Microsoft Windows Publisher e:\windows\system32\services.exe
+ Pml Driver HPZ12 PML Driver (Not verified) HP e:\windows\system32\hpzipm12.exe
+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. (Verified) Microsoft Windows Publisher e:\windows\system32\lsass.exe
+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. (Verified) Microsoft Windows Publisher e:\windows\system32\lsass.exe
+ RemoteRegistry Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\regsvc.dll
+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. (Verified) Microsoft Windows XP Publisher e:\windows\system32\rpcss.dll
+ SamSs Stores security information for local user accounts. (Verified) Microsoft Windows Publisher e:\windows\system32\lsass.exe
+ SBService Norton AntiVirus ScripBlocking Service (Verified) Symantec Corporation e:\program files\common files\symantec shared\script blocking\sbserv.exe
+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\schedsvc.dll
+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\seclogon.dll
+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. (Verified) Microsoft Windows Publisher e:\windows\system32\sens.dll
+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. (Verified) Microsoft Windows Publisher e:\windows\system32\ipnathlp.dll
+ ShellHWDetection Windows Shell Services Dll (Verified) Microsoft Windows Publisher e:\windows\system32\shsvcs.dll
+ SNDSrvc Symantec Network Drivers Service (Verified) Symantec Corporation e:\program files\common files\symantec shared\sndsrvc.exe
+ SPBBCSvc Symantec SPBBC (Verified) Symantec Corporation e:\program files\common files\symantec shared\spbbc\spbbcsvc.exe
+ Spooler Loads files to memory for later printing. (Verified) Microsoft Windows XP Publisher e:\windows\system32\spoolsv.exe
+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties (Verified) Microsoft Windows Publisher e:\windows\system32\srsvc.dll
+ stisvc Provides image acquisition services for scanners and cameras. (Verified) Microsoft Windows Publisher e:\windows\system32\wiaservc.dll
+ Symantec Core LC Symantec Core LC (Verified) Symantec Corporation e:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
+ Themes Provides user experience theme management. (Verified) Microsoft Windows Publisher e:\windows\system32\shsvcs.dll
+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. (Verified) Microsoft Windows Publisher e:\windows\system32\trkwks.dll
+ UMWdf Enables Windows user mode drivers. (Verified) Microsoft Windows Component Publisher e:\windows\system32\wdfmgr.exe
+ W32Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\w32time.dll
+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Component Publisher e:\windows\system32\webclnt.dll
+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher e:\windows\system32\wbem\wmisvc.dll
+ wscsvc Monitors system security settings and configurations. (Verified) Microsoft Windows Publisher e:\windows\system32\wscsvc.dll
+ wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. (Verified) Microsoft Windows Publisher e:\windows\system32\wuauserv.dll
+ WZCSVC Provides automatic configuration for the 802.11 adapters (Verified) Microsoft Windows Publisher e:\windows\system32\wzcsvc.dll
HKLM\System\CurrentControlSet\Services
+ a347bus Plug and Play BIOS Extension (Not verified) e:\windows\system32\drivers\a347bus.sys
+ a347scsi SCSI miniport (Not verified) e:\windows\system32\drivers\a347scsi.sys
+ ACPI ACPI Driver for NT (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\acpi.sys
+ aec Microsoft Acoustic Echo Canceller (Verified) Microsoft Windows Component Publisher e:\windows\system32\drivers\aec.sys
+ AFD AFD Networking Support Environment (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\afd.sys
+ allegro ES1988/ES1998/ES199A Adapter Driver (Verified) Microsoft Windows Hardware Compatibility Publisher e:\windows\system32\drivers\es198x.sys
+ AsyncMac RAS Asynchronous Media Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\asyncmac.sys
+ atapi e:\windows\system32\drivers\atapi.sys
+ Atmarpc ATM ARP Client Protocol (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\atmarpc.sys
+ audstub AudStub Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\audstub.sys
+ AVG Anti-Spyware Driver e:\program files\grisoft\avg anti-spyware 7.5\guard.sys
+ AvgAsCln AVG7 Clean Driver (Not verified) GRISOFT, s.r.o. e:\windows\system32\drivers\avgascln.sys
+ CCDECODE WDM Closed Caption VBI Codec (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ccdecode.sys
+ Cdrom SCSI CD-ROM Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\cdrom.sys
+ ch7009 e:\windows\system32\drivers\ch7009.sys
+ ch7017 e:\windows\system32\drivers\ch7017.sys
+ Disk PnP Disk Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\disk.sys
+ dmio NT Disk Manager I/O Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\dmio.sys
+ dmload NT Disk Manager Startup Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\dmload.sys
+ DMusic Microsoft Kernel DLS Synthesizer (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\dmusic.sys
+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\drmkaud.sys
+ Fdc Floppy Disk Controller Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\fdc.sys
+ Flpydisk Floppy Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\flpydisk.sys
+ fs454 e:\windows\system32\drivers\fs454.sys
+ Ftdisk FT Disk Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ftdisk.sys
+ gameenum Game Port Enumerator (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\gameenum.sys
+ Gpc Generic Packet Classifier (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\msgpc.sys
+ HCF_MSFT Modem (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\hcf_msft.sys
+ hidusb USB Miniport Driver for Input Devices (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\hidusb.sys
+ HPZid412 IEEE-1284.4-1999 Driver (Windows 2000) (Verified) Microsoft Windows Hardware Compatibility Publisher e:\windows\system32\drivers\hpzid412.sys
+ HPZipr12 IEEE-1284.4-1999 Print Class Driver (Verified) Microsoft Windows Hardware Compatibility Publisher e:\windows\system32\drivers\hpzipr12.sys
+ HPZius12 1284.4<->Usb Datalink Driver (Windows 2000) (Verified) Microsoft Windows Hardware Compatibility Publisher e:\windows\system32\drivers\hpzius12.sys
+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows XP Publisher e:\windows\system32\drivers\http.sys
+ HWiNFO32 HWiNFO32 Kernel Driver (Not verified) REALiX(tm) e:\program files\hwinfo32\hwinfo32.sys
+ i8042prt i8042 Port Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\i8042prt.sys
+ i81x Miniport Driver for Intel Graphics Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\i81xnt5.sys
+ iAimFP0 Digital Display Minidriver for Intel(R) Graphics Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\wadv01nt.sys
+ iAimFP1 Digital Display Minidriver for Intel(R) Graphics Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\wadv02nt.sys
+ iAimFP2 Digital Display Minidriver for Intel(R) Graphics Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\wadv05nt.sys
+ iAimFP3 Digital Display Minidriver for Intel(R) Graphics Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\wsiintxx.sys
+ iAimFP4 Local Flat Panel Display Minidriver for Intel(R) Graphics Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\wvchntxx.sys
+ iAimTV0 Digital Display Minidriver for Intel(R) Graphics Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\watv01nt.sys
+ iAimTV1 Digital Display Minidriver for Intel(R) Graphics Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\watv02nt.sys
+ iAimTV2 File not found: System32\DRIVERS\wATV03nt.sys
+ iAimTV3 Digital Display Minidriver for Intel(R) Graphics Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\watv04nt.sys
+ iAimTV4 Digital Display Minidriver for Intel(R) Graphics Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\wch7xxnt.sys
+ igdmini Intel Embedded Graphics Miniport Driver (Not verified) Intel Corporation e:\windows\system32\drivers\igdmini.sys
+ Imapi IMAPI Kernel Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\imapi.sys
+ IntelIde Intel PCI IDE Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\intelide.sys
+ ip6fw Provides intrusion prevention service for a home or small office network. (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ip6fw.sys
+ IpFilterDriver IP Traffic Filter Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ipfltdrv.sys
+ IpInIp IP in IP Tunnel Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ipinip.sys
+ IpNat IP Network Address Translator (Verified) Microsoft Windows XP Publisher e:\windows\system32\drivers\ipnat.sys
+ IPSec IPSEC driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ipsec.sys
+ IRENUM Infra-Red Bus Enumerator (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\irenum.sys
+ isapnp PNP ISA Bus Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\isapnp.sys
+ Kbdclass Keyboard Class Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\kbdclass.sys
+ kbdhid HID Mouse Filter Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\kbdhid.sys
+ kmixer Kernel Mode Audio Mixer (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\kmixer.sys
+ LF30FS File not found: G:\Lock Folder XP 3.6\LF30XP.sys
+ lvds e:\windows\system32\drivers\lvds.sys
+ Mouclass Mouse Class Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\mouclass.sys
+ ms_mpu401 MPU401 Adapter Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\msmpu401.sys
+ MSKSSRV MS KS Server (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\mskssrv.sys
+ MSPCLOCK MS Proxy Clock (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\mspclock.sys
+ MSPQM MS Proxy Quality Manager (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\mspqm.sys
+ mssmbios System Management BIOS Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\mssmbios.sys
+ MSTEE WDM Tee/Communication Transform Filter (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\mstee.sys
+ NABTSFEC WDM NABTS/FEC VBI Codec (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\nabtsfec.sys
+ NAVENG AV Engine (Verified) Symantec Corporation e:\program files\common files\symantec shared\virusdefs\20070307.037\naveng.sys
+ NAVEX15 AV Engine (Verified) Symantec Corporation e:\program files\common files\symantec shared\virusdefs\20070307.037\navex15.sys
+ NdisIP Microsoft IP Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ndisip.sys
+ NdisTapi Remote Access NDIS TAPI Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ndistapi.sys
+ Ndisuio NDIS Usermode I/O Protocol (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ndisuio.sys
+ NdisWan Remote Access NDIS WAN Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ndiswan.sys
+ NetBT NetBios over Tcpip (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\netbt.sys
+ ns2501 e:\windows\system32\drivers\ns2501.sys
+ ns387 e:\windows\system32\drivers\ns387.sys
+ NwlnkFlt IPX Traffic Filter Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\nwlnkfwd.sys
+ NwlnkIpx NWLink IPX/SPX/NetBIOS Compatible Transport Protocol (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\nwlnkipx.sys
+ NwlnkNb NWLink NetBIOS (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\nwlnknb.sys
+ NwlnkSpx NWLink SPX/SPXII Protocol (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\nwlnkspx.sys
+ P3 Processor Device Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\p3.sys
+ Parport Parallel Port Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\parport.sys
+ PCI NT Plug and Play PCI Enumerator (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\pci.sys
+ PptpMiniport WAN Miniport (PPTP) (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\raspptp.sys
+ PSched QoS Packet Scheduler (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\psched.sys
+ Ptilink Direct Parallel Link Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\ptilink.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions e:\windows\system32\drivers\pxhelp20.sys
+ QCDonner Video Minidriver (Verified) Microsoft Windows Hardware Compatibility Publisher e:\windows\system32\drivers\lvcd.sys
+ RasAcd Remote Access Auto Connection Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\rasacd.sys
+ Rasl2tp WAN Miniport (L2TP) (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe Remote Access PPPOE Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\raspppoe.sys
+ Raspti Direct Parallel (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\raspti.sys
+ RDPCDD RDP Miniport (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\rdpcdd.sys
+ rdpdr Microsoft RDP Device redirector (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\rdpdr.sys
+ redbook Redbook Audio Filter Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\redbook.sys
+ ROOTMODEM Legacy Non-Pnp Modem Device Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\rootmdm.sys
+ RTL8023xp TE100-PCBUSR 32-Bit Carddbus PC Card (Verified) Microsoft Windows Hardware Compatibility Publisher e:\windows\system32\drivers\te100xp.sys
+ rtl8139 Realtek RTL8139/810x Family NDIS 5.1 Drv (Verified) Microsoft Windows Hardware Compatibility Publisher e:\windows\system32\drivers\r8139n51.sys
+ SAVRT AutoProtect (Verified) Symantec Corporation e:\program files\norton antivirus\savrt.sys
+ SAVRTPEL SAVRTPEL (Verified) Symantec Corporation e:\program files\norton antivirus\savrtpel.sys
+ Secdrv SafeDisc driver (Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. e:\windows\system32\drivers\secdrv.sys
+ serenum Serial Port Enumerator (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\serenum.sys
+ Serial Serial Device Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\serial.sys
+ sii164 e:\windows\system32\drivers\sii164.sys
+ SLIP Microsoft Slip Deframing Filter Minidriver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\slip.sys
+ SPBBCDrv SPBBC Driver (Verified) Symantec Corporation e:\program files\common files\symantec shared\spbbc\spbbcdrv.sys
+ splitter Microsoft Kernel Audio Splitter (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\splitter.sys
+ sptd e:\windows\system32\drivers\sptd.sys
+ StillCam Serial Imaging Device Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\serscan.sys
+ streamip Microsoft IP Test Driver (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\streamip.sys
+ swenum Plug and Play Software Device Enumerator (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\swenum.sys
+ swmidi Microsoft GS Wavetable Synthesizer (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\swmidi.sys
+ SYMDNS DNS Filter Driver (Verified) Symantec Corporation e:\windows\system32\drivers\symdns.sys
+ SymEvent Symantec Event Library (Verified) Symantec Corporation e:\program files\symantec\symevent.sys
+ SYMFW Firewall Filter Driver (Verified) Symantec Corporation e:\windows\system32\drivers\symfw.sys
+ SYMIDS IDS Filter Driver (Verified) Symantec Corporation e:\windows\system32\drivers\symids.sys
+ SYMIDSCO IDS Core Driver (Verified) Symantec Corporation e:\program files\common files\symantec shared\symcdata\ids-diskless\20070302.001\symidsco.sys
+ symlcbrd Symantec Core Component (Not verified) Symantec Corporation e:\windows\system32\drivers\symlcbrd.sys
+ SYMNDIS NDIS Filter Driver (Verified) Symantec Corporation e:\windows\system32\drivers\symndis.sys
+ SYMREDRV Redirector Filter Driver (Verified) Symantec Corporation e:\windows\system32\drivers\symredrv.sys
+ SYMTDI Network Dispatch Driver (Verified) Symantec Corporation e:\windows\system32\drivers\symtdi.sys
+ sysaudio System Audio WDM Filter (Verified) Microsoft Windows Publisher e:\windows\system32\drivers\sys
0
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Navigate to and delete these files if found:
E:\WINDOWS\system32\RavMonE.exe
E:\WINDOWS\RavMonE.exe
Reboot to normal mode.
Post a new Comboscan log please
0
i didn't find the file
but now my start up has really slowed down
now on every start up i have to run task manager and end process "iexplorer.exe"
it utilises all the speed of the computer
please help me th come out of this problem.
saurabhthelord
0
ComboScan v20070221.16 run by Shubham on 2007-03-13 at 23:54:40
Computer is in Normal Mode.
------------------------ HijackThis (run as Shubham.----------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:55:12 PM, on 3/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\WINDOWS\System32\cisvc.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Program Files\uTorrent\uTorrent.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Documents and Settings\Shubham\My Documents\Computer repairing\comboscan.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Hijackthis\Shubham.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O17 - HKLM\System\CCS\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-- Files created between 2007-02-13 and 20----------2007-03-13 23:39:19 0 d-------- E:\Program Files\uTorrent
2007-03-13 23:37:52 0 d-------- E:\Program Files\BitLord
2007-03-13 21:18:48 8192 --a------ E:\WINDOWS\system32\kbdkor.dll
2007-03-13 21:18:48 8704 --a------ E:\WINDOWS\system32\kbdjpn.dll
2007-03-13 21:18:48 6144 --a------ E:\WINDOWS\system32\kbd106.dll
2007-03-13 21:18:48 5632 --a------ E:\WINDOWS\system32\kbd103.dll
2007-03-13 21:18:48 6144 --a------ E:\WINDOWS\system32\kbd101c.dll
2007-03-13 21:18:47 6144 --a------ E:\WINDOWS\system32\kbd101b.dll
2007-03-13 13:50:07 0 d-------- E:\Documents and Settings\Shubham\Application Data\UseNeXT
2007-03-13 13:48:29 0 d-------- E:\Program Files\UseNeXT
2007-03-13 13:48:14 0 d--h----- E:\WINDOWS\system32\System
2007-03-13 10:14:23 0 d---s---- E:\Documents and Settings\LocalService\UserData
2007-03-12 17:06:02 0 d--hs---- E:\FOUND.161
2007-03-12 13:47:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\Atari
2007-03-12 12:53:52 0 d--hs---- E:\FOUND.160
2007-03-12 09:29:24 0 d--hs---- E:\FOUND.159
2007-03-12 02:44:13 0 d-------- E:\Night Shift Nurses 1-10+extras<NIGHTS~1>
2007-03-12 02:35:56 768 --a------ E:\WINDOWS\system32\d3d8caps.dat
2007-03-11 22:35:10 249856 -----n--- E:\WINDOWS\Setup1.exe
2007-03-11 22:35:00 73216 --a------ E:\WINDOWS\ST6UNST.exe
2007-03-11 22:20:48 0 d--hs---- E:\FOUND.158
2007-03-11 20:17:54 0 d-------- E:\The Fast And The Furious Tokyo Drift [English][PS2DVD][WwW.GamesTorrents.CoM]<THEFAS~1.COM>
2007-03-11 17:39:48 0 d-------- E:\PS2 Emulator Complete With BIOS and MemCard<PS2EMU~1>
2007-03-11 17:16:24 0 d--hs---- E:\FOUND.157
2007-03-11 01:31:43 1003465 --a------ E:\WINDOWS\Acount maker.exe<ACOUNT~1.EXE>
2007-03-10 20:34:51 0 d-------- E:\Documents and Settings\Shubham\Application Data\uTorrent
2007-03-10 11:32:16 38912 --a------ E:\WINDOWS\system32\drivers\avc.sys
2007-03-06 04:55:38 0 d--hs---- E:\FOUND.156
2007-03-06 01:05:14 0 d--hs---- E:\FOUND.155
2007-03-05 21:22:52 0 d--hs---- E:\FOUND.154
2007-03-05 00:04:18 0 d--hs---- E:\FOUND.153
2007-03-04 22:30:02 0 d--hs---- E:\FOUND.152
2007-03-03 18:36:58 0 d-------- E:\Program Files\Darwinia
2007-03-03 09:44:06 0 d-------- E:\Program Files\BiP media<BIPMED~1>
2007-03-03 07:03:38 0 d-------- E:\Program Files\Uplink
2007-03-03 05:44:02 0 d-------- E:\Program Files\Azureus
2007-03-02 05:28:32 664 --a------ E:\WINDOWS\system32\d3d9caps.dat
2007-03-02 00:59:22 3968 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-02 00:59:18 0 d-------- E:\Program Files\Grisoft
2007-02-26 22:56:14 0 d--hs---- E:\FOUND.151
2007-02-26 04:05:22 0 d--hs---- E:\FOUND.150
2007-02-25 21:01:48 0 d--hs---- E:\FOUND.149
2007-02-25 04:19:08 0 d--hs---- E:\FOUND.148
2007-02-23 09:27:44 0 d-------- E:\Program Files\HWiNFO32
2007-02-22 23:02:54 0 d--hs---- E:\FOUND.147
2007-02-22 08:43:30 0 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo!
2007-02-22 02:04:49 0 d-------- E:\SDFix
2007-02-21 01:00:02 0 d--hs---- E:\FOUND.146
2007-02-17 21:14:34 0 d--hs---- E:\FOUND.145
2007-02-17 20:41:06 0 d--hs---- E:\FOUND.144
2007-02-17 20:32:34 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\SecuROM
2007-02-17 20:02:53 0 d-------- E:\Program Files\Sierra
2007-02-17 19:58:23 0 d-------- E:\Documents and Settings\Shubham\Application Data\InstallShield<INSTAL~1>
2007-02-17 06:58:56 0 d-------- E:\Documents and Settings\Shubham\WINDOWS
2007-02-17 04:12:54 0 d--hs---- E:\FOUND.143
2007-02-17 00:19:37 0 d-------- E:\The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2.The.Witch.King-RELOADED<THELOR~1.KIN>
2007-02-16 22:15:52 0 d--hs---- E:\FOUND.142
2007-02-15 00:56:38 0 d-------- E:\Program Files\directx
2007-02-15 00:37:53 0 d-------- E:\Program Files\Railroad Tycoon 3<RAILRO~1>
2007-02-14 07:12:18 0 d-------- E:\Documents and Settings\Shubham\Application Data\Help
2007-02-13 20:47:53 0 d-------- E:\Program Files\Symantec Technical Support<SYMANT~1>
2007-02-13 14:31:04 4608 --a------ E:\WINDOWS\system32\drivers\symlcbrd.sys
2007-02-13 14:30:15 91904 --a------ E:\WINDOWS\system32\S32EVNT1.DLL
2007-02-13 14:30:15 124016 --a------ E:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-13 14:29:40 0 d-------- E:\Program Files\Symantec
2007-02-13 14:29:34 0 d-------- E:\Documents and Settings\All Users\Application Data\Symantec
2007-02-13 09:00:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\Talkback
2007-02-13 08:55:00 512688 --a------ E:\WINDOWS\system32\XceedCry.dll
2007-02-13 08:55:00 423784 --a------ E:\WINDOWS\system32\XceedBkp.dll
2007-02-13 08:54:57 10752 --a------ E:\WINDOWS\system32\md5.dll
2007-02-13 08:54:53 0 d-------- E:\Program Files\MalwareSweeper.com<MALWAR~1.COM>
2007-02-13 08:34:33 0 d-------- E:\Program Files\MalwareBot<MALWAR~1>
2007-02-13 08:17:30 0 d--hs---- E:\FOUND.140
2007-02-13 07:38:53 0 d-------- E:\Program Files\SymNetDrv<SYMNET~1>
2007-02-13 02:46:54 0 d--hs---- E:\FOUND.141
2007-02-13 00:02:53 0 d-------- E:\Program Files\Nero
2007-02-13 00:02:53 0 d-------- E:\Program Files\Common Files\Ahead
-- Find3M Re-----------2007-02-17 20:32:32 98304 --a------ E:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-02-13 09:00:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Mozilla
2007-02-12 22:38:38 0 d-------- E:\Program Files\Hijackthis<HIJACK~1>
2007-02-12 21:24:48 0 d-------- E:\Program Files\Registry Toolkit<REGIST~1>
2007-02-12 21:15:26 32791 --a------ E:\Documents and Settings\Shubham\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~1.LOG>
2007-02-12 21:14:14 2097 --a------ E:\Documents and Settings\Shubham\Application Data\HPSU_48BitScanUpdate.log<HPSU_4~1.LOG>
2007-02-12 21:10:46 45747 --a------ E:\Documents and Settings\Shubham\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-02-10 14:07:06 335 --a------ E:\WINDOWS\nsreg.dat
2007-02-08 10:06:16 0 d-------- E:\Program Files\McAfee Privacy Service 6.02 Install<MCAFEE~1.02I>
2007-02-08 09:58:26 0 d-------- E:\Documents and Settings\Shubham\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-02-04 18:15:28 0 d-------- E:\Program Files\cdromplus<CDROMP~1>
2007-02-04 18:15:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\cdromplus<CDROMP~1>
2007-02-04 18:14:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\NetPumper<NETPUM~1>
2007-02-04 18:14:18 0 d-------- E:\Program Files\NetPumper<NETPUM~1>
2007-02-03 13:38:06 0 d-------- E:\Program Files\VIRTUA~1
2007-01-31 19:20:12 0 d-------- E:\Program Files\RegCleaner<REGCLE~1>
2007-01-31 19:11:56 620123 --a------ E:\WINDOWS\system32\RegistryCleanerSetup.exe<REGIST~1.EXE>
2007-01-31 16:44:40 0 d-------- E:\Program Files\Common Files\Everstrike Software<EVERST~1>
2007-01-28 17:22:18 0 d-------- E:\Program Files\Alcohol Soft<ALCOHO~1>
2007-01-26 10:51:10 286208 --a------ E:\WINDOWS\system32\cncs232.dll
2007-01-25 14:22:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Ahead
2007-01-24 13:36:44 0 d-------- E:\Program Files\Norton AntiVirus<NORTON~1>
2007-01-24 13:36:06 0 d-------- E:\Documents and Settings\Shubham\Application Data\Symantec
2007-01-24 13:35:24 0 d-------- E:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-23 16:11:48 0 d-------- E:\Program Files\MSBuild
2007-01-23 15:56:32 0 d-------- E:\Program Files\Reference Assemblies<REFERE~1>
2007-01-23 15:32:44 0 d-------- E:\Program Files\Digit Archive 0.2<DIGITA~1.2>
2007-01-21 16:53:22 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\yahoo!
2007-01-20 13:43:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Adobe
2007-01-14 17:48:34 0 d-------- E:\Program Files\FLVPlayer<FLVPLA~1>
2007-01-14 11:50:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Sun
-- Registry -----------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"E:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"E:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroFilterCheck"="E:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Symantec NetDriver Monitor"="E:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"ccApp"="\"E:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"MSConfig"="E:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.exe "
"item"="Adobe Reader Speed Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="E:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"backup"="E:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.exe /tsr"
"item"="Microsoft Office OneNote 2003 Quick Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
"backup"="E:\\WINDOWS\\pss\\Reality Fusion GameCam SE.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\REALIT~1\\REALIT~1\\Program\\RFTRay.exe "
"item"="Reality Fusion GameCam SE"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitLord"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitLord\\BitLord.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bol IM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RediffMessenger"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="E:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctpmon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctpmon"
"hkey"="HKCU"
"command"="ctpmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="p_981116"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\p_981116.exe /Q:A"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explorer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKCU"
"command"="E:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="E:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KindPhone]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GplSpamList"
"hkey"="HKCU"
"command"="E:\\DOCUME~1\\Shubham\\APPLIC~1\\CDROMP~1\\GplSpamList.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMS"
"hkey"="HKLM"
"command"="E:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malware Sweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MalSwep"
"hkey"="HKCU"
"command"="E:\\Program Files\\MalwareSweeper.com\\MalwareSweeper\\MalSwep.exe /STARTUP"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="e:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MPFTRAY"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\MCAFEE.COM\\PERSON~1\\MPFTRAY.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegToolkit"
"hkey"="HKLM"
"command"="E:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="E:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
Shell\AutoRun\command K:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O]
Shell\AutoRun\command O:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b601a920-b8a4-11db-b52c-00e04c900a6d}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command E:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
-- End of ComboScan: finished at 2007-03-13 at 23:5-saurabhthelord
0
Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\]
"{b601a920-b8a4-11db-b52c-00e04c900a6d}"=-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Your java is out of date and will cause you to get reinfected. Download the latest version of http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
. Then from your desktop double-click on jre-1_6_0-windowsi586-p.exe to install the newest version.
Post one more comboscan and be sure to alert me, like to have missed you.
How is the computer operating?
0
at first start up it is toooooooooooooooooooooooooooooooooooooo slow there is something runing in iexplorer which i have use task manager and end the program . please help me to remove that problem.
rest things are fine they are working properly after start up.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ComboScan v20070221.16 run by Shubham on 2007-03-15 at 18:44:42
Computer is in Normal Mode.
------------------------ HijackThis (run as Shubham.----------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:45:00 PM, on 3/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\WINDOWS\System32\cisvc.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\WINDOWS\System32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Documents and Settings\Shubham\My Documents\Computer repairing\comboscan.exe
E:\Program Files\Hijackthis\Shubham.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O17 - HKLM\System\CCS\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{34501AD0-73D8-4462-8B51-BBA447308C8C}: NameServer = 202.56.215.6,202.56.230.6
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-- Files created between 2007-02-15 and 20----------2007-03-15 18:42:38 0 d-------- E:\Program Files\Java
2007-03-15 18:42:38 0 d-------- E:\Program Files\Common Files\Java
2007-03-14 00:17:21 0 d-------- E:\Documents and Settings\LocalService\Application Data\Adobe
2007-03-13 23:39:19 0 d-------- E:\Program Files\uTorrent
2007-03-13 23:37:52 0 d-------- E:\Program Files\BitLord
2007-03-13 21:18:48 8192 --a------ E:\WINDOWS\system32\kbdkor.dll
2007-03-13 21:18:48 8704 --a------ E:\WINDOWS\system32\kbdjpn.dll
2007-03-13 21:18:48 6144 --a------ E:\WINDOWS\system32\kbd106.dll
2007-03-13 21:18:48 5632 --a------ E:\WINDOWS\system32\kbd103.dll
2007-03-13 21:18:48 6144 --a------ E:\WINDOWS\system32\kbd101c.dll
2007-03-13 21:18:47 6144 --a------ E:\WINDOWS\system32\kbd101b.dll
2007-03-13 13:50:07 0 d-------- E:\Documents and Settings\Shubham\Application Data\UseNeXT
2007-03-13 13:48:29 0 d-------- E:\Program Files\UseNeXT
2007-03-13 13:48:14 0 d--h----- E:\WINDOWS\system32\System
2007-03-13 10:14:23 0 d---s---- E:\Documents and Settings\LocalService\UserData
2007-03-12 17:06:02 0 d--hs---- E:\FOUND.161
2007-03-12 13:47:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\Atari
2007-03-12 12:53:52 0 d--hs---- E:\FOUND.160
2007-03-12 09:29:24 0 d--hs---- E:\FOUND.159
2007-03-12 02:44:13 0 d-------- E:\Night Shift Nurses 1-10+extras<NIGHTS~1>
2007-03-12 02:35:56 768 --a------ E:\WINDOWS\system32\d3d8caps.dat
2007-03-11 22:35:10 249856 -----n--- E:\WINDOWS\Setup1.exe
2007-03-11 22:35:00 73216 --a------ E:\WINDOWS\ST6UNST.exe
2007-03-11 22:20:48 0 d--hs---- E:\FOUND.158
2007-03-11 20:17:54 0 d-------- E:\The Fast And The Furious Tokyo Drift [English][PS2DVD][WwW.GamesTorrents.CoM]<THEFAS~1.COM>
2007-03-11 17:39:48 0 d-------- E:\PS2 Emulator Complete With BIOS and MemCard<PS2EMU~1>
2007-03-11 17:16:24 0 d--hs---- E:\FOUND.157
2007-03-11 01:31:43 1003465 --a------ E:\WINDOWS\Acount maker.exe<ACOUNT~1.EXE>
2007-03-10 20:34:51 0 d-------- E:\Documents and Settings\Shubham\Application Data\uTorrent
2007-03-10 11:32:16 38912 --a------ E:\WINDOWS\system32\drivers\avc.sys
2007-03-06 04:55:38 0 d--hs---- E:\FOUND.156
2007-03-06 01:05:14 0 d--hs---- E:\FOUND.155
2007-03-05 21:22:52 0 d--hs---- E:\FOUND.154
2007-03-05 00:04:18 0 d--hs---- E:\FOUND.153
2007-03-04 22:30:02 0 d--hs---- E:\FOUND.152
2007-03-03 18:36:58 0 d-------- E:\Program Files\Darwinia
2007-03-03 09:44:06 0 d-------- E:\Program Files\BiP media<BIPMED~1>
2007-03-03 07:03:38 0 d-------- E:\Program Files\Uplink
2007-03-03 05:44:02 0 d-------- E:\Program Files\Azureus
2007-03-02 05:28:32 664 --a------ E:\WINDOWS\system32\d3d9caps.dat
2007-03-02 00:59:22 3968 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-02 00:59:18 0 d-------- E:\Program Files\Grisoft
2007-02-26 22:56:14 0 d--hs---- E:\FOUND.151
2007-02-26 04:05:22 0 d--hs---- E:\FOUND.150
2007-02-25 21:01:48 0 d--hs---- E:\FOUND.149
2007-02-25 04:19:08 0 d--hs---- E:\FOUND.148
2007-02-23 09:27:44 0 d-------- E:\Program Files\HWiNFO32
2007-02-22 23:02:54 0 d--hs---- E:\FOUND.147
2007-02-22 08:43:30 0 d-------- E:\Documents and Settings\All Users\Application Data\Yahoo!
2007-02-22 02:04:49 0 d-------- E:\SDFix
2007-02-21 01:00:02 0 d--hs---- E:\FOUND.146
2007-02-17 21:14:34 0 d--hs---- E:\FOUND.145
2007-02-17 20:41:06 0 d--hs---- E:\FOUND.144
2007-02-17 20:32:34 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\SecuROM
2007-02-17 20:02:53 0 d-------- E:\Program Files\Sierra
2007-02-17 19:58:23 0 d-------- E:\Documents and Settings\Shubham\Application Data\InstallShield<INSTAL~1>
2007-02-17 06:58:56 0 d-------- E:\Documents and Settings\Shubham\WINDOWS
2007-02-17 04:12:54 0 d--hs---- E:\FOUND.143
2007-02-17 00:19:37 0 d-------- E:\The.Lord.Of.The.Rings.Battle.For.Middle.Earth.2.The.Witch.King-RELOADED<THELOR~1.KIN>
2007-02-16 22:15:52 0 d--hs---- E:\FOUND.142
2007-02-15 00:56:38 0 d-------- E:\Program Files\directx
2007-02-15 00:37:53 0 d-------- E:\Program Files\Railroad Tycoon 3<RAILRO~1>
-- Find3M Re-----------2007-02-17 20:32:32 98304 --a------ E:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-02-14 07:12:20 0 d-------- E:\Documents and Settings\Shubham\Application Data\Help
2007-02-13 20:47:54 0 d-------- E:\Program Files\Symantec Technical Support<SYMANT~1>
2007-02-13 14:29:42 0 d-------- E:\Program Files\Symantec
2007-02-13 09:00:30 0 d-------- E:\Documents and Settings\Shubham\Application Data\Talkback
2007-02-13 09:00:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Mozilla
2007-02-13 08:54:54 0 d-------- E:\Program Files\MalwareSweeper.com<MALWAR~1.COM>
2007-02-13 08:34:34 0 d-------- E:\Program Files\MalwareBot<MALWAR~1>
2007-02-13 07:38:54 0 d-------- E:\Program Files\SymNetDrv<SYMNET~1>
2007-02-13 00:02:54 0 d-------- E:\Program Files\Nero
2007-02-13 00:02:54 0 d-------- E:\Program Files\Common Files\Ahead
2007-02-12 22:38:38 0 d-------- E:\Program Files\Hijackthis<HIJACK~1>
2007-02-12 21:24:48 0 d-------- E:\Program Files\Registry Toolkit<REGIST~1>
2007-02-12 21:15:26 32791 --a------ E:\Documents and Settings\Shubham\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~1.LOG>
2007-02-12 21:14:14 2097 --a------ E:\Documents and Settings\Shubham\Application Data\HPSU_48BitScanUpdate.log<HPSU_4~1.LOG>
2007-02-12 21:10:46 45747 --a------ E:\Documents and Settings\Shubham\Application Data\Update_HP_RedboxHprblog_HPSU.log<UPDATE~1.LOG>
2007-02-10 14:07:06 335 --a------ E:\WINDOWS\nsreg.dat
2007-02-08 10:06:16 0 d-------- E:\Program Files\McAfee Privacy Service 6.02 Install<MCAFEE~1.02I>
2007-02-08 09:58:26 0 d-------- E:\Documents and Settings\Shubham\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-02-04 18:15:28 0 d-------- E:\Program Files\cdromplus<CDROMP~1>
2007-02-04 18:15:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\cdromplus<CDROMP~1>
2007-02-04 18:14:28 0 d-------- E:\Documents and Settings\Shubham\Application Data\NetPumper<NETPUM~1>
2007-02-04 18:14:18 0 d-------- E:\Program Files\NetPumper<NETPUM~1>
2007-02-03 13:38:06 0 d-------- E:\Program Files\VIRTUA~1
2007-01-31 19:20:12 0 d-------- E:\Program Files\RegCleaner<REGCLE~1>
2007-01-31 19:11:56 620123 --a------ E:\WINDOWS\system32\RegistryCleanerSetup.exe<REGIST~1.EXE>
2007-01-31 16:44:40 0 d-------- E:\Program Files\Common Files\Everstrike Software<EVERST~1>
2007-01-28 17:22:18 0 d-------- E:\Program Files\Alcohol Soft<ALCOHO~1>
2007-01-26 10:51:10 286208 --a------ E:\WINDOWS\system32\cncs232.dll
2007-01-25 14:22:34 0 d-------- E:\Documents and Settings\Shubham\Application Data\Ahead
2007-01-24 13:36:44 0 d-------- E:\Program Files\Norton AntiVirus<NORTON~1>
2007-01-24 13:36:06 0 d-------- E:\Documents and Settings\Shubham\Application Data\Symantec
2007-01-24 13:35:24 0 d-------- E:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-01-23 16:11:48 0 d-------- E:\Program Files\MSBuild
2007-01-23 15:56:32 0 d-------- E:\Program Files\Reference Assemblies<REFERE~1>
2007-01-23 15:32:44 0 d-------- E:\Program Files\Digit Archive 0.2<DIGITA~1.2>
2007-01-21 16:53:22 0 dr-h----- E:\Documents and Settings\Shubham\Application Data\yahoo!
2007-01-20 13:43:08 0 d-------- E:\Documents and Settings\Shubham\Application Data\Adobe
-- Registry -----------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"E:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="E:\\WINDOWS\\system32\\ctfmon.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NeroFilterCheck"="E:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Symantec NetDriver Monitor"="E:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"ccApp"="\"E:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SunJavaUpdateSched"="\"E:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.exe "
"item"="Adobe Reader Speed Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="E:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"backup"="E:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"backup"="E:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.exe /tsr"
"item"="Microsoft Office OneNote 2003 Quick Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
"backup"="E:\\WINDOWS\\pss\\Reality Fusion GameCam SE.lnkCommon Startup"
"location"="Common Startup"
"command"="E:\\PROGRA~1\\REALIT~1\\REALIT~1\\Program\\RFTRay.exe "
"item"="Reality Fusion GameCam SE"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"E:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitLord"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitLord\\BitLord.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bol IM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RediffMessenger"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="E:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctpmon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctpmon"
"hkey"="HKCU"
"command"="ctpmon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="p_981116"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\p_981116.exe /Q:A"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explorer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKCU"
"command"="E:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="E:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KindPhone]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GplSpamList"
"hkey"="HKCU"
"command"="E:\\DOCUME~1\\Shubham\\APPLIC~1\\CDROMP~1\\GplSpamList.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMS"
"hkey"="HKLM"
"command"="E:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malware Sweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MalSwep"
"hkey"="HKCU"
"command"="E:\\Program Files\\MalwareSweeper.com\\MalwareSweeper\\MalSwep.exe /STARTUP"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="e:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MPFTRAY"
"hkey"="HKLM"
"command"="E:\\PROGRA~1\\MCAFEE.COM\\PERSON~1\\MPFTRAY.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="E:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Toolkit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RegToolkit"
"hkey"="HKLM"
"command"="E:\\Program Files\\Registry Toolkit\\RegToolkit.exe /scan"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="E:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"e:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
Shell\AutoRun\command K:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O]
Shell\AutoRun\command O:\autorun.exe[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b601a920-b8a4-11db-b52c-00e04c900a6d}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command E:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
-- End of ComboScan: finished at 2007-03-15 at 18:4-saurabhthelord
0
Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4[-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b601a920-b8a4-11db-b52c-00e04c900a6d}]
Shell\Auto\command RavMonE.exe e
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXGo to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.
Post the program that you are having to delete in task manager and let me know if the above line is gone from a comboscan log after running the .reg file.
0
iexplorer.exe
and now i can not do a combo scan because my computer has gone tooooo slow .
it took me 1/2 an hour to just switch and wait for load than start the explorer . and open this site.please i need immediate help from you .saurabhthelord
0
About all I can suggest is to try a system restore.
Go to this link http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx scroll down to "Use System Restore" and follow the direction.
Use the second newest restore point, not the newest one. If you have no other option go ahead and use the newest one.
That should get you up and running again.
0
i have installed avast 4.7 and restored nearly everything and also tried to restore but all the three restore failed due to some thing i don't know .
my computer is running fine but there is still process running iexplorer.exe at start up and doest utilize all the speed of computer.
please tell me a way to close that thing .
every time when i start my computer ,ihave to first close that thing through task manager and then my computer runs at a fast speed.saurabhthelord
0
This is a different tool than comboscan.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)Please post the log it produces.
0
I have had the same problem with one of my PC slowing down.... It's caused by a file installing those processes... make sure you verify the "startup" and see if a file named microsoftupdate is there.. if so delete that startup file! And with msconfig go in the startup tab and uncheck any files you don't recognize (plz be careful with the files you uncheck)
DJ Louis Louis
0  |
 mirc virus help
|
No desktop?!?
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
