Author Topic: Problem with all the aplication icons & Shortcut ICONS and RUN Opt (Read 659 times)

neal2087 · « **on:** June 23, 2008, 06:47:32 PM »

let me discribe the problem first

when i click any icon let it be a application or a shortcut

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />
the open with dialogue box opens and i have to choose the correct target their to start the application

and none of the commands are working in the run option neither Regedit,nor msconfig and not even cmd i cannot even use ping command

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

ok now my Hijack log is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:14 AM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Samsung\Samsung PC Studio 3\ConMgr.exe
C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\NETSCAPE\NAVIGA~1\NAVIGA~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\nilesh\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [soundmix] C:\WINDOWS\system32\soundmix.exe
O4 - HKLM\..\Run: [BMd3e77a3d] Rundll32.exe "C:\WINDOWS\system32\htvscphe.dll",s
O4 - HKLM\..\Run: [d0d449a1] rundll32.exe "C:\WINDOWS\system32\ysgklomu.dll",b
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205050246296
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31532F29-423D-4DED-8251-8679C202A896}: NameServer = 202.144.115.4,202.144.66.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

guestolo · « **Reply #1 on:** June 24, 2008, 03:40:06 PM »

Can you try the following please

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
If you have the same problem, prompting to ask what application to open with, navigate to mbam-setup.exe on desktop itself and choose it
If it installs, do the following:

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Along with the log from Malwarebytes AntiMalware

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

neal2087 · « **Reply #2 on:** June 25, 2008, 12:24:25 AM »

[quote name=\'guestolo\' post=\'433205\' date=\'Jun 25 2008, 02:10 AM\']Can you try the following please

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
If you have the same problem, prompting to ask what application to open with, navigate to mbam-setup.exe on desktop itself and choose it
If it installs, do the following:

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Along with the log from Malwarebytes AntiMalware

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt[/quote]

Trying this will post the rest after its done

thanks for replying

neal2087 · « **Reply #3 on:** June 25, 2008, 02:16:34 AM »

[quote name=\'guestolo\' post=\'433205\' date=\'Jun 25 2008, 02:10 AM\']Can you try the following please

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
If you have the same problem, prompting to ask what application to open with, navigate to mbam-setup.exe on desktop itself and choose it
If it installs, do the following:

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Along with the log from Malwarebytes AntiMalware

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt[/quote]

Dude U are to goooodddddd

my problem was solved
here i am giving u all the log files

1) this one is of after the scan was completed and i had restarted the pc
Malwarebytes' Anti-Malware 1.18
Database version: 889

12:27:06 PM 6/25/2008
mbam-log-6-25-2008 (12-27-06).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 208182
Time elapsed: 1 hour(s), 40 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 21
Registry Values Infected: 6
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geeda.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wvurrqn.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\cmrkfatb.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adcf367c-746f-43e3-a50b-e431307f0245} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{adcf367c-746f-43e3-a50b-e431307f0245} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{27a82d47-9a2a-4b39-b4ec-792bbdfd03fa} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27a82d47-9a2a-4b39-b4ec-792bbdfd03fa} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvurrqn (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5fb40aab-6228-47a8-a64c-1573fa74b97d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fb40aab-6228-47a8-a64c-1573fa74b97d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b71fa585-b351-4e48-8da8-22f6f705ec73} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyg32 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintuh32 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{27a82d47-9a2a-4b39-b4ec-792bbdfd03fa} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b71fa585-b351-4e48-8da8-22f6f705ec73} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d0d449a1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd3e77a3d (Trojan.Agent) -> Delete on reboot.
HKEY_CLASSES_ROOT\TacOnlyOne\MalWarrior (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\geeda.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\geeda.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\geeda.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\adeeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adeeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvurrqn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cmrkfatb.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\nilesh\Local Settings\Temp\qqndrvvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{568638BA-1752-4571-AA39-F939B3CD29F5}\RP282\A0184220.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{568638BA-1752-4571-AA39-F939B3CD29F5}\RP297\A0189607.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{568638BA-1752-4571-AA39-F939B3CD29F5}\RP297\A0189608.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hfyxrhah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soyleomy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsawqkom.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yurwdnmg.dll (Trojan.Agent) -> Delete on reboot.

[color=\"#800080\"]2)MAin.txt

Deckard's System Scanner v20071014.68
Run by nilesh on 2008-06-25 12:35:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
26: 2008-06-25 07:05:21 UTC - RP298 - Deckard's System Scanner Restore Point
25: 2008-06-23 05:14:02 UTC - RP297 - Restore Operation
24: 2008-06-23 04:12:08 UTC - RP296 - Installed Symantec AntiVirus
23: 2008-06-23 04:07:42 UTC - RP295 - Installed Symantec AntiVirus
22: 2008-06-22 19:18:54 UTC - RP294 - Restore Operation

-- First Restore Point --
1: 2008-04-20 06:12:32 UTC - RP273 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as nilesh.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:30 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Documents and Settings\nilesh\Desktop\dss.exe
C:\DOCUME~1\nilesh\Desktop\nilesh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06ADE4FA-292B-4106-A64C-0924EA46D2D4} - C:\WINDOWS\system32\nsxogxra.dll
O2 - BHO: {dcd97ab2-c976-4f19-e8f4-db25ac4f1552} - {2551f4ca-52bd-4f8e-91f4-679c2ba79dcd} - C:\WINDOWS\system32\hchawxmx.dll
O2 - BHO: (no name) - {2D32C9E8-2AFB-4B12-AD63-8160CC0FF0E7} - (no file)
O2 - BHO: (no name) - {345C1879-03EB-40B2-B8E2-91C90F53E76F} - (no file)
O2 - BHO: (no name) - {48036AD4-CC80-484D-89CA-BEF50C8F7D72} - (no file)
O2 - BHO: (no name) - {6F184B21-C709-405C-AE1B-97F29621B24E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9FD41AF4-A648-491C-9E8E-9B7521DDA019} - C:\WINDOWS\system32\nsxogxra.dll
O2 - BHO: (no name) - {EBF0AE65-E685-4FEE-99C3-279175BC6554} - C:\WINDOWS\system32\nsxogxra.dll
O2 - BHO: (no name) - {EEDDC6D6-69D7-4755-BAE2-A5B8B3351DF1} - C:\WINDOWS\system32\nsxogxra.dll
O2 - BHO: (no name) - {FCC44038-B26A-490D-B60C-6BD8F22A4106} - C:\WINDOWS\system32\nsxogxra.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [soundmix] C:\WINDOWS\system32\soundmix.exe
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205050246296
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31532F29-423D-4DED-8251-8679C202A896}: NameServer = 202.144.115.4,202.144.66.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: iifdday - iifdday.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll (file missing)
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7271 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2[/color]
[color=\"red\"].reg - regfile - shell\open\command - regedit.exe "%1" %*[/color]
[color=\"red\"].scr - scrfile - shell\open\command - "%1" %*[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 pnpshark - c:\windows\system32\drivers\pnpshark.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 st3shark - c:\windows\system32\drivers\st3shark.sys
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>

S3 npkcrypt - d:\d\gravity\ragnarokonline\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 ss_bus (Samsung Mobile USB Device 1.0 driver (WDM)) - c:\windows\system32\drivers\ss_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device 1.0>
S3 ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - c:\windows\system32\drivers\ss_mdfl.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0 Filter>
S3 ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - c:\windows\system32\drivers\ss_mdm.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MSSEARCH (Microsoft Search) - "c:\program files\common files\system\mssearch\bin\mssearch.exe" <Not Verified; Microsoft Corporation; PKM>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-25 12:29:09 433122 --ahs---- C:\WINDOWS\system32\adeeg.ini2
2008-06-25 11:10:24 93760 -----n--- C:\WINDOWS\system32\bsawqkom.dll
2008-06-25 11:07:24 103488 --a------ C:\WINDOWS\system32\hchawxmx.dll
2008-06-25 11:04:24 102464 -----n--- C:\WINDOWS\system32\yurwdnmg.dll
2008-06-25 10:42:40 0 d-------- C:\Documents and Settings\nilesh\Application Data\Malwarebytes
2008-06-25 10:42:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 10:42:34 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-24 02:18:23 102464 -----n--- C:\WINDOWS\system32\cmrkfatb.dll
2008-06-24 01:05:46 0 dr-h----- C:\Documents and Settings\nilesh\Recent
2008-06-23 13:26:16 0 d-------- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Application Data\AVG7
2008-06-23 13:18:57 0 d--h----- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Templates
2008-06-23 13:18:57 0 dr------- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Start Menu
2008-06-23 13:18:57 0 dr-h----- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\SendTo
2008-06-23 13:18:57 0 d--h----- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Recent
2008-06-23 13:18:57 0 d--h----- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\PrintHood
2008-06-23 13:18:57 0 d--h----- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\NetHood
2008-06-23 13:18:57 0 d-------- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\My Documents
2008-06-23 13:18:57 0 d--h----- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Local Settings
2008-06-23 13:18:57 0 d-------- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Favorites
2008-06-23 13:18:57 0 d-------- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Desktop
2008-06-23 13:18:57 0 d--hs---- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Cookies
2008-06-23 13:18:57 0 dr-h----- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Application Data
2008-06-23 13:18:57 0 d---s---- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Application Data\Microsoft
2008-06-23 13:18:56 786432 --ah----- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\NTUSER.DAT
2008-06-23 10:45:54 0 d-------- C:\Program Files\InstallShield
2008-06-23 10:45:31 0 d-------- C:\Program Files\Sify Broadband
2008-06-23 09:35:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-20 22:22:10 0 d-------- C:\Program Files\Webteh
2008-06-11 18:50:14 6696960 --a------ C:\Documents and Settings\nilesh\ntuser.dat
2008-06-11 18:50:13 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-09 14:57:31 0 d-------- C:\Program Files\QuickTime
2008-06-09 11:58:20 143360 --a------ C:\WINDOWS\system32\isdbgi51.dll <Not Verified; InstallShield Software Corporation; InstallShieldÂ®>

-- Find3M Report ---------------------------------------------------------------

2008-06-25 12:33:15 0 d-------- C:\Documents and Settings\nilesh\Application Data\Broadband
2008-06-25 12:32:27 0 d-------- C:\Documents and Settings\nilesh\Application Data\AVG7
2008-06-25 12:27:03 39936 -----n--- C:\WINDOWS\system32\wvurrqn.dll
2008-06-23 09:42:00 0 d-------- C:\Program Files\Common Files
2008-06-09 22:01:16 0 d-------- C:\Program Files\Web Publish
2008-06-03 15:53:10 0 d-------- C:\Documents and Settings\nilesh\Application Data\Nokia Multimedia Player
2008-06-03 13:59:34 0 d-------- C:\Documents and Settings\nilesh\Application Data\AdobeUM
2008-05-13 10:08:52 101440 --a------ C:\WINDOWS\system32\laticukv.dll
2008-05-12 17:30:51 0 d-------- C:\Program Files\Xvid
2008-05-10 14:50:59 98368 --a------ C:\WINDOWS\system32\moidsyti.dll
2008-05-10 10:57:17 98368 --a------ C:\WINDOWS\system32\vldefqvc.dll
2008-05-09 13:44:53 0 d-------- C:\Program Files\Softick
2008-05-09 10:55:23 99904 --a------ C:\WINDOWS\system32\lxxlpwbo.dll
2008-05-09 08:51:36 99904 --a------ C:\WINDOWS\system32\bfengdjg.dll
2008-05-08 15:37:25 0 d-------- C:\Documents and Settings\nilesh\Application Data\ImTOO Software Studio
2008-05-08 11:23:43 0 d-------- C:\Program Files\ShortKeys2
2008-05-04 01:05:56 104512 --a------ C:\WINDOWS\system32\yjlvhmpx.dll
2008-05-02 00:55:50 107072 --a------ C:\WINDOWS\system32\qbylbcfw.dll
2008-05-01 23:56:30 107072 --a------ C:\WINDOWS\system32\tgqqnjyd.dll
2008-04-30 23:54:10 105536 --a------ C:\WINDOWS\system32\qjvfacge.dll
2008-04-22 22:56:40 1127881 --a------ C:\WINDOWS\Counter Strike - Condition Zero (Ultimate Edition) Uninstaller.exe
2008-04-09 11:00:52 12291610 --a------ C:\AVG7QT.DAT
2008-04-08 10:03:20 92616 --ah----- C:\WINDOWS\system32\mlfcache.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06ADE4FA-292B-4106-A64C-0924EA46D2D4}]
06/06/2007 11:53 AM 125460 --a------ C:\WINDOWS\system32\nsxogxra.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2551f4ca-52bd-4f8e-91f4-679c2ba79dcd}]
06/25/2008 11:07 AM 103488 --a------ C:\WINDOWS\system32\hchawxmx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D32C9E8-2AFB-4B12-AD63-8160CC0FF0E7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{345C1879-03EB-40B2-B8E2-91C90F53E76F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48036AD4-CC80-484D-89CA-BEF50C8F7D72}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F184B21-C709-405C-AE1B-97F29621B24E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FD41AF4-A648-491C-9E8E-9B7521DDA019}]
06/06/2007 11:53 AM 125460 --a------ C:\WINDOWS\system32\nsxogxra.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBF0AE65-E685-4FEE-99C3-279175BC6554}]
06/06/2007 11:53 AM 125460 --a------ C:\WINDOWS\system32\nsxogxra.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEDDC6D6-69D7-4755-BAE2-A5B8B3351DF1}]
06/06/2007 11:53 AM 125460 --a------ C:\WINDOWS\system32\nsxogxra.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCC44038-B26A-490D-B60C-6BD8F22A4106}]
06/06/2007 11:53 AM 125460 --a------ C:\WINDOWS\system32\nsxogxra.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/06/2003 09:49 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/06/2003 09:37 PM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [03/14/2006 07:36 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/23/2008 05:35 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"soundmix"="C:\WINDOWS\system32\soundmix.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [04/21/2006 08:04 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\nilesh\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [8/2/2007 10:08:53 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [12/29/2007 9:10:50 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdday]
iifdday.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]
C:\WINDOWS\system32\vtutu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
winghy32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhab32]
winhab32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
winjvd32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmmt32]
winmmt32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
winrzf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32]
winwim32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwly32]
winwly32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
winzdn32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nilesh^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\nilesh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nilesh^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\nilesh\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-IN ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
rundll32.exe "C:\WINDOWS\system32\fgujkskr.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j7241035]
rundll32 C:\WINDOWS\system32\j7241035.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalWarrior]
"C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SifyBB]
C:\Program Files\Sify Broadband\BBImpSec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]
"C:\Program Files\Softick\PPP\Bin\PPPGate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3840f6c1-20c8-11dd-a4a4-000b6aea30d5}]
AutoRun\command- H:\fooool.exe
explore\Command- H:\fooool.exe
open\Command- H:\fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4486e88e-6e4e-11dc-a5ed-000b6aea30d5}]
AutoRun\command- fooool.exe
explore\Command- fooool.exe
open\Command- fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dc8d878-d481-11db-a3a5-000b6aea30d5}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

-- End of Deckard's System Scanner: finished at 2008-06-25 12:38:13 ------------

[color=\"#000080\"]3)Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 759.48 MiB / 437.27 MiB
Pagefile Memory (total/avail): 2256.14 MiB / 1972.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.56 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 18.65 GiB total, 4.28 GiB free.
D: is Fixed (NTFS) - 18.64 GiB total, 0.92 GiB free.
E: is Fixed (NTFS) - 18.64 GiB total, 1.75 GiB free.
F: is Fixed (NTFS) - 18.64 GiB total, 0.6 GiB free.
G: is CDROM (CDFS)
H: is CDROM (CDFS)
I: is Removable (FAT32)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP0822N - 74.56 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 18.65 GiB - C:
\PARTITION1 - Installable File System - 18.64 GiB - F:
\PARTITION2 - Extended w/Extended Int 13 - 37.28 GiB - D: - E:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - JetFlash TS1GJFV30 USB Device - 972.69 MiB - 1 partition
\PARTITION0 - Unknown - 979.98 MiB - I:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.523 v7.5.523 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\DAP\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\DAP\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\DAP\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\DAP\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"E:\\pummy games\\TrackMania Nations ESWC\\TmNationsESWC.exe"="E:\\pummy games\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\\d\\Counter Strike - Condition Zero (Ultimate Edition)\\czero.exe"="D:\\d\\Counter Strike - Condition Zero (Ultimate Edition)\\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ÂµTorrent"
"C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"="C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE:*:Disabled:Microsoft ® Visual Studio VSA RPC Event Creator"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\\Program Files\\NetworkActiv Web Server 3.5\\NetworkActivWebServerV3.5.exe"="C:\\Program Files\\NetworkActiv Web Server 3.5\\NetworkActivWebServerV3.5.exe:*:Disabled:NetworkActiv Web Server (Application and Installer)"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Rediff Bol\\RediffMessenger.exe"="C:\\Program Files\\Rediff Bol\\RediffMessenger.exe:*:Disabled:Rediff Bol 8.0 "
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Counter Strike - Condition Zero (Ultimate Edition)\\czero.exe"="C:\\Program Files\\Counter Strike - Condition Zero (Ultimate Edition)\\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Documents and Settings\\nilesh\\Desktop\\Uploader.exe"="C:\\Documents and Settings\\nilesh\\Desktop\\Uploader.exe:*:Enabled:Uploader"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\nilesh\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SURYAVAN-DDDBA9
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\nilesh
include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
LOGONSERVER=\\SURYAVAN-DDDBA9
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\nilesh\LOCALS~1\Temp
TMP=C:\DOCUME~1\nilesh\LOCALS~1\Temp
USERDOMAIN=SURYAVAN-DDDBA9
USERNAME=nilesh
USERPROFILE=C:\Documents and Settings\nilesh
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

nilesh (admin)
ramvijay (admin)
Administrator.SURYAVAN-DDDBA9 (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Batch Launcher 1.1.4 --> "C:\Program Files\Batch Launcher\unins000.exe"
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Counter Strike - Condition Zero (Ultimate Edition) --> C:\WINDOWS\Counter Strike - Condition Zero (Ultimate Edition) Uninstaller.exe
DAEMON Tools --> MsiExec.exe /I{2DF9A978-DEA1-4433-805D-66790FC28C62}
DC++ 0.698 --> "C:\Program Files\DC++\uninstall.exe"
DVD Decoder Pak for Windows XP --> MsiExec.exe /X{92C5DB3D-9D6F-4324-BB11-57825F4C2635}
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\nilesh\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InstallShield for Microsoft Visual C++ 6 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\InstallShield\InstallShield for Microsoft Visual C++ 6\Uninst.isu"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
ISM Office 3.04 --> C:\WINDOWS\IsUninst.exe -fC:\ISM300\Uninst.isu
J2SE Development Kit 5.0 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150060}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(tm) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.85 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Language of Nature --> C:\ENC\AnimcomEng\Uninst\Uncet.exe
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Speech Recognition Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsrgpc.inf, Uninstall.NT
Microsoft SQL Server 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VM for Java --> RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library - Visual Studio 6.0 --> "C:\Program Files\Microsoft Visual Studio\MSDN98\98VS\1033\Setup\Setup.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCHÂ® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
My Body, Myself --> C:\ENC\Bodyeng\Uninst\Uncet.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netscape Navigator (9.0.0.6) --> C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
NetworkActiv Web Server 3.5 --> C:\Program Files\NetworkActiv Web Server 3.5\NetworkActivWebServerV3.5.exe UnInstall
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Rediff Bol --> C:\Program Files\Rediff Bol\uninstall.exe
RTLSetup for Realtek RTL8139/810x Family NIC 3.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung\SS_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
ShortKeys Lite --> C:\PROGRA~1\SHORTK~1\UNWISE.EXE C:\PROGRA~1\SHORTK~1\INSTALL.LOG
Sify Broadband 3.22 --> "C:\Program Files\Sify Broadband\unins000.exe"
Softick PPP 2.21 (remove only) --> "C:\Program Files\Softick\PPP\uninstall.exe"
Touch The Sky --> C:\ENC\SpaceEng\Uninst\Uncet.exe
TypingMaster Typing Test --> "C:\Program Files\TypingMaster\TypingTest\IsStub32.exe" -f"C:\Program Files\TypingMaster\TypingTest\DeIsL1.isu" -c"C:\Program Files\TypingMaster\TypingTest\_ISREG32.DLL"
Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Pool Windows --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Intrplay\VPoolW\DeIsL2.isu"
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{7A837109-E671-470D-B489-F1EBE471D220}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type6090 / Warning
Event Submitted/Written: 06/25/2008 00:32:19 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type6089 / Warning
Event Submitted/Written: 06/25/2008 00:32:19 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type6084 / Error
Event Submitted/Written: 06/25/2008 10:43:42 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mbam-setup.tmp, version 51.49.0.0, hang module hungapp, version 0.0.0.0, hang addres

neal2087 · « **Reply #4 on:** June 25, 2008, 02:20:58 AM »

One more thing if u can tell me
every time i scan with my AVG it says

this message
Object: C:\Windows\system32\drivers\etc\hosts
Result: Change

guestolo · « **Reply #5 on:** June 25, 2008, 10:21:35 AM »

We still have some cleaning to do

Can you do the next steps please
Download the Flash_Disinfector.exe from here and save to desktop
http://www.techsupportforum.com/sectools/s...Disinfector.exe
We'll need it in a bit

Download this file - Combofix.exe and save it ONLY to your desktop
Don't run it yet

==Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

========================================

Temporarily disable AVG protections please so it won't interfere with the next tool
Open the AVG Control Center program by double clicking it's icon by the clock
Double-click on the "AVG Resident Shield" component -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.

Download [color=\"#800080\"]DAFT[/color][/url] and save it to your desktop.
* Double click on daft.exe to run it
* Read the disclaimer and click OK.
* Click on the Scan button.
* Put a tick next to the following entries

.reg
.scr

* Click the Fix button.
Rescan with daft and those 2 entries should be gone

Afterwards:
Run Flash_Disinfector.exe, Follow the prompts
Insert any/All removable flash drives you may have when prompted
When the tool is done
Leave your flash drives inserted

==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]KillAll::

File::
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\bsawqkom.dll
C:\WINDOWS\system32\hchawxmx.dll
C:\WINDOWS\system32\yurwdnmg.dll
C:\WINDOWS\system32\cmrkfatb.dll
C:\WINDOWS\system32\wvurrqn.dll
C:\WINDOWS\system32\laticukv.dll
C:\WINDOWS\system32\moidsyti.dll
C:\WINDOWS\system32\vldefqvc.dll
C:\WINDOWS\system32\lxxlpwbo.dll
C:\WINDOWS\system32\bfengdjg.dll
C:\WINDOWS\system32\yjlvhmpx.dll
C:\WINDOWS\system32\qbylbcfw.dll
C:\WINDOWS\system32\tgqqnjyd.dll
C:\WINDOWS\system32\qjvfacge.dll
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\nsxogxra.dll
C:\WINDOWS\system32\j7241035.dll
C:\WINDOWS\system32\fgujkskr.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06ADE4FA-292B-4106-A64C-0924EA46D2D4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2551f4ca-52bd-4f8e-91f4-679c2ba79dcd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D32C9E8-2AFB-4B12-AD63-8160CC0FF0E7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{345C1879-03EB-40B2-B8E2-91C90F53E76F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48036AD4-CC80-484D-89CA-BEF50C8F7D72}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F184B21-C709-405C-AE1B-97F29621B24E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FD41AF4-A648-491C-9E8E-9B7521DDA019}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBF0AE65-E685-4FEE-99C3-279175BC6554}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEDDC6D6-69D7-4755-BAE2-A5B8B3351DF1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCC44038-B26A-490D-B60C-6BD8F22A4106}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3840f6c1-20c8-11dd-a4a4-000b6aea30d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4486e88e-6e4e-11dc-a5ed-000b6aea30d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dc8d878-d481-11db-a3a5-000b6aea30d5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j7241035]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdday]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhab32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmmt32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwly32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
[/color]
Save this as txtfile on your desktop
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the name C:\ComboFix.txt..
Reenable AVG realtime protections after ComboFix is completely done
Post back the log from Combofix and a fresh Hijackthis log

neal2087 · « **Reply #6 on:** June 26, 2008, 12:50:19 AM »

[quote name=\'guestolo\' post=\'433302\' date=\'Jun 25 2008, 08:51 PM\']We still have some cleaning to do

Can you do the next steps please
Download the Flash_Disinfector.exe from here and save to desktop
http://www.techsupportforum.com/sectools/s...Disinfector.exe
We'll need it in a bit

Download this file - Combofix.exe and save it ONLY to your desktop
Don't run it yet

==Download [color=\"#ff0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

========================================

Temporarily disable AVG protections please so it won't interfere with the next tool
Open the AVG Control Center program by double clicking it's icon by the clock
Double-click on the "AVG Resident Shield" component -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.

Download [color=\"#800080\"]DAFT[/color][/url] and save it to your desktop.
* Double click on daft.exe to run it
* Read the disclaimer and click OK.
* Click on the Scan button.
* Put a tick next to the following entries

.reg
.scr

* Click the Fix button.
Rescan with daft and those 2 entries should be gone

Afterwards:
Run Flash_Disinfector.exe, Follow the prompts
Insert any/All removable flash drives you may have when prompted
When the tool is done
Leave your flash drives inserted

==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000ff\"]KillAll::

File::
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\bsawqkom.dll
C:\WINDOWS\system32\hchawxmx.dll
C:\WINDOWS\system32\yurwdnmg.dll
C:\WINDOWS\system32\cmrkfatb.dll
C:\WINDOWS\system32\wvurrqn.dll
C:\WINDOWS\system32\laticukv.dll
C:\WINDOWS\system32\moidsyti.dll
C:\WINDOWS\system32\vldefqvc.dll
C:\WINDOWS\system32\lxxlpwbo.dll
C:\WINDOWS\system32\bfengdjg.dll
C:\WINDOWS\system32\yjlvhmpx.dll
C:\WINDOWS\system32\qbylbcfw.dll
C:\WINDOWS\system32\tgqqnjyd.dll
C:\WINDOWS\system32\qjvfacge.dll
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\nsxogxra.dll
C:\WINDOWS\system32\j7241035.dll
C:\WINDOWS\system32\fgujkskr.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0000CC75-ACF3-4cac-A0A9-DD3868E06852}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06ADE4FA-292B-4106-A64C-0924EA46D2D4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2551f4ca-52bd-4f8e-91f4-679c2ba79dcd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D32C9E8-2AFB-4B12-AD63-8160CC0FF0E7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{345C1879-03EB-40B2-B8E2-91C90F53E76F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48036AD4-CC80-484D-89CA-BEF50C8F7D72}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F184B21-C709-405C-AE1B-97F29621B24E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FD41AF4-A648-491C-9E8E-9B7521DDA019}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBF0AE65-E685-4FEE-99C3-279175BC6554}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEDDC6D6-69D7-4755-BAE2-A5B8B3351DF1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCC44038-B26A-490D-B60C-6BD8F22A4106}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3840f6c1-20c8-11dd-a4a4-000b6aea30d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4486e88e-6e4e-11dc-a5ed-000b6aea30d5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dc8d878-d481-11db-a3a5-000b6aea30d5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j7241035]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdday]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhab32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmmt32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwim32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwly32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
[/color]
Save this as txtfile on your desktop
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the name C:\ComboFix.txt..
Reenable AVG realtime protections after ComboFix is completely done
Post back the log from Combofix and a fresh Hijackthis log[/quote]

Did what all u told me to
here are the two log files

1) Combifix.txt

ComboFix 08-06-20.4 - nilesh 2008-06-26 11:00:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.425 [GMT 5.5:30]
Running from: C:\Documents and Settings\nilesh\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\nilesh\Desktop\CFScript.txt
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\bfengdjg.dll
C:\WINDOWS\system32\bsawqkom.dll
C:\WINDOWS\system32\cmrkfatb.dll
C:\WINDOWS\system32\fgujkskr.dll
C:\WINDOWS\system32\hchawxmx.dll
C:\WINDOWS\system32\j7241035.dll
C:\WINDOWS\system32\laticukv.dll
C:\WINDOWS\system32\lxxlpwbo.dll
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\moidsyti.dll
C:\WINDOWS\system32\nsxogxra.dll
C:\WINDOWS\system32\qbylbcfw.dll
C:\WINDOWS\system32\qjvfacge.dll
C:\WINDOWS\system32\tgqqnjyd.dll
C:\WINDOWS\system32\vldefqvc.dll
C:\WINDOWS\system32\wvurrqn.dll
C:\WINDOWS\system32\yjlvhmpx.dll
C:\WINDOWS\system32\yurwdnmg.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMd3e77a3d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\apdbcfwf.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\cmrkfatb.dll
C:\WINDOWS\system32\cwtgjtyg.ini
C:\WINDOWS\system32\drlrpiil.ini
C:\WINDOWS\system32\kavhmxtc.ini
C:\WINDOWS\system32\laticukv.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\system32\ncnefdrm.ini
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\nppcyqpt.ini
C:\WINDOWS\system32\nsxogxra.dll
C:\WINDOWS\system32\ntaucqno.ini
C:\WINDOWS\system32\ovwrfxls.ini
C:\WINDOWS\system32\oysiftbo.ini
C:\WINDOWS\system32\qbylbcfw.dll
C:\WINDOWS\system32\qjvfacge.dll
C:\WINDOWS\system32\rkskjugf.ini
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini2
C:\WINDOWS\system32\rxmuumes.ini
C:\WINDOWS\system32\siawhajs.ini
C:\WINDOWS\system32\skkbqnxf.ini
C:\WINDOWS\system32\tcjdmpmn.dll
C:\WINDOWS\system32\tgqqnjyd.dll
C:\WINDOWS\system32\thkrybql.ini
C:\WINDOWS\system32\umolkgsy.ini
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\wvurrqn.dll
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini2
C:\WINDOWS\system32\yjlvhmpx.dll
C:\WINDOWS\system32\yurwdnmg.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 12:34 . 2008-06-25 12:34 <DIR> d-------- C:\Deckard
2008-06-25 10:42 . 2008-06-25 10:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 10:42 . 2008-06-25 10:42 <DIR> d-------- C:\Documents and Settings\nilesh\Application Data\Malwarebytes
2008-06-25 10:42 . 2008-06-25 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 10:42 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 10:42 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-23 13:26 . 2008-06-23 13:32 <DIR> d-------- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9\Application Data\AVG7
2008-06-23 13:18 . 2008-06-23 13:18 <DIR> d-------- C:\Documents and Settings\Administrator.SURYAVAN-DDDBA9
2008-06-23 10:45 . 2008-06-25 12:47 <DIR> d-------- C:\Program Files\Sify Broadband
2008-06-23 10:45 . 2008-06-23 10:45 <DIR> d-------- C:\Program Files\InstallShield
2008-06-23 09:35 . 2008-06-23 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-20 22:22 . 2008-06-20 22:22 <DIR> d-------- C:\Program Files\Webteh
2008-06-09 14:57 . 2008-06-09 14:58 <DIR> d-------- C:\Program Files\QuickTime
2008-06-09 12:01 . 1998-04-25 02:25 5 --a------ C:\WINDOWS\VS98ENT.MIF
2008-06-09 11:58 . 1997-11-19 15:31 143,360 --a------ C:\WINDOWS\system32\isdbgi51.dll
2008-06-09 11:58 . 1996-09-17 17:46 0 --a------ C:\WINDOWS\Isdbg.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 05:19 --------- d-----w C:\Documents and Settings\nilesh\Application Data\Broadband
2008-06-26 04:32 --------- d-----w C:\Documents and Settings\nilesh\Application Data\AVG7
2008-06-23 19:02 --------- d-----w C:\Documents and Settings\ramvijay\Application Data\Broadband
2008-06-09 16:31 --------- d-----w C:\Program Files\Web Publish
2008-06-09 09:57 28,352 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-06-09 09:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-03 10:23 --------- d-----w C:\Documents and Settings\nilesh\Application Data\Nokia Multimedia Player
2008-06-03 08:29 --------- d-----w C:\Documents and Settings\nilesh\Application Data\AdobeUM
2008-05-12 12:00 --------- d-----w C:\Program Files\Xvid
2008-05-09 08:14 --------- d-----w C:\Program Files\Softick
2008-05-08 10:07 --------- d-----w C:\Documents and Settings\nilesh\Application Data\ImTOO Software Studio
2008-05-08 05:53 --------- d-----w C:\Program Files\ShortKeys2
2008-04-22 17:26 1,127,881 ----a-w C:\WINDOWS\Counter Strike - Condition Zero (Ultimate Edition) Uninstaller.exe
2008-04-09 05:30 12,291,610 ----a-w C:\AVG7QT.DAT
2008-02-12 04:01 5,632 --sha-w C:\Program Files\Thumbs.db
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SifyBB"="C:\Program Files\Sify Broadband\BBImpSec.exe" [2006-04-21 20:04 127085]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl,CMICtrlWnd" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 21:49 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 21:37 114688]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-14 07:36 1397760]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-23 17:35 579584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 08:30 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 01:26 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\nilesh\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-02 10:08:53 63064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-12-29 09:10:50 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"vidc.aasc"= aasc32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^nilesh^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\nilesh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^nilesh^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\nilesh\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-04-08 07:54 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 11:18 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalWarrior]
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-04-20 16:50 53248 c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SifyBB]
--a------ 2006-04-21 20:04 127085 C:\Program Files\Sify Broadband\BBImpSec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]
--a------ 2004-10-21 03:35 160256 C:\Program Files\Softick\PPP\Bin\PPPGate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 23:59 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\NetworkActiv Web Server 3.5\\NetworkActivWebServerV3.5.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Rediff Bol\\RediffMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Counter Strike - Condition Zero (Ultimate Edition)\\czero.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R2 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" [2003-12-20 11:19]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 03:08]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 11:13:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-06-26 11:20:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 05:50:29

Pre-Run: 4,827,430,912 bytes free
Post-Run: 5,082,738,688 bytes free

248 --- E O F --- 2008-04-08 14:26:08

[color=\"#800080\"]3) Hijackthjis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:51 AM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\nilesh\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sify.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205050246296
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31532F29-423D-4DED-8251-8679C202A896}: NameServer = 202.144.115.4,202.144.66.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5852 bytes

[color=\"#008080\"]Do tell me what to do will be waiting for ur reply[/color]
[/color]

guestolo · « **Reply #7 on:** July 04, 2008, 09:52:57 AM »

Sorry for the delay, just got back from holidays
If your still around, can you run a fresh scan with dss.exe and post the new log from Main.txt

Also, let me know how things are now running please

TheTechGuide Forum

News:

Author Topic: Problem with all the aplication icons & Shortcut ICONS and RUN Opt (Read 659 times)

neal2087

Problem with all the aplication icons & Shortcut ICONS and RUN Opt

guestolo

Problem with all the aplication icons & Shortcut ICONS and RUN Opt

neal2087

Problem with all the aplication icons & Shortcut ICONS and RUN Opt

neal2087

Problem with all the aplication icons & Shortcut ICONS and RUN Opt

neal2087

Problem with all the aplication icons & Shortcut ICONS and RUN Opt

guestolo

Problem with all the aplication icons & Shortcut ICONS and RUN Opt

neal2087

Problem with all the aplication icons & Shortcut ICONS and RUN Opt

guestolo

Problem with all the aplication icons & Shortcut ICONS and RUN Opt