Fixed: dss logs on a Dell Dimension 3100

bindo245 · 06-13-2008

Well here is my problem, nearly every time i keep opening a folder or my computer an annoying system pop up:

System error:
attention (user name), some dangerous Trojans have been dected in your system, Microsoft xp files corrupted this my lead to the destruction of important files in C:/windows.

click ok to download anti virus(recommended).

ok cancel

When i press ok it opens my webrowser and asks me to save a file called ieav.exe, this is a annoying antivirus and fraudulent.

Now if i press cancel it simply goes away until i open up a new folder.

I have done scans with mcafee, it detected a fake error type file, in C;/ documents and settings/temp/ folder.

This happened when my freind gave me a free magic iso trial, but it wasnt magic iso it was a cmd prompt which flew through the screen saying installing here,....

This anoying popop is 2-3 day old:

Here is my MAIN.TXT LOG.

Deckard's System Scanner v20071014.68
Run by (USERNAME) on 2008-06-13 18:09:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-06-13 17:09:10 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-13 18:11:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Arun Sharma\Desktop\Aruns documents\opera-portable-personal-en-9.27.exe
C:\DOCUME~1\ARUNSH~1\LOCALS~1\Temp\hebat\opera.exe
C:\Documents and Settings\Arun Sharma\Desktop\popupfixer\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell UK Portal
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Google Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Dell UK Portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {234AF32E-A7D1-4BFD-A956-2AED01E9A654} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {78069BC1-AB35-49D8-BF14-9F0EAD9CF1AB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Sigma plugin - {7DBF8390-552B-4D55-9F62-00D032032691} - C:\WINDOWS\bosant16a.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A2A61D92-555E-4E4D-A877-DE105D95AB90} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBContr oller
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIRUS.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\Software\..\Telephony: DomainName = Arun
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = Arun
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = Arun
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: efcyxyy - C:\WINDOWS\system32\efcyxyy.dll (file missing)
O20 - Winlogon Notify: pmnnk - C:\WINDOWS\system32\pmnnk.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0054781213376637) (0054781213376637mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\005478~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\eswohwtq.exe /service
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: - file:///C:/DOCUME~1/ARUNSH~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 16162 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 hnmwrlspkt (HomeNet Manager Wireless Protocol) - c:\windows\system32\drivers\hnm_wrls_pkt.sys <Not Verified; SingleClick Systems; Wireless Protocol Driver>
R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver>
R2 wsppkt (Wireless Security Protocol) - c:\windows\system32\drivers\wsp_pkt.sys <Not Verified; SingleClick Systems; Wireless Security Protocol Driver>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S3 BTCAMDRV (Mobiola Web Camera driver) - c:\windows\system32\drivers\btcamdrv.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 cdrmkaun - c:\docume~1\arunsh~1\locals~1\temp\cdrmkaun.sys (file missing)
S3 dsreader (MaxDrive Driver (dsreader.sys)) - c:\windows\system32\drivers\dsreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 MODBDA2 (KWorld MOD3000 TV receiver) - c:\windows\system32\drivers\modbda2.sys <Not Verified; DiBcom SA; MOD3000 MB DVB-T USB2.0 adapter BDA driver>
S3 MODLOAD2 (DVB-T USB2.0 adapter firmware loader) - c:\windows\system32\drivers\modload2.sys <Not Verified; DiBcom S.A; DVB-T USB2.0 adapter>
S3 MODRC (KWorld Infrared Receiver) - c:\windows\system32\drivers\modrc.sys <Not Verified; DiBcom S.A.; MODxxxx DVB-T USB2.0 Remote Control minidriver>
S3 NuVision (Hauppauge WinTV USB Pro (PAL I,D/K)) - c:\windows\system32\drivers\nuvision.sys <Not Verified; Hauppauge Computer Works; WinTV USB>
S3 ovt519 (EyeToy) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys (file missing)
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 XSHARK (XSHARK Driver (xshark.sys)) - c:\windows\system32\drivers\xshark.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter

S2 0054781213376637mcinstcleanup (McAfee Application Installer Cleanup (0054781213376637)) - c:\windows\temp\005478~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 DomainService - c:\windows\system32\eswohwtq.exe /service (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 537EP V9x DF PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10B D256C&0&10F0
Manufacturer: Intel Corporation
Name: Intel(R) 537EP V9x DF PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10B D256C&0&10F0
Service: Modem

-- Scheduled Tasks -------------------------------------------------------------

2008-06-13 07:28:04 368 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-16 13:38:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-06-01 18:27:41 362 -----n--- C:\WINDOWS\Tasks\McDefragTask.job
2007-06-01 18:27:40 364 -----n--- C:\WINDOWS\Tasks\McQcTask.job

-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-13 18:03:54 0 d-------- C:\WINDOWS\LastGood
2008-06-13 06:14:02 0 d-------- C:\WINDOWS\pss
2008-06-12 17:46:02 0 d-------- C:\Program Files\MagicISO
2008-06-12 07:38:23 274432 --a------ C:\WINDOWS\bosant16a.dll
2008-06-12 07:38:23 54 --a----c- C:\smp.bat
2008-06-11 22:48:20 0 d-------- C:\Program Files\KGB Archiver 2
2008-06-09 18:55:46 0 d-------- C:\Program Files\MSBuild
2008-06-09 18:55:41 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-06-09 18:55:34 0 d-------- C:\Program Files\Reference Assemblies
2008-06-09 18:53:50 0 d-------- C:\Program Files\MSXML 6.0
2008-06-09 17:52:07 0 d------c- C:\cygwin
2008-06-06 20:49:43 0 d-------- C:\Program Files\LSoft Technologies
2008-06-01 22:42:51 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\Opera
2008-06-01 22:42:41 0 d-------- C:\Program Files\Opera
2008-05-31 17:20:59 200704 -ra------ C:\WINDOWS\sel3110.exe <Not Verified; ; select Application>
2008-05-31 17:20:59 61440 -ra------ C:\WINDOWS\ov519dib.dll <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2008-05-31 17:20:59 40960 -ra------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice>
2008-05-31 17:20:58 307200 -ra------ C:\WINDOWS\vidcap32.exe <Not Verified; Microsoft Corporation; Microsoft Windows>
2008-05-31 17:20:58 174530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>
2008-05-31 17:20:58 25211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-05-31 17:20:58 135168 -ra------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519>
2008-05-31 17:20:58 32528 -ra------ C:\WINDOWS\amcap.exe
2008-05-31 17:20:57 0 d-------- C:\WINDOWS\OvtCam
2008-05-31 17:20:56 16426 -ra------ C:\WINDOWS\system32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-05-31 17:20:56 40960 -ra------ C:\WINDOWS\system32\ov519ext.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519>
2008-05-28 14:47:16 20480 -----n--- C:\WINDOWS\system32\H@tKeysH@@k.DLL
2008-05-27 16:47:14 0 d-------- C:\Program Files\Square Soft, Inc
2008-05-27 16:41:35 0 d-------- C:\Program Files\Final Fantasy VII
2008-05-25 11:19:53 563 --a------ C:\WINDOWS\eReg.dat
2008-05-25 11:17:31 0 d-------- C:\Program Files\EA Games

-- Find3M Report ---------------------------------------------------------------

2008-06-13 18:09:20 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\DNA
2008-06-13 18:03:50 0 d-------- C:\Program Files\McAfee
2008-06-12 17:34:56 0 d-------- C:\Program Files\AviSynth 2.5
2008-06-12 17:32:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 17:30:29 0 d-------- C:\Program Files\DVDVIDEOSOFT
2008-06-10 21:35:01 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-07 10:48:52 0 d-------- C:\Program Files\Microsoft Games
2008-06-05 08:00:38 0 d-------- C:\Program Files\Dl_cats
2008-05-27 16:47:20 0 d-------- C:\Program Files\Common Files
2008-05-26 11:21:43 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\AdobeUM
2008-05-25 10:51:42 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\Azureus
2008-05-25 10:51:24 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\uTorrent
2008-05-25 10:51:03 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\Download Manager
2008-05-23 21:34:59 0 d-------- C:\Program Files\SiteAdvisor
2008-05-11 16:51:08 15360 --a------ C:\Documents and Settings\Arun Sharma\Application Data\dvd.bmk
2008-05-05 16:35:10 0 d-------- C:\Program Files\Dell Support Center
2008-05-04 15:00:52 0 d-------- C:\Program Files\Ashampoo
2008-04-26 13:10:34 0 d-------- C:\Program Files\Yacc Yet Another CSO Compressor

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{234AF32E-A7D1-4BFD-A956-2AED01E9A654}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78069BC1-AB35-49D8-BF14-9F0EAD9CF1AB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DBF8390-552B-4D55-9F62-00D032032691}]
12/06/2008 07:38 274432 --a------ C:\WINDOWS\bosant16a.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2A61D92-555E-4E4D-A877-DE105D95AB90}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dl l" [21/12/2005 11:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [07/01/2006 02:36]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 16:17]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [10/04/2007 19:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [10/11/2003 17:06]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" []
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.ex e" [03/11/2006 12:01]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [01/11/2007 19:12]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 11:44]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 11:44]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 21:12]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [23/03/2006 20:17]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [23/03/2006 20:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [23/03/2006 20:13]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [22/07/2005 08:03]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [13/06/2006 05:20]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [31/08/2005 12:06]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [07/06/2005 07:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [07/07/2007 21:47]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [25/01/2008 11:08]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 11:09]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [11/05/2008 10:14]
"antispy"="C:\Program Files\IEAntiVirus\ANTIVIRUS.exe" []

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Arun Sharma\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [02/09/2007 08:53:31]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyxyy]
efcyxyy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnk]
C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{17c6bae8-c1e5-11dc-9934-000e50e25159}]
AutoRun\command- F:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{76d82430-c236-11da-9c4a-00038a000015}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL findowner.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ca4c9e31-8f77-11da-9bde-806d6172696f}]
AutoRun\command- D:\AutoRunLauncher.exe

-- End of Deckard's System Scanner: finished at 2008-06-13 18:12:09 ------------

HERE IS MY EXTRA TEXT:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1014.07 MiB / 519.54 MiB
Pagefile Memory (total/avail): 2442.19 MiB / 1972.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.86 MiB

C: is Fixed (NTFS) - 145.82 GiB total, 103.37 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-75NCB1 - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 145.82 GiB - C:
\PARTITION2 - Unknown - 3.15 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled

ell Network Assistant"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program"="C:\\Program:*:Enabled:Program"
"C:\\Program Files\\MSN Messenger\\msnr.exe"="C:\\Program Files\\MSN Messenger\\msnr.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\eswohwtq.exe"="C:\\WINDOWS \\system32\\esw"
"C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe" ="C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe: *:Enabled:LocationFree Player"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled

NA"
"C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe"="C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe:*:Enabled:Firefox"
"C:\\Program Files\\EA Games\\Nightfire\\Bond.exe"="C:\\Program Files\\EA Games\\Nightfire\\Bond.exe:*:Enabled:Bond"
"C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe"="C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe:*:Enabled:Bond_ded"
"E:\\Program Files\\Midtown Madness\\midtown.exe"="E:\\Program Files\\Midtown Madness\\midtown.exe:*:Enabled:Midtown Madness! Executable"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"="C :\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe:*

isabled:_aunchPad"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*

isabled:µTorrent"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*

isabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*

isabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*

isabled:AOL 9.0"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*

isabled:Bonjo ur"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*

isabled

elivery Manager Service"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C :\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*

isabled:LaunchPad"
"C:\\Documents and Settings\\Arun Sharma\\Desktop\\ClamWinPortable\\ClamWinPortable. exe"="C:\\Documents and Settings\\Arun Sharma\\Desktop\\ClamWinPortable\\ClamWinPortable. exe:*:Enabled:ClamWinPortable.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Arun Sharma\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ARUNSHARMA
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Arun Sharma
LOGONSERVER=\\ARUNSHARMA
MLT_REPOSITORY=C:\Program Files\Jahshaka\..\mlt\share\mlt\modules
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Jahshaka\..\gtk2\bin;C:\Program Files\Jahshaka\..\mlt\bin;C:\Program Files\OpenLibraries\bin;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONPATH=C:\Program Files\OpenLibraries\python
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ARUNSH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ARUNSH~1\LOCALS~1\Temp
USERDOMAIN=ARUNSHARMA
USERNAME=Arun Sharma
USERPROFILE=C:\Documents and Settings\Arun Sharma
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

(username) (admin)
(username) (admin)
Administrator (admin)
Guest (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f\"C:\Program Files\Final Fantasy VII\Uninst.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> Dummy
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
7 Sins --> F:\vsoftware downloads\useless hacker and software\GAMES\7 Sins\uninst.exe
924PLC32 --> MsiExec.exe /I{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Active@ ISO Burner v 1.1 --> "C:\Program Files\LSoft Technologies\Active ISO Burner\UNWISE.EXE" "C:\Program Files\LSoft Technologies\Active ISO Burner\INSTALL.LOG"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Premiere Elements 4.0 --> msiexec /I {3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Premiere Elements 4.0 --> MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Premiere Pro CS3 --> C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af 5d90\Setup.exe
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup --> MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Ashampoo WinOptimizer 2008 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2008\unins000.exe"
Azureus Vuze --> F:\vsoftware downloads\Azureus\uninstall.exe
BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
blueprint 1.0 --> "F:\computer program files\blueprint\unins000.exe"
CinepPlayer 30 Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}\setup.exe" -l0x9 -L0x9 /SMAINT
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
CPD Website --> MsiExec.exe /I{FBE48DD8-9A78-4C18-A4FE-A6A0E1104F1E}
Crazy Frog Saver 1 --> C:\Program Files\Crazy Frog Saver 1\uninstall.exe
D-Link VGA Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Network Assistant --> MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Photo AIO Printer 924 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlccUNS T.EXE -NOLICENSE
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Final Fantasy VII - Ultima Edition --> "C:\Program Files\Final Fantasy VII\unins000.exe"
Final Fantasy VII XP Patch --> C:\Program Files\Square Soft, Inc\Final Fantasy VII\Patch\Uninstall XP Patch.EXE /u:"Final Fantasy VII XP Patch"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hauppauge English Help Files and Resources --> C:\PROGRA~1\WinTV\UNHLPeng.EXE C:\PROGRA~1\WinTV\WTV2Keng.LOG
Hauppauge TvTv Sync --> C:\PROGRA~1\WinTV\SCHEDU~1\EPG\TvTv\uniTvTv.exe C:\PROGRA~1\WinTV\SCHEDU~1\EPG\TvTv\uniTvTv.log
Hauppauge WinTV Scheduler --> C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.log
Hauppauge WinTV Soft PVR --> C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG
Hauppauge WinTV Source Selector --> C:\PROGRA~1\WinTV\UNtvsel.EXE C:\PROGRA~1\WinTV\WINTVsel.LOG
Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuni nst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
IE AntiVirus --> C:\Program Files\IEAntiVirus\Uninstall.exe
Intel(R) 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2I D PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jahshaka --> C:\Program Files\Jahshaka\uninst-jahshaka.exe
James Bond 007: Nightfire --> C:\PROGRA~1\EAGAME~1\NIGHTF~1\UNWISE.EXE C:\PROGRA~1\EAGAME~1\NIGHTF~1\INSTALL.LOG
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KGB Archiver 2 --> MsiExec.exe /I{FB28E2FA-9D08-4006-A584-6E1273A8E036}
Kotor Tool --> "C:\Program Files\Kotor Tool\uninstall.exe"
KWorld DVB-T 300U Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{477AB148-138C-46D2-820B-0DBFA744CEE8}\Setup.exe" -l0x9 -uninst
KWorld USB DVB-T Drivers --> C:\WINDOWS\dibunist.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Leisure Suit Larry(TM) - Magna *** Laude Trailer --> E:\WINDOW~2\LEISUR~1\UNWISE.EXE E:\WINDOW~2\LEISUR~1\INSTALL.LOG
LocationFree Player --> MsiExec.exe /I{D937DD80-3928-4617-876F-538A25AECB17}
Magic ISO Maker v5.5 (build 0261) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.d ll::uninstall.htm
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Midtown Madness 2 --> "C:\Program Files\Microsoft Games\Midtown Madness 2\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
msxml4 --> MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
MyWay Search Assistant --> MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39}
nanoPEG-Editor 2.3 Hauppauge Edition --> "C:\Program Files\nanocosmos\MPEG-Tools for Hauppauge\Editor2\unins000.exe"
Online Manuals for WinTV (English) --> C:\PROGRA~1\WinTV\UNTVmans.exe C:\PROGRA~1\WinTV\WinTVMan.LOG
OpenLibraries --> C:\Program Files\OpenLibraries\uninst-openlibraries.exe
OpenMG Limited Patch 4.4-06-13-19-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
PBP Unpacker v0.94 --> "C:\Program Files\PBP Unpacker\unins000.exe"
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\Arun Sharma\Application Data\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\Setup.exe" -l0x9 UNINSTALL
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PSP Video 9 2.25 --> F:\Video Converter\uninstaller.exe
PSP Video Express(remove only) --> "C:\Program Files\PQDVD\PSPVideoExpress\bt-uninst.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunins t.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunins t.exe"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
SonicStage 3.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Star Wars Knights of the Old Republic --> C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\Setup.exe -runfromtemp -l0x0009 -removeonly
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Super Bubsy --> C:\SUPER BUBSY\uninstal.exe
The Sims Complete Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009
Trust WB-1400T Webcam --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{30837A37-8F9F-4817-8B52-C501B67DC3BE} /l1033
VTPlus32 for WinTV (English) --> C:\PROGRA~1\vtplus\UNVTplus.exe C:\PROGRA~1\vtplus\VTPlus.LOG
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Webmail Hack 2.4 --> rundll32.exe dfshim.dll,ShArpMaintain Webmail Hack 2.4.application, Culture=neutral, PublicKeyToken=c640ec383467d2c6, processorArchitecture=msil
WebmailHack 2.4 Keygen --> rundll32.exe dfshim.dll,ShArpMaintain WebmailHack 2.4 Keygen.application, Culture=neutral, PublicKeyToken=7bcc2a22ad4d109a, processorArchitecture=msil
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar --> C:\Program Files\Windows Live Toolbar\UnInstall.exe {73B1C023-4490-4A57-A7E1-F20268ECBE52}
Windows Live Toolbar --> MsiExec.exe /X{73B1C023-4490-4A57-A7E1-F20268ECBE52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
X-OOM Movies On PSP uninstall --> C:\Program Files\X-OOM\Movies On PSP\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Yacc 0.4.0.3 --> C:\Program Files\Yacc Yet Another CSO Compressor\uninst.exe
Zoom ADSL Modem --> C:\Program Files\Zoom\Adsl\uninstall.exe
Zoom ADSL Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52C8CFE4-7C7C-11D7-A021-0060979CE4D3}\Setup.exe" -l0x9

-- Application Event Log -------------------------------------------------------

Event Record #/Type13952 / Error
Event Submitted/Written: 06/13/2008 06:10:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application KService.exe, version 5.12.707.160, faulting module KService.exe, version 5.12.707.160, fault address 0x0021215a.
Processing media-specific event for [KService.exe!ws!]

Event Record #/Type13948 / Warning
Event Submitted/Written: 06/13/2008 05:58:11 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type13947 / Warning
Event Submitted/Written: 06/13/2008 05:58:11 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type13937 / Warning
Event Submitted/Written: 06/13/2008 05:25:06 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type13936 / Warning
Event Submitted/Written: 06/13/2008 05:25:06 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type42197 / Error
Event Submitted/Written: 06/13/2008 06:10:47 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The KService service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type42171 / Error
Event Submitted/Written: 06/13/2008 05:57:43 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.2 for the Network Card with network address 001320E15161 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type42162 / Warning
Event Submitted/Written: 06/13/2008 05:43:14 AM
Event ID/Source: 11165 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:

Adapter Name : {AC7320A0-E342-4641-ACA1-525ADA4F7A1B}

Host Name : (USERNAME)

Primary Domain Suffix : (USER)

DNS server list :

192.168.0.1

Sent update to server : <?>

IP Address(es) :

192.168.0.2

The reason the system could not register these RRs was because the
DNS server contacted refused the update request. The reasons for this
might be (a) you are not allowed to update the specified DNS domain name,
or (b) because the DNS server authoritative for this name does not support
the DNS dynamic update protocol.

To register the DNS host (A) resource records using the specific DNS
domain name and IP addresses for this adapter, contact your DNS server
or network systems administrator.

Event Record #/Type42153 / Error
Event Submitted/Written: 06/13/2008 05:27:25 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type42152 / Error
Event Submitted/Written: 06/13/2008 05:27:25 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

-- End of Deckard's System Scanner: finished at 2008-06-13 18:12:09 ------------

PLEASE HELP

Pancake · 06-14-2008

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should get a prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
=======================================
Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

bindo245 · 06-14-2008

Here are my logs, still this annoying thing pops up nearly every time i browse folders, i discovered today that this happens when i use internet explorer!

log.txt

ComboFix 08-06-12.2 - Arun Sharma 2008-06-14 16:21:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.408 [GMT 1:00]
Running from: C:\Documents and Settings\Arun Sharma\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arun Sharma\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Arun Sharma\Application Data\macromedia\Flash Player\#SharedObjects\ARW8KUXM\Broadcaster.com | Home | Viral Video Clips, Live Community, News, Software, Movies, Music, Games, Mobile Media & More
C:\Documents and Settings\Arun Sharma\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#Broadcaster.com | Home | Viral Video Clips, Live Community, News, Software, Movies, Music, Games, Mobile Media & More
C:\Documents and Settings\Arun Sharma\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\smp.bat
C:\WINDOWS\system32\afodwsxu.ini
C:\WINDOWS\system32\bfqyisld.ini
C:\WINDOWS\system32\cugahgeg.ini
C:\WINDOWS\system32\gjohkmrx.ini
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\ikroslcl.ini
C:\WINDOWS\system32\jdipkqwq.ini
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak2
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\knnmp.bak1
C:\WINDOWS\system32\knnmp.ini
C:\WINDOWS\system32\lxplvevs.ini
C:\WINDOWS\system32\mhswotbc.ini
C:\WINDOWS\system32\oevvexan.ini
C:\WINDOWS\system32\ogcfqyql.ini
C:\WINDOWS\system32\omcxeoyg.ini
C:\WINDOWS\system32\papbresq.ini
C:\WINDOWS\system32\pobccbvk.ini
C:\WINDOWS\system32\qwspxqcw.ini
C:\WINDOWS\system32\trxcraqd.ini
C:\WINDOWS\system32\wwsenlaa.ini
C:\WINDOWS\system32\wxhujlir.ini
C:\WINDOWS\system32\wyrheamx.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Service_DomainService

((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-13 18:08 . 2008-06-13 18:08 <DIR> d----c--- C:\Deckard
2008-06-13 06:26 . 2008-06-13 17:50 <DIR> d-------- C:\Program Files\Unlocker
2008-06-12 17:46 . 2008-06-12 17:49 <DIR> d-------- C:\Program Files\MagicISO
2008-06-12 07:38 . 2008-06-12 07:38 274,432 --a------ C:\WINDOWS\bosant16a.dll
2008-06-11 22:48 . 2008-06-11 22:48 <DIR> d-------- C:\Program Files\KGB Archiver 2
2008-06-10 21:25 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 21:25 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\Program Files\MSBuild
2008-06-09 18:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-09 18:53 . 2008-06-09 18:53 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-09 17:52 . 2008-06-09 18:04 <DIR> d----c--- C:\cygwin
2008-06-06 20:49 . 2008-06-06 20:49 <DIR> d-------- C:\Program Files\LSoft Technologies
2008-06-01 22:42 . 2008-06-01 22:42 <DIR> d-------- C:\Program Files\Opera
2008-05-27 16:47 . 2008-05-27 16:47 <DIR> d-------- C:\Program Files\Square Soft, Inc
2008-05-27 16:41 . 2008-05-31 18:23 <DIR> d-------- C:\Program Files\Final Fantasy VII
2008-05-25 11:19 . 2008-05-25 11:19 563 --a------ C:\WINDOWS\eReg.dat
2008-05-25 11:17 . 2008-05-25 11:17 <DIR> d-------- C:\Program Files\EA Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-14 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-14 15:25 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\DNA
2008-06-14 15:15 --------- d-----w C:\Program Files\Dl_cats
2008-06-13 17:03 --------- d-----w C:\Program Files\McAfee
2008-06-12 16:34 --------- d-----w C:\Program Files\AviSynth 2.5
2008-06-12 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 16:30 --------- d-----w C:\Program Files\DVDVIDEOSOFT
2008-06-10 20:35 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-07 09:48 --------- d-----w C:\Program Files\Microsoft Games
2008-05-26 10:21 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\AdobeUM
2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\uTorrent
2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\Download Manager
2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\Azureus
2008-05-23 20:34 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-11 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 15:35 --------- d-----w C:\Program Files\Dell Support Center
2008-05-05 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-04 19:22 --------- d-----w C:\Documents and Settings\Guest\Application Data\Talkback
2008-05-04 19:22 --------- d-----w C:\Documents and Settings\Guest\Application Data\GTek
2008-05-04 14:00 --------- d-----w C:\Program Files\Ashampoo
2008-04-26 12:10 --------- d-----w C:\Program Files\Yacc Yet Another CSO Compressor
2008-04-23 21:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2007-09-10 13:30 454 ------w C:\Program Files\Shortcut to Sonic.lnk
2007-02-17 17:31 940,032 ------w C:\Documents and Settings\Arun Sharma\dbghelp.dll
2007-02-17 17:31 438,272 ------w C:\Documents and Settings\Arun Sharma\sc.dll
2007-02-17 17:31 11,264 ------w C:\Documents and Settings\Arun Sharma\lp_plugin.exe
2006-11-07 21:03 287,744 ----a-w C:\Program Files\mozilla firefox\plugins\ieproxy.dll
2008-01-29 21:27 104 --sh--r C:\WINDOWS\system32\BA69659B5B.sys
2008-01-29 21:27 16,694 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DBF8390-552B-4D55-9F62-00D032032691}]
2008-06-12 07:38 274432 --a------ C:\WINDOWS\bosant16a.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-07 21:47 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-01-25 11:08 1032376]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 10:14 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dl l" [2005-12-21 11:14 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 02:36 81920]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-04-10 19:35 36904]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [2003-11-10 17:06 406016]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.ex e" [2006-11-03 12:01 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 08:03 425984]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20 127036]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [2005-06-07 07:38 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 09:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Arun Sharma\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-02 08:53:31 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyxyy]
efcyxyy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnk]
C:\WINDOWS\system32\pmnnk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= nuvision.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe" =
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe"=
"C:\\Program Files\\EA Games\\Nightfire\\Bond.exe"=
"C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt. sys [2006-07-14 01:01]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 01:02]
S2 0002801213455320mcinstcleanup;McAfee Application Installer Cleanup (0002801213455320);C:\WINDOWS\TEMP\000280~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\ARUNSH~1\LOCALS~1\Te mp\cdrmkaun.sys []
S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreade r.sys [2001-01-03 00:53]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\WINDOWS\system32\Drivers\hcw95bda.sys [2007-04-04 19:45]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\WINDOWS\system32\DRIVERS\hcw95rc.sys [2007-04-04 19:48]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-09-30 09:03]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-09-30 09:03]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-09-30 09:03]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-09-30 09:03]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-09-30 09:03]
S3 MODBDA2;KWorld MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2005-05-03 08:27]
S3 MODLOAD2

VB-T USB2.0 adapter firmware loader;C:\WINDOWS\system32\DRIVERS\modload2.sys [2005-05-02 08:52]
S3 MODRC;KWorld Infrared Receiver;C:\WINDOWS\system32\DRIVERS\modrc.sys [2005-06-08 11:13]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 21:40]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26]
S3 XSHARK;XSHARK Driver (xshark.sys);C:\WINDOWS\system32\Drivers\xshark.sy s [2003-01-31 11:41]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{17c6bae8-c1e5-11dc-9934-000e50e25159}]
\Shell\AutoRun\command - F:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{76d82430-c236-11da-9c4a-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL findowner.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ca4c9e31-8f77-11da-9bde-806d6172696f}]
\Shell\AutoRun\command - D:\AutoRunLauncher.exe

*Newly Created Service* - 0002801213455320MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 12:38:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-14 03:28:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-06-01 17:27:41 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-06-01 17:27:40 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 16:33:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
************************************************** ************************
.
Completion time: 2008-06-14 16:43:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 15:43:01

Pre-Run: 110,105,321,472 bytes free
Post-Run: 110,440,951,808 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

274 --- E O F --- 2008-06-11 20:02:55

report.txt

SDFix: Version 1.192
Run by Arun Sharma on 14/06/2008 at 17:03

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 17:15:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp .edb
C:\Documents and Settings\Arun Sharma\Desktop\Aruns documents\Phone vidoes 2\secret things\Personal documents do not enter\documents\secret things\mobile phone pictures\DO NOT ENTER OR COMPUTER WILL CRASH(STATUS)\backup\My Music\My Pictures\moble phone and pc pictures\Thumbs.db:encryptable 0 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled

ell Network Assistant"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnr.exe"="C:\\Program Files\\MSN Messenger\\msnr.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe" ="C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe: *:Enabled:LocationFree Player"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled

NA"
"C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe"="C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe:*:Enabled:Firefox"
"C:\\Program Files\\EA Games\\Nightfire\\Bond.exe"="C:\\Program Files\\EA Games\\Nightfire\\Bond.exe:*:Enabled:Bond"
"C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe"="C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe:*:Enabled:Bond_ded"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*

isabled:Bonjo ur"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*

isabled

elivery Manager Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

Files with Hidden Attributes :

Tue 29 Jan 2008 104 ..SHR --- "C:\WINDOWS\system32\BA69659B5B.sys"
Tue 29 Jan 2008 16,694 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 10 Jun 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Tue 10 Jun 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Sun 28 Oct 2007 20,222,992 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ARUNSH~1\LOCALS~1\Temp\BIT 3E.tmp"
Sun 25 May 2008 8 A..H. --- "C:\Documents and Settings\Arun Sharma\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
Sun 25 May 2008 8 A..H. --- "C:\Documents and Settings\Arun Sharma\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
Sun 25 May 2008 8 A..H. --- "C:\Documents and Settings\Arun Sharma\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
Sun 25 May 2008 8 A..H. --- "C:\Documents and Settings\Arun Sharma\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
Sun 25 May 2008 8 A..H. --- "C:\Documents and Settings\Arun Sharma\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp "

Finished!

thank you for helping.

Pancake · 06-15-2008

This should fix the problem...

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {234AF32E-A7D1-4BFD-A956-2AED01E9A654} - (no file)
O2 - BHO: (no name) - {78069BC1-AB35-49D8-BF14-9F0EAD9CF1AB} - (no file)
O2 - BHO: Sigma plugin - {7DBF8390-552B-4D55-9F62-00D032032691} - C:\WINDOWS\bosant16a.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O20 - Winlogon Notify: efcyxyy - C:\WINDOWS\system32\efcyxyy.dll (file missing)
O20 - Winlogon Notify: pmnnk - C:\WINDOWS\system32\pmnnk.dll (file missing)
O24 - Desktop Component 0: - file:///C:/DOCUME~1/ARUNSH~1/LOCALS~...p_image002.jpg

Reboot..........................
=======================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

Killall::
File::
C:\WINDOWS\bosant16a.dll
C:\WINDOWS\system32\BA69659B5B.sys
C:\WINDOWS\system32\eswohwtq.exe
Folder::
C:\Program Files\IEAntiVirus
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DBF8390-552B-4D55-9F62-00D032032691}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyxyy]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnk]

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

bindo245 · 06-15-2008

Well thank you pancake, for everything you have done, my computer is back to normal, and well no more annoying popups!!

Well as you instructed here is my log from combo
(for some reason i cant this thing to not underline?!)

ComboFix 08-06-12.2 - Arun Sharma 2008-06-15 15:36:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.666 [GMT 1:00]
Running from: C:\Documents and Settings\Arun Sharma\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arun Sharma\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\bosant16a.dll
C:\WINDOWS\system32\BA69659B5B.sys
C:\WINDOWS\system32\eswohwtq.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\BA69659B5B.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-14 16:57 . 2008-06-14 16:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-14 16:51 . 2008-06-14 17:20 <DIR> d----c--- C:\SDFix
2008-06-13 18:08 . 2008-06-13 18:08 <DIR> d----c--- C:\Deckard
2008-06-13 06:26 . 2008-06-13 17:50 <DIR> d-------- C:\Program Files\Unlocker
2008-06-12 17:46 . 2008-06-12 17:49 <DIR> d-------- C:\Program Files\MagicISO
2008-06-11 22:48 . 2008-06-11 22:48 <DIR> d-------- C:\Program Files\KGB Archiver 2
2008-06-10 21:25 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 21:25 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\Program Files\MSBuild
2008-06-09 18:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-09 18:53 . 2008-06-09 18:53 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-09 17:52 . 2008-06-09 18:04 <DIR> d----c--- C:\cygwin
2008-06-06 20:49 . 2008-06-06 20:49 <DIR> d-------- C:\Program Files\LSoft Technologies
2008-06-01 22:42 . 2008-06-01 22:42 <DIR> d-------- C:\Program Files\Opera
2008-05-27 16:47 . 2008-05-27 16:47 <DIR> d-------- C:\Program Files\Square Soft, Inc
2008-05-27 16:41 . 2008-05-31 18:23 <DIR> d-------- C:\Program Files\Final Fantasy VII
2008-05-25 11:19 . 2008-05-25 11:19 563 --a------ C:\WINDOWS\eReg.dat
2008-05-25 11:17 . 2008-05-25 11:17 <DIR> d-------- C:\Program Files\EA Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-15 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-15 14:27 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\DNA
2008-06-15 14:14 --------- d-----w C:\Program Files\Dl_cats
2008-06-13 17:03 --------- d-----w C:\Program Files\McAfee
2008-06-12 16:34 --------- d-----w C:\Program Files\AviSynth 2.5
2008-06-12 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 16:30 --------- d-----w C:\Program Files\DVDVIDEOSOFT
2008-06-10 20:35 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-07 09:48 --------- d-----w C:\Program Files\Microsoft Games
2008-05-26 10:21 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\AdobeUM
2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\uTorrent
2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\Download Manager
2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\Azureus
2008-05-23 20:34 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-11 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-05 15:35 --------- d-----w C:\Program Files\Dell Support Center
2008-05-05 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-05-04 19:22 --------- d-----w C:\Documents and Settings\Guest\Application Data\Talkback
2008-05-04 19:22 --------- d-----w C:\Documents and Settings\Guest\Application Data\GTek
2008-05-04 14:00 --------- d-----w C:\Program Files\Ashampoo
2008-04-26 12:10 --------- d-----w C:\Program Files\Yacc Yet Another CSO Compressor
2007-09-10 13:30 454 ------w C:\Program Files\Shortcut to Sonic.lnk
2007-02-17 17:31 940,032 ------w C:\Documents and Settings\Arun Sharma\dbghelp.dll
2007-02-17 17:31 438,272 ------w C:\Documents and Settings\Arun Sharma\sc.dll
2007-02-17 17:31 11,264 ------w C:\Documents and Settings\Arun Sharma\lp_plugin.exe
2006-11-07 21:03 287,744 ----a-w C:\Program Files\mozilla firefox\plugins\ieproxy.dll
2008-01-29 21:27 16,694 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-14_16.42.36.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 15:32:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 14:42:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 00:35:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-14 15:57:52 11,042,816 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-14 15:57:52 397,312 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-14 00:35:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-14 15:57:34 11,042,816 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-14 15:57:34 397,312 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-06-14 14:55:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-06-15 13:43:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2008-06-14 14:55:23 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-15 13:43:16 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-14 14:53:31 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-15 14:33:25 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-14 14:53:31 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-15 14:33:25 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-15 14:42:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-07 21:47 68856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-01-25 11:08 1032376]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 10:14 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dl l" [2005-12-21 11:14 73728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 02:36 81920]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-04-10 19:35 36904]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [2003-11-10 17:06 406016]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.ex e" [2006-11-03 12:01 319488]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 08:03 425984]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20 127036]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [2005-06-07 07:38 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 09:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Arun Sharma\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-02 08:53:31 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= nuvision.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe" =
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe"=
"C:\\Program Files\\EA Games\\Nightfire\\Bond.exe"=
"C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt. sys [2006-07-14 01:01]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 01:02]
S2 0002801213455320mcinstcleanup;McAfee Application Installer Cleanup (0002801213455320);C:\WINDOWS\TEMP\000280~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\ARUNSH~1\LOCALS~1\Te mp\cdrmkaun.sys []
S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreade r.sys [2001-01-03 00:53]
S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\WINDOWS\system32\Drivers\hcw95bda.sys [2007-04-04 19:45]
S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\WINDOWS\system32\DRIVERS\hcw95rc.sys [2007-04-04 19:48]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-09-30 09:03]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-09-30 09:03]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-09-30 09:03]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-09-30 09:03]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-09-30 09:03]
S3 MODBDA2;KWorld MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2005-05-03 08:27]
S3 MODLOAD2

VB-T USB2.0 adapter firmware loader;C:\WINDOWS\system32\DRIVERS\modload2.sys [2005-05-02 08:52]
S3 MODRC;KWorld Infrared Receiver;C:\WINDOWS\system32\DRIVERS\modrc.sys [2005-06-08 11:13]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 21:40]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26]
S3 XSHARK;XSHARK Driver (xshark.sys);C:\WINDOWS\system32\Drivers\xshark.sy s [2003-01-31 11:41]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{17c6bae8-c1e5-11dc-9934-000e50e25159}]
\Shell\AutoRun\command - F:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{76d82430-c236-11da-9c4a-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL findowner.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ca4c9e31-8f77-11da-9bde-806d6172696f}]
\Shell\AutoRun\command - D:\AutoRunLauncher.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 12:38:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-15 14:28:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-06-01 17:27:41 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-06-01 17:27:40 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 15:44:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
************************************************** ************************
.
Completion time: 2008-06-15 15:51:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 14:51:40
ComboFix2.txt 2008-06-14 15:43:10

Pre-Run: 111,902,687,232 bytes free
Post-Run: 111,895,449,600 bytes free

240 --- E O F --- 2008-06-11 20:02:55

Pancake · 06-15-2008

Ok.Thats all good now.

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted text below and click OK.

ComboFix /u

Now that you are clean,and If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..they can be done at your leisure.
Download and scan with CCleaner from CCleaner - Download
1. Starting with v1.27.260, CCleaner - Download installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free Basic or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
__________________

=========================================
Is your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version if required.
Before installing go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then install the newest version.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u6 (Java SE Downloads).

==============================================
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (Microsoft Windows Update) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

================================================== ======
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Download SpywareBlaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here (What is ActiveX control? - A Word Definition From the Webopedia Computer Dictionary)
You can download SpywareBlaster here here (MajorGeeks.Com - Contacting Download Site)
SpywareBlaster tutorial (Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware)
Download iespyad
It puts many bad webpages on your restricted zones list. This means that you can still view the bad webpages, but the webpages cannot do certain things (such as use javascripts and cookies).
Download it here (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe)
Hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (Blocking Unwanted Parasites with a Hosts File). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (The Hosts File and what it can do for you)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok

Keep Anti Virus Software updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. See here (Freeware downloads Security-Privacy - Anti-Virus Tools at SnapFiles.com) to choose one.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (Understanding and Using Firewalls) webpage out.
Here (Freeware downloads Security-Privacy - Personal Firewalls at SnapFiles.com) are some Vista compatible firewalls also.

Know What You're Installing
Check the source.
To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection.
Use Custom Install.
If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware).
Modify Security Settings (Internet Explorer 6)
To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so:
Open Internet Explorer. Go to Tools > Internet Options….
On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected).
Under Security level for this zone, click Default Level. Set the slider to High.
Note: You may have to lower the security level to view certain Web sites.
Next, select the Trusted Sites icon. Under Security level for this zone, click Default Level. Set the slider to Medium.
Click Apply, then OK to save the changes.

Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link:
Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs:
Spyware Warrior: Anti-Spyware Testing (Guide)

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!

bindo245 · 06-16-2008

Thank you for everything.
If there is anything i can do to help don't hesitate to ask, and from now on i will be scanning and re-checking before i install or download something.

P.S.
THANK THANK YOU SO MUCH.

06-13-2008	#1
bindo245 Gold Member Join Date: Jun 2008 Location: London Posts: 209 PC Experience: A 15 Year Old Powerhouse	dss logs on a Dell Dimension 3100 Well here is my problem, nearly every time i keep opening a folder or my computer an annoying system pop up: System error: attention (user name), some dangerous Trojans have been dected in your system, Microsoft xp files corrupted this my lead to the destruction of important files in C:/windows. click ok to download anti virus(recommended). ok cancel When i press ok it opens my webrowser and asks me to save a file called ieav.exe, this is a annoying antivirus and fraudulent. Now if i press cancel it simply goes away until i open up a new folder. I have done scans with mcafee, it detected a fake error type file, in C;/ documents and settings/temp/ folder. This happened when my freind gave me a free magic iso trial, but it wasnt magic iso it was a cmd prompt which flew through the screen saying installing here,.... This anoying popop is 2-3 day old: Here is my MAIN.TXT LOG. Deckard's System Scanner v20071014.68 Run by (USERNAME) on 2008-06-13 18:09:07 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-06-13 17:09:10 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-06-13 18:11:21 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Sony\SonicStage\SSAAD.exe C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\WINDOWS\system32\DLA\DLACTRLW.EXE C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\McAfee\VirusScan\mcsysmon.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Documents and Settings\Arun Sharma\Desktop\Aruns documents\opera-portable-personal-en-9.27.exe C:\DOCUME~1\ARUNSH~1\LOCALS~1\Temp\hebat\opera.exe C:\Documents and Settings\Arun Sharma\Desktop\popupfixer\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell UK Portal R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = %s - Google Search R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Dell UK Portal R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Search R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: (no name) - {234AF32E-A7D1-4BFD-A956-2AED01E9A654} - (no file) O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {78069BC1-AB35-49D8-BF14-9F0EAD9CF1AB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Sigma plugin - {7DBF8390-552B-4D55-9F62-00D032032691} - C:\WINDOWS\bosant16a.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A2A61D92-555E-4E4D-A877-DE105D95AB90} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBContr oller O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtim e.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIRUS.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} () - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O17 - HKLM\Software\..\Telephony: DomainName = Arun O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = Arun O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = Arun O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: efcyxyy - C:\WINDOWS\system32\efcyxyy.dll (file missing) O20 - Winlogon Notify: pmnnk - C:\WINDOWS\system32\pmnnk.dll (file missing) O23 - Service: McAfee Application Installer Cleanup (0054781213376637) (0054781213376637mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\005478~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\eswohwtq.exe /service O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O24 - Desktop Component 0: - file:///C:/DOCUME~1/ARUNSH~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 16162 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System> R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System> R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI> R2 hnmwrlspkt (HomeNet Manager Wireless Protocol) - c:\windows\system32\drivers\hnm_wrls_pkt.sys <Not Verified; SingleClick Systems; Wireless Protocol Driver> R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver> R2 wsppkt (Wireless Security Protocol) - c:\windows\system32\drivers\wsp_pkt.sys <Not Verified; SingleClick Systems; Wireless Security Protocol Driver> R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi> R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt> R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete> S3 BTCAMDRV (Mobiola Web Camera driver) - c:\windows\system32\drivers\btcamdrv.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> S3 cdrmkaun - c:\docume~1\arunsh~1\locals~1\temp\cdrmkaun.sys (file missing) S3 dsreader (MaxDrive Driver (dsreader.sys)) - c:\windows\system32\drivers\dsreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver> S3 MODBDA2 (KWorld MOD3000 TV receiver) - c:\windows\system32\drivers\modbda2.sys <Not Verified; DiBcom SA; MOD3000 MB DVB-T USB2.0 adapter BDA driver> S3 MODLOAD2 (DVB-T USB2.0 adapter firmware loader) - c:\windows\system32\drivers\modload2.sys <Not Verified; DiBcom S.A; DVB-T USB2.0 adapter> S3 MODRC (KWorld Infrared Receiver) - c:\windows\system32\drivers\modrc.sys <Not Verified; DiBcom S.A.; MODxxxx DVB-T USB2.0 Remote Control minidriver> S3 NuVision (Hauppauge WinTV USB Pro (PAL I,D/K)) - c:\windows\system32\drivers\nuvision.sys <Not Verified; Hauppauge Computer Works; WinTV USB> S3 ovt519 (EyeToy) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519> S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters> S3 SDDMI2 - c:\windows\system32\ddmi2.sys (file missing) S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) S3 XSHARK (XSHARK Driver (xshark.sys)) - c:\windows\system32\drivers\xshark.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter S2 0054781213376637mcinstcleanup (McAfee Application Installer Cleanup (0054781213376637)) - c:\windows\temp\005478~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing) S2 DomainService - c:\windows\system32\eswohwtq.exe /service (file missing) S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318} Description: Intel(R) 537EP V9x DF PCI Modem Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10B D256C&0&10F0 Manufacturer: Intel Corporation Name: Intel(R) 537EP V9x DF PCI Modem PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10B D256C&0&10F0 Service: Modem -- Scheduled Tasks ------------------------------------------------------------- 2008-06-13 07:28:04 368 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-04-16 13:38:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-06-01 18:27:41 362 -----n--- C:\WINDOWS\Tasks\McDefragTask.job 2007-06-01 18:27:40 364 -----n--- C:\WINDOWS\Tasks\McQcTask.job -- Files created between 2008-05-13 and 2008-06-13 ----------------------------- 2008-06-13 18:03:54 0 d-------- C:\WINDOWS\LastGood 2008-06-13 06:14:02 0 d-------- C:\WINDOWS\pss 2008-06-12 17:46:02 0 d-------- C:\Program Files\MagicISO 2008-06-12 07:38:23 274432 --a------ C:\WINDOWS\bosant16a.dll 2008-06-12 07:38:23 54 --a----c- C:\smp.bat 2008-06-11 22:48:20 0 d-------- C:\Program Files\KGB Archiver 2 2008-06-09 18:55:46 0 d-------- C:\Program Files\MSBuild 2008-06-09 18:55:41 0 d-------- C:\WINDOWS\system32\XPSViewer 2008-06-09 18:55:34 0 d-------- C:\Program Files\Reference Assemblies 2008-06-09 18:53:50 0 d-------- C:\Program Files\MSXML 6.0 2008-06-09 17:52:07 0 d------c- C:\cygwin 2008-06-06 20:49:43 0 d-------- C:\Program Files\LSoft Technologies 2008-06-01 22:42:51 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\Opera 2008-06-01 22:42:41 0 d-------- C:\Program Files\Opera 2008-05-31 17:20:59 200704 -ra------ C:\WINDOWS\sel3110.exe <Not Verified; ; select Application> 2008-05-31 17:20:59 61440 -ra------ C:\WINDOWS\ov519dib.dll <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519> 2008-05-31 17:20:59 40960 -ra------ C:\WINDOWS\CleanDev.exe <Not Verified; ; CleanDevice> 2008-05-31 17:20:58 307200 -ra------ C:\WINDOWS\vidcap32.exe <Not Verified; Microsoft Corporation; Microsoft Windows> 2008-05-31 17:20:58 174530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519> 2008-05-31 17:20:58 25211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519> 2008-05-31 17:20:58 135168 -ra------ C:\WINDOWS\ov519cap.exe <Not Verified; OmniVision Technologies, Inc.; OmniVision USB Camera OV519> 2008-05-31 17:20:58 32528 -ra------ C:\WINDOWS\amcap.exe 2008-05-31 17:20:57 0 d-------- C:\WINDOWS\OvtCam 2008-05-31 17:20:56 16426 -ra------ C:\WINDOWS\system32\ov519usd.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519> 2008-05-31 17:20:56 40960 -ra------ C:\WINDOWS\system32\ov519ext.dll <Not Verified; OmniVision Technologies Inc.; Dual Mode USB Camera 519> 2008-05-28 14:47:16 20480 -----n--- C:\WINDOWS\system32\H@tKeysH@@k.DLL 2008-05-27 16:47:14 0 d-------- C:\Program Files\Square Soft, Inc 2008-05-27 16:41:35 0 d-------- C:\Program Files\Final Fantasy VII 2008-05-25 11:19:53 563 --a------ C:\WINDOWS\eReg.dat 2008-05-25 11:17:31 0 d-------- C:\Program Files\EA Games -- Find3M Report --------------------------------------------------------------- 2008-06-13 18:09:20 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\DNA 2008-06-13 18:03:50 0 d-------- C:\Program Files\McAfee 2008-06-12 17:34:56 0 d-------- C:\Program Files\AviSynth 2.5 2008-06-12 17:32:59 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-12 17:30:29 0 d-------- C:\Program Files\DVDVIDEOSOFT 2008-06-10 21:35:01 0 d-------- C:\Program Files\Common Files\McAfee 2008-06-07 10:48:52 0 d-------- C:\Program Files\Microsoft Games 2008-06-05 08:00:38 0 d-------- C:\Program Files\Dl_cats 2008-05-27 16:47:20 0 d-------- C:\Program Files\Common Files 2008-05-26 11:21:43 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\AdobeUM 2008-05-25 10:51:42 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\Azureus 2008-05-25 10:51:24 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\uTorrent 2008-05-25 10:51:03 0 d-------- C:\Documents and Settings\Arun Sharma\Application Data\Download Manager 2008-05-23 21:34:59 0 d-------- C:\Program Files\SiteAdvisor 2008-05-11 16:51:08 15360 --a------ C:\Documents and Settings\Arun Sharma\Application Data\dvd.bmk 2008-05-05 16:35:10 0 d-------- C:\Program Files\Dell Support Center 2008-05-04 15:00:52 0 d-------- C:\Program Files\Ashampoo 2008-04-26 13:10:34 0 d-------- C:\Program Files\Yacc Yet Another CSO Compressor -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{234AF32E-A7D1-4BFD-A956-2AED01E9A654}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}] 26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78069BC1-AB35-49D8-BF14-9F0EAD9CF1AB}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DBF8390-552B-4D55-9F62-00D032032691}] 12/06/2008 07:38 274432 --a------ C:\WINDOWS\bosant16a.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2A61D92-555E-4E4D-A877-DE105D95AB90}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] "USB2Check"="C:\WINDOWS\system32\PCLECoInst.dl l" [21/12/2005 11:14] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [07/01/2006 02:36] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 16:17] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [10/04/2007 19:35] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [10/11/2003 17:06] "PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [] "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.ex e" [03/11/2006 12:01] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [01/11/2007 19:12] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 11:44] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 11:44] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [03/09/2003 21:12] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [23/03/2006 20:17] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [23/03/2006 20:17] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [23/03/2006 20:13] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 09:24] "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [22/07/2005 08:03] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [13/06/2006 05:20] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [15/11/2007 09:23] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [31/08/2005 12:06] "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [07/06/2005 07:38] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [07/07/2007 21:47] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54] "kdx"="C:\Program Files\Kontiki\KHost.exe" [25/01/2008 11:08] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 11:09] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [11/05/2008 10:14] "antispy"="C:\Program Files\IEAntiVirus\ANTIVIRUS.exe" [] [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\Arun Sharma\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [02/09/2007 08:53:31] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyxyy] efcyxyy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnk] C:\WINDOWS\system32\pmnnk.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] @="" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{17c6bae8-c1e5-11dc-9934-000e50e25159}] AutoRun\command- F:\.\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{76d82430-c236-11da-9c4a-00038a000015}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL findowner.bat [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ca4c9e31-8f77-11da-9bde-806d6172696f}] AutoRun\command- D:\AutoRunLauncher.exe -- End of Deckard's System Scanner: finished at 2008-06-13 18:12:09 ------------ HERE IS MY EXTRA TEXT: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz Percentage of Memory in Use: 48% Physical Memory (total/avail): 1014.07 MiB / 519.54 MiB Pagefile Memory (total/avail): 2442.19 MiB / 1972.68 MiB Virtual Memory (total/avail): 2047.88 MiB / 1926.86 MiB C: is Fixed (NTFS) - 145.82 GiB total, 103.37 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD1600JS-75NCB1 - 149.01 GiB - 3 partitions \PARTITION0 - Unknown - 47.03 MiB \PARTITION1 (bootable) - Installable File System - 145.82 GiB - C: \PARTITION2 - Unknown - 3.15 GiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. FW: McAfee Personal Firewall v (McAfee) AV: McAfee VirusScan v (McAfee) [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe::Enabled:AOL 9.0" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe::Enabled:AOL" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe::Enabledell Network Assistant" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe::Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program"="C:\\Program::Enabled:Program" "C:\\Program Files\\MSN Messenger\\msnr.exe"="C:\\Program Files\\MSN Messenger\\msnr.exe::Enabled:Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\WINDOWS\\system32\\eswohwtq.exe"="C:\\WINDOWS \\system32\\esw" "C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe" ="C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe: :Enabled:LocationFree Player" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe::EnabledNA" "C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe"="C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe::Enabled:Firefox" "C:\\Program Files\\EA Games\\Nightfire\\Bond.exe"="C:\\Program Files\\EA Games\\Nightfire\\Bond.exe::Enabled:Bond" "C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe"="C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe::Enabled:Bond_ded" "E:\\Program Files\\Midtown Madness\\midtown.exe"="E:\\Program Files\\Midtown Madness\\midtown.exe::Enabled:Midtown Madness! Executable" "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe::Enabled:McAfee Network Agent" "C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"="C :\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe:* isabled:_aunchPad" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:isabled:µTorrent" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:isabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:isabled:AOL" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:isabled:AOL 9.0" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:isabled:Bonjo ur" "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:isabledelivery Manager Service" "C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C :\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:* isabled:LaunchPad" "C:\\Documents and Settings\\Arun Sharma\\Desktop\\ClamWinPortable\\ClamWinPortable. exe"="C:\\Documents and Settings\\Arun Sharma\\Desktop\\ClamWinPortable\\ClamWinPortable. exe::Enabled:ClamWinPortable.exe" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Arun Sharma\Application Data CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=ARUNSHARMA ComSpec=C:\WINDOWS\system32\cmd.exe DEFAULT_CA_NR=CA6 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Arun Sharma LOGONSERVER=\\ARUNSHARMA MLT_REPOSITORY=C:\Program Files\Jahshaka\..\mlt\share\mlt\modules NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Jahshaka\..\gtk2\bin;C:\Program Files\Jahshaka\..\mlt\bin;C:\Program Files\OpenLibraries\bin;C:\Program Files\Common Files\Adobe\AGL PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0403 ProgramFiles=C:\Program Files PROMPT=$P$G PYTHONPATH=C:\Program Files\OpenLibraries\python QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip SESSIONNAME=Console SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ARUNSH~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ARUNSH~1\LOCALS~1\Temp USERDOMAIN=ARUNSHARMA USERNAME=Arun Sharma USERPROFILE=C:\Documents and Settings\Arun Sharma windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- (username) (admin)* (username) (admin) Administrator (admin) Guest (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\IsUninst.exe -f\"C:\Program Files\Final Fantasy VII\Uninst.isu" --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> Dummy --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x9 -removeonly --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL 7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe" 7 Sins --> F:\vsoftware downloads\useless hacker and software\GAMES\7 Sins\uninst.exe 924PLC32 --> MsiExec.exe /I{94721EA3-7EA6-43EA-B99C-A5D0E3C66240} ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Active@ ISO Burner v 1.1 --> "C:\Program Files\LSoft Technologies\Active ISO Burner\UNWISE.EXE" "C:\Program Files\LSoft Technologies\Active ISO Burner\INSTALL.LOG" Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102} Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Premiere Elements 4.0 --> msiexec /I {3E2C691B-B7E6-4053-B5C3-94B8BC407E7A} Adobe Premiere Elements 4.0 --> MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A} Adobe Premiere Pro CS3 --> C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af 5d90\Setup.exe Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA} Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A} Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Setup --> MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244} Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F} Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1} Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6} Ashampoo WinOptimizer 2008 --> "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2008\unins000.exe" Azureus Vuze --> F:\vsoftware downloads\Azureus\uninstall.exe BBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF} blueprint 1.0 --> "F:\computer program files\blueprint\unins000.exe" CinepPlayer 30 Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}\setup.exe" -l0x9 -L0x9 /SMAINT Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B} Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354} CPD Website --> MsiExec.exe /I{FBE48DD8-9A78-4C18-A4FE-A6A0E1104F1E} Crazy Frog Saver 1 --> C:\Program Files\Crazy Frog Saver 1\uninstall.exe D-Link VGA Webcam --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54} Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} Dell Network Assistant --> MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716} Dell Photo AIO Printer 924 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlccUNS T.EXE -NOLICENSE Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170} DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe Final Fantasy VII - Ultima Edition --> "C:\Program Files\Final Fantasy VII\unins000.exe" Final Fantasy VII XP Patch --> C:\Program Files\Square Soft, Inc\Final Fantasy VII\Patch\Uninstall XP Patch.EXE /u:"Final Fantasy VII XP Patch" Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Hauppauge English Help Files and Resources --> C:\PROGRA~1\WinTV\UNHLPeng.EXE C:\PROGRA~1\WinTV\WTV2Keng.LOG Hauppauge TvTv Sync --> C:\PROGRA~1\WinTV\SCHEDU~1\EPG\TvTv\uniTvTv.exe C:\PROGRA~1\WinTV\SCHEDU~1\EPG\TvTv\uniTvTv.log Hauppauge WinTV Scheduler --> C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.log Hauppauge WinTV Soft PVR --> C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG Hauppauge WinTV Source Selector --> C:\PROGRA~1\WinTV\UNtvsel.EXE C:\PROGRA~1\WinTV\WINTVsel.LOG Hauppauge WinTV2000 --> C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuni nst.exe Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe" IE AntiVirus --> C:\Program Files\IEAntiVirus\Uninstall.exe Intel(R) 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem" Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2I D PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582 Intel(R) PRO Network Connections Drivers --> Prounstl.exe Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA} Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} Jahshaka --> C:\Program Files\Jahshaka\uninst-jahshaka.exe James Bond 007: Nightfire --> C:\PROGRA~1\EAGAME~1\NIGHTF~1\UNWISE.EXE C:\PROGRA~1\EAGAME~1\NIGHTF~1\INSTALL.LOG Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} KGB Archiver 2 --> MsiExec.exe /I{FB28E2FA-9D08-4006-A584-6E1273A8E036} Kotor Tool --> "C:\Program Files\Kotor Tool\uninstall.exe" KWorld DVB-T 300U Utilities --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{477AB148-138C-46D2-820B-0DBFA744CEE8}\Setup.exe" -l0x9 -uninst KWorld USB DVB-T Drivers --> C:\WINDOWS\dibunist.exe Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe Leisure Suit Larry(TM) - Magna *** Laude Trailer --> E:\WINDOW~2\LEISUR~1\UNWISE.EXE E:\WINDOW~2\LEISUR~1\INSTALL.LOG LocationFree Player --> MsiExec.exe /I{D937DD80-3928-4617-876F-538A25AECB17} Magic ISO Maker v5.5 (build 0261) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.d ll::uninstall.htm MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe" Microsoft Midtown Madness 2 --> "C:\Program Files\Microsoft Games\Midtown Madness 2\UNINSTAL.EXE" /runtemp /addremove Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe" Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9 Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} msxml4 --> MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5} MyWay Search Assistant --> MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39} nanoPEG-Editor 2.3 Hauppauge Edition --> "C:\Program Files\nanocosmos\MPEG-Tools for Hauppauge\Editor2\unins000.exe" Online Manuals for WinTV (English) --> C:\PROGRA~1\WinTV\UNTVmans.exe C:\PROGRA~1\WinTV\WinTVMan.LOG OpenLibraries --> C:\Program Files\OpenLibraries\uninst-openlibraries.exe OpenMG Limited Patch 4.4-06-13-19-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u OpenMG Secure Module 4.4.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL Opera 9.27 --> MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0} PBP Unpacker v0.94 --> "C:\Program Files\PBP Unpacker\unins000.exe" Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\Arun Sharma\Application Data\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\Setup.exe" -l0x9 UNINSTALL Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} PSP Video 9 2.25 --> F:\Video Converter\uninstaller.exe PSP Video Express(remove only) --> "C:\Program Files\PQDVD\PSPVideoExpress\bt-uninst.exe" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9} Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunins t.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunins t.exe" Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} SonicStage 3.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794} Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel Star Wars Knights of the Old Republic --> C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\Setup.exe -runfromtemp -l0x0009 -removeonly Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly Super Bubsy --> C:\SUPER BUBSY\uninstal.exe The Sims Complete Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009 Trust WB-1400T Webcam --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{30837A37-8F9F-4817-8B52-C501B67DC3BE} /l1033 VTPlus32 for WinTV (English) --> C:\PROGRA~1\vtplus\UNVTplus.exe C:\PROGRA~1\vtplus\VTPlus.LOG WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe Webmail Hack 2.4 --> rundll32.exe dfshim.dll,ShArpMaintain Webmail Hack 2.4.application, Culture=neutral, PublicKeyToken=c640ec383467d2c6, processorArchitecture=msil WebmailHack 2.4 Keygen --> rundll32.exe dfshim.dll,ShArpMaintain WebmailHack 2.4 Keygen.application, Culture=neutral, PublicKeyToken=7bcc2a22ad4d109a, processorArchitecture=msil Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe " Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D} Windows Live Toolbar --> C:\Program Files\Windows Live Toolbar\UnInstall.exe {73B1C023-4490-4A57-A7E1-F20268ECBE52} Windows Live Toolbar --> MsiExec.exe /X{73B1C023-4490-4A57-A7E1-F20268ECBE52} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe" X-OOM Movies On PSP uninstall --> C:\Program Files\X-OOM\Movies On PSP\uninstall.exe XML Paper Specification Shared Components Pack 1.0 --> Yacc 0.4.0.3 --> C:\Program Files\Yacc Yet Another CSO Compressor\uninst.exe Zoom ADSL Modem --> C:\Program Files\Zoom\Adsl\uninstall.exe Zoom ADSL Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52C8CFE4-7C7C-11D7-A021-0060979CE4D3}\Setup.exe" -l0x9 -- Application Event Log ------------------------------------------------------- Event Record #/Type13952 / Error Event Submitted/Written: 06/13/2008 06:10:43 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application KService.exe, version 5.12.707.160, faulting module KService.exe, version 5.12.707.160, fault address 0x0021215a. Processing media-specific event for [KService.exe!ws!] Event Record #/Type13948 / Warning Event Submitted/Written: 06/13/2008 05:58:11 PM Event ID/Source: 32068 / Microsoft Fax Event Description: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '' Area code: '' Event Record #/Type13947 / Warning Event Submitted/Written: 06/13/2008 05:58:11 PM Event ID/Source: 32026 / Microsoft Fax Event Description: Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed. Event Record #/Type13937 / Warning Event Submitted/Written: 06/13/2008 05:25:06 AM Event ID/Source: 32068 / Microsoft Fax Event Description: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '' Area code: '' Event Record #/Type13936 / Warning Event Submitted/Written: 06/13/2008 05:25:06 AM Event ID/Source: 32026 / Microsoft Fax Event Description: Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type42197 / Error Event Submitted/Written: 06/13/2008 06:10:47 PM Event ID/Source: 7034 / Service Control Manager Event Description: The KService service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type42171 / Error Event Submitted/Written: 06/13/2008 05:57:43 PM Event ID/Source: 1002 / Dhcp Event Description: The IP address lease 192.168.0.2 for the Network Card with network address 001320E15161 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Event Record #/Type42162 / Warning Event Submitted/Written: 06/13/2008 05:43:14 AM Event ID/Source: 11165 / DnsApi Event Description: The system failed to register host (A) resource records (RRs) for network adapter with settings: Adapter Name : {AC7320A0-E342-4641-ACA1-525ADA4F7A1B} Host Name : (USERNAME) Primary Domain Suffix : (USER) DNS server list : 192.168.0.1 Sent update to server : <?> IP Address(es) : 192.168.0.2 The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol. To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator. Event Record #/Type42153 / Error Event Submitted/Written: 06/13/2008 05:27:25 AM Event ID/Source: 29 / W32Time Event Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Event Record #/Type42152 / Error Event Submitted/Written: 06/13/2008 05:27:25 AM Event ID/Source: 17 / W32Time Event Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) -- End of Deckard's System Scanner: finished at 2008-06-13 18:12:09 ------------ PLEASE HELP

06-14-2008	#2
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 6,798 PC Experience: Elite PC Guru	Re: dss logs on a Dell Dimension 3100 Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for download links, and instructions for running the tool: A guide and tutorial on using ComboFix Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should get a prompt that says: The Recovery Console was successfully installed. Please continue as follows: (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. (2) Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. ======================================= Please download SDFix from here and save it to your desktop Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Please copy and paste that log in your next reply. __________________ An Australian Member of and My real name is Eddy

06-14-2008	#3
bindo245 Gold Member Join Date: Jun 2008 Location: London Posts: 209 PC Experience: A 15 Year Old Powerhouse	Re: dss logs on a Dell Dimension 3100 Here are my logs, still this annoying thing pops up nearly every time i browse folders, i discovered today that this happens when i use internet explorer! log.txt ComboFix 08-06-12.2 - Arun Sharma 2008-06-14 16:21:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.408 [GMT 1:00] Running from: C:\Documents and Settings\Arun Sharma\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Arun Sharma\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Arun Sharma\Application Data\macromedia\Flash Player\#SharedObjects\ARW8KUXM\Broadcaster.com \| Home \| Viral Video Clips, Live Community, News, Software, Movies, Music, Games, Mobile Media & More C:\Documents and Settings\Arun Sharma\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#Broadcaster.com \| Home \| Viral Video Clips, Live Community, News, Software, Movies, Music, Games, Mobile Media & More C:\Documents and Settings\Arun Sharma\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\smp.bat C:\WINDOWS\system32\afodwsxu.ini C:\WINDOWS\system32\bfqyisld.ini C:\WINDOWS\system32\cugahgeg.ini C:\WINDOWS\system32\gjohkmrx.ini C:\WINDOWS\system32\h@tkeysh@@k.dll C:\WINDOWS\system32\ikroslcl.ini C:\WINDOWS\system32\jdipkqwq.ini C:\WINDOWS\system32\jjllm.bak1 C:\WINDOWS\system32\jjllm.bak2 C:\WINDOWS\system32\jjllm.ini C:\WINDOWS\system32\jjllm.ini2 C:\WINDOWS\system32\knnmp.bak1 C:\WINDOWS\system32\knnmp.ini C:\WINDOWS\system32\lxplvevs.ini C:\WINDOWS\system32\mhswotbc.ini C:\WINDOWS\system32\oevvexan.ini C:\WINDOWS\system32\ogcfqyql.ini C:\WINDOWS\system32\omcxeoyg.ini C:\WINDOWS\system32\papbresq.ini C:\WINDOWS\system32\pobccbvk.ini C:\WINDOWS\system32\qwspxqcw.ini C:\WINDOWS\system32\trxcraqd.ini C:\WINDOWS\system32\wwsenlaa.ini C:\WINDOWS\system32\wxhujlir.ini C:\WINDOWS\system32\wyrheamx.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DOMAINSERVICE -------\Service_DomainService ((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))) . 2008-06-13 18:08 . 2008-06-13 18:08 <DIR> d----c--- C:\Deckard 2008-06-13 06:26 . 2008-06-13 17:50 <DIR> d-------- C:\Program Files\Unlocker 2008-06-12 17:46 . 2008-06-12 17:49 <DIR> d-------- C:\Program Files\MagicISO 2008-06-12 07:38 . 2008-06-12 07:38 274,432 --a------ C:\WINDOWS\bosant16a.dll 2008-06-11 22:48 . 2008-06-11 22:48 <DIR> d-------- C:\Program Files\KGB Archiver 2 2008-06-10 21:25 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 21:25 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\Program Files\MSBuild 2008-06-09 18:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-06-09 18:53 . 2008-06-09 18:53 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-06-09 17:52 . 2008-06-09 18:04 <DIR> d----c--- C:\cygwin 2008-06-06 20:49 . 2008-06-06 20:49 <DIR> d-------- C:\Program Files\LSoft Technologies 2008-06-01 22:42 . 2008-06-01 22:42 <DIR> d-------- C:\Program Files\Opera 2008-05-27 16:47 . 2008-05-27 16:47 <DIR> d-------- C:\Program Files\Square Soft, Inc 2008-05-27 16:41 . 2008-05-31 18:23 <DIR> d-------- C:\Program Files\Final Fantasy VII 2008-05-25 11:19 . 2008-05-25 11:19 563 --a------ C:\WINDOWS\eReg.dat 2008-05-25 11:17 . 2008-05-25 11:17 <DIR> d-------- C:\Program Files\EA Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-06-14 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki 2008-06-14 15:25 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\DNA 2008-06-14 15:15 --------- d-----w C:\Program Files\Dl_cats 2008-06-13 17:03 --------- d-----w C:\Program Files\McAfee 2008-06-12 16:34 --------- d-----w C:\Program Files\AviSynth 2.5 2008-06-12 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-12 16:30 --------- d-----w C:\Program Files\DVDVIDEOSOFT 2008-06-10 20:35 --------- d-----w C:\Program Files\Common Files\McAfee 2008-06-07 09:48 --------- d-----w C:\Program Files\Microsoft Games 2008-05-26 10:21 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\AdobeUM 2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\uTorrent 2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\Download Manager 2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\Azureus 2008-05-23 20:34 --------- d-----w C:\Program Files\SiteAdvisor 2008-05-11 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-05 15:35 --------- d-----w C:\Program Files\Dell Support Center 2008-05-05 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft 2008-05-04 19:22 --------- d-----w C:\Documents and Settings\Guest\Application Data\Talkback 2008-05-04 19:22 --------- d-----w C:\Documents and Settings\Guest\Application Data\GTek 2008-05-04 14:00 --------- d-----w C:\Program Files\Ashampoo 2008-04-26 12:10 --------- d-----w C:\Program Files\Yacc Yet Another CSO Compressor 2008-04-23 21:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2007-09-10 13:30 454 ------w C:\Program Files\Shortcut to Sonic.lnk 2007-02-17 17:31 940,032 ------w C:\Documents and Settings\Arun Sharma\dbghelp.dll 2007-02-17 17:31 438,272 ------w C:\Documents and Settings\Arun Sharma\sc.dll 2007-02-17 17:31 11,264 ------w C:\Documents and Settings\Arun Sharma\lp_plugin.exe 2006-11-07 21:03 287,744 ----a-w C:\Program Files\mozilla firefox\plugins\ieproxy.dll 2008-01-29 21:27 104 --sh--r C:\WINDOWS\system32\BA69659B5B.sys 2008-01-29 21:27 16,694 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DBF8390-552B-4D55-9F62-00D032032691}] 2008-06-12 07:38 274432 --a------ C:\WINDOWS\bosant16a.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-07 21:47 68856] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-01-25 11:08 1032376] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 10:14 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ] "USB2Check"="C:\WINDOWS\system32\PCLECoInst.dl l" [2005-12-21 11:14 73728] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 02:36 81920] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-04-10 19:35 36904] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [2003-11-10 17:06 406016] "PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ] "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.ex e" [2006-11-03 12:01 319488] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384] "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 08:03 425984] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20 127036] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496] "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [2005-06-07 07:38 69632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 09:48 53760 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\Arun Sharma\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-02 08:53:31 344064] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyxyy] efcyxyy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnk] C:\WINDOWS\system32\pmnnk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.NTN1"= nuvision.ax [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe" = "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe"= "C:\\Program Files\\EA Games\\Nightfire\\Bond.exe"= "C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Kontiki\\KService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt. sys [2006-07-14 01:01] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23] R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 01:02] S2 0002801213455320mcinstcleanup;McAfee Application Installer Cleanup (0002801213455320);C:\WINDOWS\TEMP\000280~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [] S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19] S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\ARUNSH~1\LOCALS~1\Te mp\cdrmkaun.sys [] S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreade r.sys [2001-01-03 00:53] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\WINDOWS\system32\Drivers\hcw95bda.sys [2007-04-04 19:45] S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\WINDOWS\system32\DRIVERS\hcw95rc.sys [2007-04-04 19:48] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-09-30 09:03] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-09-30 09:03] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-09-30 09:03] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-09-30 09:03] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-09-30 09:03] S3 MODBDA2;KWorld MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2005-05-03 08:27] S3 MODLOAD2VB-T USB2.0 adapter firmware loader;C:\WINDOWS\system32\DRIVERS\modload2.sys [2005-05-02 08:52] S3 MODRC;KWorld Infrared Receiver;C:\WINDOWS\system32\DRIVERS\modrc.sys [2005-06-08 11:13] S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 21:40] S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26] S3 XSHARK;XSHARK Driver (xshark.sys);C:\WINDOWS\system32\Drivers\xshark.sy s [2003-01-31 11:41] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{17c6bae8-c1e5-11dc-9934-000e50e25159}] \Shell\AutoRun\command - F:\.\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{76d82430-c236-11da-9c4a-00038a000015}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL findowner.bat [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ca4c9e31-8f77-11da-9bde-806d6172696f}] \Shell\AutoRun\command - D:\AutoRunLauncher.exe Newly Created Service - 0002801213455320MCINSTCLEANUP . Contents of the 'Scheduled Tasks' folder "2008-04-16 12:38:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-14 03:28:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2007-06-01 17:27:41 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2007-06-01 17:27:40 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-14 16:33:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ******************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6261\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Kontiki\KService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\Sony\SonicStage\SSAAD.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ********************************************** ******************** . Completion time: 2008-06-14 16:43:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-14 15:43:01 Pre-Run: 110,105,321,472 bytes free Post-Run: 110,440,951,808 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 274 --- E O F --- 2008-06-11 20:02:55 report.txt SDFix: Version 1.192 Run by Arun Sharma on 14/06/2008 at 17:03 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-14 17:15:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp .edb C:\Documents and Settings\Arun Sharma\Desktop\Aruns documents\Phone vidoes 2\secret things\Personal documents do not enter\documents\secret things\mobile phone pictures\DO NOT ENTER OR COMPUTER WILL CRASH(STATUS)\backup\My Music\My Pictures\moble phone and pc pictures\Thumbs.db:encryptable 0 bytes hidden from API scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 Remaining Services** : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe::Enabledell Network Assistant" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe::Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnr.exe"="C:\\Program Files\\MSN Messenger\\msnr.exe::Enabled:Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe" ="C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe: :Enabled:LocationFree Player" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe::EnabledNA" "C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe"="C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe::Enabled:Firefox" "C:\\Program Files\\EA Games\\Nightfire\\Bond.exe"="C:\\Program Files\\EA Games\\Nightfire\\Bond.exe::Enabled:Bond" "C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe"="C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe::Enabled:Bond_ded" "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe::Enabled:McAfee Network Agent" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:isabled:Bonjo ur" "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:isabledelivery Manager Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe::Enabled:AOL 9.0" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe::Enabled:AOL" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files* : Files with Hidden Attributes : Tue 29 Jan 2008 104 ..SHR --- "C:\WINDOWS\system32\BA69659B5B.sys" Tue 29 Jan 2008 16,694 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Tue 10 Jun 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak" Tue 10 Jun 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak" Sun 28 Oct 2007 20,222,992 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\ARUNSH~1\LOCALS~1\Temp\BIT 3E.tmp" Sun 25 May 2008 8 A..H. --- "C:\Documents and Settings\Arun Sharma\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp " Sun 25 May 2008 8 A..H. --- "C:\Documents and Settings\Arun Sharma\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp " Sun 25 May 2008 8 A..H. --- "C:\Documents and Settings\Arun Sharma\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp " Sun 25 May 2008 8 A..H. --- "C:\Documents and Settings\Arun Sharma\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp " Sun 25 May 2008 8 A..H. --- "C:\Documents and Settings\Arun Sharma\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp " Finished! thank you for helping.

06-15-2008	#4
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 6,798 PC Experience: Elite PC Guru	Re: dss logs on a Dell Dimension 3100 This should fix the problem... Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. O2 - BHO: (no name) - {234AF32E-A7D1-4BFD-A956-2AED01E9A654} - (no file) O2 - BHO: (no name) - {78069BC1-AB35-49D8-BF14-9F0EAD9CF1AB} - (no file) O2 - BHO: Sigma plugin - {7DBF8390-552B-4D55-9F62-00D032032691} - C:\WINDOWS\bosant16a.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O20 - Winlogon Notify: efcyxyy - C:\WINDOWS\system32\efcyxyy.dll (file missing) O20 - Winlogon Notify: pmnnk - C:\WINDOWS\system32\pmnnk.dll (file missing) O24 - Desktop Component 0: - file:///C:/DOCUME~1/ARUNSH~1/LOCALS~...p_image002.jpg Reboot.......................... ======================================= Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Open notepad and copy/paste the text in the quotebox below into it: Killall:: File:: C:\WINDOWS\bosant16a.dll C:\WINDOWS\system32\BA69659B5B.sys C:\WINDOWS\system32\eswohwtq.exe Folder:: C:\Program Files\IEAntiVirus Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DBF8390-552B-4D55-9F62-00D032032691}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyxyy] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnk] Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop. Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer __________________ An Australian Member of and My real name is Eddy

06-15-2008	#5
bindo245 Gold Member Join Date: Jun 2008 Location: London Posts: 209 PC Experience: A 15 Year Old Powerhouse	Re: dss logs on a Dell Dimension 3100 Well thank you pancake, for everything you have done, my computer is back to normal, and well no more annoying popups!! Well as you instructed here is my log from combo (for some reason i cant this thing to not underline?!) ComboFix 08-06-12.2 - Arun Sharma 2008-06-15 15:36:44.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.666 [GMT 1:00] Running from: C:\Documents and Settings\Arun Sharma\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Arun Sharma\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\bosant16a.dll C:\WINDOWS\system32\BA69659B5B.sys C:\WINDOWS\system32\eswohwtq.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\BA69659B5B.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DOMAINSERVICE ((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 ))))))))))))))))))))))))))))))) . 2008-06-14 16:57 . 2008-06-14 16:57 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-14 16:51 . 2008-06-14 17:20 <DIR> d----c--- C:\SDFix 2008-06-13 18:08 . 2008-06-13 18:08 <DIR> d----c--- C:\Deckard 2008-06-13 06:26 . 2008-06-13 17:50 <DIR> d-------- C:\Program Files\Unlocker 2008-06-12 17:46 . 2008-06-12 17:49 <DIR> d-------- C:\Program Files\MagicISO 2008-06-11 22:48 . 2008-06-11 22:48 <DIR> d-------- C:\Program Files\KGB Archiver 2 2008-06-10 21:25 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 21:25 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-06-09 18:55 . 2008-06-09 18:55 <DIR> d-------- C:\Program Files\MSBuild 2008-06-09 18:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-06-09 18:53 . 2008-06-09 18:53 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-06-09 17:52 . 2008-06-09 18:04 <DIR> d----c--- C:\cygwin 2008-06-06 20:49 . 2008-06-06 20:49 <DIR> d-------- C:\Program Files\LSoft Technologies 2008-06-01 22:42 . 2008-06-01 22:42 <DIR> d-------- C:\Program Files\Opera 2008-05-27 16:47 . 2008-05-27 16:47 <DIR> d-------- C:\Program Files\Square Soft, Inc 2008-05-27 16:41 . 2008-05-31 18:23 <DIR> d-------- C:\Program Files\Final Fantasy VII 2008-05-25 11:19 . 2008-05-25 11:19 563 --a------ C:\WINDOWS\eReg.dat 2008-05-25 11:17 . 2008-05-25 11:17 <DIR> d-------- C:\Program Files\EA Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-06-15 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki 2008-06-15 14:27 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\DNA 2008-06-15 14:14 --------- d-----w C:\Program Files\Dl_cats 2008-06-13 17:03 --------- d-----w C:\Program Files\McAfee 2008-06-12 16:34 --------- d-----w C:\Program Files\AviSynth 2.5 2008-06-12 16:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-12 16:30 --------- d-----w C:\Program Files\DVDVIDEOSOFT 2008-06-10 20:35 --------- d-----w C:\Program Files\Common Files\McAfee 2008-06-07 09:48 --------- d-----w C:\Program Files\Microsoft Games 2008-05-26 10:21 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\AdobeUM 2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\uTorrent 2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\Download Manager 2008-05-25 09:51 --------- d-----w C:\Documents and Settings\Arun Sharma\Application Data\Azureus 2008-05-23 20:34 --------- d-----w C:\Program Files\SiteAdvisor 2008-05-11 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-05 15:35 --------- d-----w C:\Program Files\Dell Support Center 2008-05-05 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft 2008-05-04 19:22 --------- d-----w C:\Documents and Settings\Guest\Application Data\Talkback 2008-05-04 19:22 --------- d-----w C:\Documents and Settings\Guest\Application Data\GTek 2008-05-04 14:00 --------- d-----w C:\Program Files\Ashampoo 2008-04-26 12:10 --------- d-----w C:\Program Files\Yacc Yet Another CSO Compressor 2007-09-10 13:30 454 ------w C:\Program Files\Shortcut to Sonic.lnk 2007-02-17 17:31 940,032 ------w C:\Documents and Settings\Arun Sharma\dbghelp.dll 2007-02-17 17:31 438,272 ------w C:\Documents and Settings\Arun Sharma\sc.dll 2007-02-17 17:31 11,264 ------w C:\Documents and Settings\Arun Sharma\lp_plugin.exe 2006-11-07 21:03 287,744 ----a-w C:\Program Files\mozilla firefox\plugins\ieproxy.dll 2008-01-29 21:27 16,694 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-14_16.42.36.95 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-14 15:32:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-15 14:42:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-14 00:35:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-06-14 15:57:52 11,042,816 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-06-14 15:57:52 397,312 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-06-14 00:35:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-06-14 15:57:34 11,042,816 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-06-14 15:57:34 397,312 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-06-14 14:55:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat + 2008-06-15 13:43:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat - 2008-06-14 14:55:23 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-06-15 13:43:16 32,768 ------w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-06-14 14:53:31 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-15 14:33:25 71,980 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-14 14:53:31 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-15 14:33:25 442,966 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-15 14:42:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-07 21:47 68856] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-01-25 11:08 1032376] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-11 10:14 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [ ] "USB2Check"="C:\WINDOWS\system32\PCLECoInst.dl l" [2005-12-21 11:14 73728] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.e xe" [2006-01-07 02:36 81920] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-04-10 19:35 36904] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCh eck.exe" [2003-11-10 17:06 406016] "PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [ ] "Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.ex e" [2006-11-03 12:01 319488] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384] "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 08:03 425984] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 05:20 127036] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06 106496] "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X 86\3\DLCCtime.dll" [2005-06-07 07:38 69632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 09:48 53760 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\Arun Sharma\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-02 08:53:31 344064] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.NTN1"= nuvision.ax [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Sony\\LocationFreePlayer\\LFPC3\\LFPC3.exe" = "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Documents and Settings\\Arun Sharma\\Desktop\\FirefoxPortable\\App\\firefox\\fi refox.exe"= "C:\\Program Files\\EA Games\\Nightfire\\Bond.exe"= "C:\\Program Files\\EA Games\\Nightfire\\Bond_ded.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Kontiki\\KService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt. sys [2006-07-14 01:01] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23] R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 01:02] S2 0002801213455320mcinstcleanup;McAfee Application Installer Cleanup (0002801213455320);C:\WINDOWS\TEMP\000280~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [] S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19] S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\ARUNSH~1\LOCALS~1\Te mp\cdrmkaun.sys [] S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreade r.sys [2001-01-03 00:53] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\WINDOWS\system32\Drivers\hcw95bda.sys [2007-04-04 19:45] S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\WINDOWS\system32\DRIVERS\hcw95rc.sys [2007-04-04 19:48] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-09-30 09:03] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-09-30 09:03] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-09-30 09:03] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-09-30 09:03] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-09-30 09:03] S3 MODBDA2;KWorld MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2005-05-03 08:27] S3 MODLOAD2VB-T USB2.0 adapter firmware loader;C:\WINDOWS\system32\DRIVERS\modload2.sys [2005-05-02 08:52] S3 MODRC;KWorld Infrared Receiver;C:\WINDOWS\system32\DRIVERS\modrc.sys [2005-06-08 11:13] S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 21:40] S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26] S3 XSHARK;XSHARK Driver (xshark.sys);C:\WINDOWS\system32\Drivers\xshark.sy s [2003-01-31 11:41] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{17c6bae8-c1e5-11dc-9934-000e50e25159}] \Shell\AutoRun\command - F:\.\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{76d82430-c236-11da-9c4a-00038a000015}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL findowner.bat [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ca4c9e31-8f77-11da-9bde-806d6172696f}] \Shell\AutoRun\command - D:\AutoRunLauncher.exe . Contents of the 'Scheduled Tasks' folder "2008-04-16 12:38:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-06-15 14:28:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2007-06-01 17:27:41 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2007-06-01 17:27:40 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-15 15:44:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ******************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\SiteAdvisor\6261\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Kontiki\KService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Program Files\Sony\SonicStage\SSAAD.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\dlcccoms.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ********************************************** ********************** . Completion time: 2008-06-15 15:51:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-15 14:51:40 ComboFix2.txt 2008-06-14 15:43:10 Pre-Run: 111,902,687,232 bytes free Post-Run: 111,895,449,600 bytes free 240 --- E O F --- 2008-06-11 20:02:55

06-16-2008	#7
bindo245 Gold Member Join Date: Jun 2008 Location: London Posts: 209 PC Experience: A 15 Year Old Powerhouse	Re: dss logs on a Dell Dimension 3100 Thank you for everything. If there is anything i can do to help don't hesitate to ask, and from now on i will be scanning and re-checking before i install or download something. P.S. THANK THANK YOU SO MUCH.

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
dell dimension 4600 need help!	peteproducer	CD/DVD Rom	2	03-22-2009 03:43 PM
Answered: OC Dell Dimension 9200 nTune?	j897655	Overclocking	2	01-15-2009 08:18 AM
Pending: Dell Dimension 9100 Upgrade	ShooterColeman	Graphics	4	12-19-2008 12:38 PM
Pending: Dell Dimension 4700	LSC9901	Windows XP/2000	8	12-04-2008 08:45 PM
[Answered]dell dimension	stevelee2030	Hard Drives	7	09-17-2006 02:19 AM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode