Free Malware Removal Forum

by **mysterious** » July 24th, 2009, 2:39 am

here is a scan log. My computer has been running slow and I like to know what else I can do other than what I have already done as described in post "if your comp. is running slow..." Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:41 AM, on 7/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v ... Loader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/D ... tion&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8972777659
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} (Invoke Solutions MILiveParticipantPadHelper Control) - http://rms2.invokesolutions.com/events/ ... MILive.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9666 bytes

by **MWR 3 day Mod** » July 27th, 2009, 2:23 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **Cypher** » July 29th, 2009, 6:19 am

Apologies for the delay.

Hi, Welcome to the Malware Removal forum.
My name is Cypher, and I'll be helping you with your malware problems.
Before we begin...please note the following important guidelines.

The instructions being given are for YOUR computer and system only!.
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
Please, if you have questions about something...ASK, don't guess or assume.
Please -only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
Please -only- reply to this thread, do not start another!
Please do not run any other fix/removal tools unless instructed to do so!
Print each set of instructions...if possible...your Internet connection might not be available during some fix processes.
Please, continue responding, until I give you the "All Clean"

If you follow these guidelines, things should proceed smoothly.

I am currently reviewing your log and will return, as soon as possible, with your instructions.

Please post an Uninstall list.

Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.

In your next reply.

1. Uninstall list.

by **Cypher** » August 1st, 2009, 6:06 am

Hi mysterious.

It has been three days since my last post.

do you still need help?
do you need more time?
are you having problems following my instructions?
According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If I do not get any within the next 24 hours, this topic will be closed.

by **mysterious** » August 2nd, 2009, 3:02 am

Hello Cypher!

Sorry for the delay.. Your instructions were just fine. Here is the log. I am waiting for your kind response. (ON a side note, since my last HJ run that I posted in my earlier message, I have run spybot and cleaned some files but to not much help)

Thanks

Access IBM
Access IBM Message Center
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
Bing Maps 3D
Bonjour
BullGuard 8.7
Canon MP Navigator EX 1.0
Canon MP520 series
Canon MP520 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Clic*Pic Gallery Creator
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
FinePixViewer Ver.3.2
FUJIFILM USB Driver
getPlus(R) for Adobe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Presentation Director
IBM TrackPoint Accessibility Features
IBM Update Connector
ImageMixer VCD for FinePix
Intel(R) Extreme Graphics 2 Driver
Intel(R) Network Connections Drivers
Intel(R) Sebring API
InterVideo WinDVD
Invoke Solutions Participant 6.2.0.1452
IrfanView (remove only)
iTunes
Java(TM) 6 Update 13
Livestation
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSXML 4.0 SP2 (KB954430)
OpenAL
PC-Doctor for Windows
PIXMA Extended Survey Program
QuickTime
RealPlayer
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Skype™ 4.0
Sonic Update Manager
Spybot - Search & Destroy
TestDrive Client
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad Software Installer
ThinkPad TrackPoint Driver
TurboTax Deluxe 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Wallpapers
WebIQ Technology Engine
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3

by **Cypher** » August 4th, 2009, 6:34 am

Hi mysterious.
Im am sorry for the delay the forum staff are really busy.
I will get back to you as soon as i can with your next set of instructions.
Thank you for your patience.

by **mysterious** » August 5th, 2009, 12:07 am

I am waiting for your response. I must also add that my browser freezes up when I watch any video on youtube. It feels as if the screen is too heavy and cant bear the streaming videos.

Thanks

by **Cypher** » August 5th, 2009, 8:34 am

Hi mysterious.

I see that you have LiveStation installed on your computer.

It's not uncommon for TV and entertainment portals to utilize unsafe P2P programs, perhaps not even fully understanding the safety issue. Use of entertainment programs often results in symptoms of port traffic and cpu spikes indicative of activity taking place not generated by the user and without his/her knowledge and/or approval. They may be responsible for or contributing to your system being slow.

You may want to consider uninstalling that program.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Checked (tick) all items except items in the C:\System Volume Information folder, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Post that log back here.

Next.

RSIT

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

Next.

GMER
Please download GMER by GMER. An alternate download site.

Unzip it to a folder on your desktop.
Double click on gmer.exe to execute.
If asked, allow the gmer.sys driver load.
If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
If you don't get a warning then...
- Click the Rootkit/Malware tab at the top of the GMER window.
- Click the Scan button.
Once the scan has finished... click Copy. ... Do not close the GMER window yet...
Open Notepad and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.

In the GMER window...
Click on the >>> tab at the top of the GMER window.
This displays the rest of the "selection" tabs for you.
Click on the Autostart tab.
Click on Scan button.
Once the scan has finished... click Copy.
Open Notepad (again) and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.

In your next reply.

1. Malwarebytes' Anti-Malware log.
2. RSIT log.txt file contents and info.txt file contents.
3 gmerauto.txt log.

by **mysterious** » August 6th, 2009, 8:17 am

Thanks for your response. Here are the logs.

Malwarebytes' Anti-Malware 1.40
Database version: 2568
Windows 5.1.2600 Service Pack 3

8/6/2009 2:26:29 AM
mbam-log-2009-08-06 (02-26-29).txt

Scan type: Quick Scan
Objects scanned: 147125
Time elapsed: 36 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 189

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220 (Rogue.RegTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\resultsw.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\Logs\2008-12-19 22-30-430.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-173.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-174.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-175.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-176.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-177.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-178.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-179.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-180.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-181.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-182.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-183.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-184.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jahan Zaib\Application Data\RegTool\QuarantineW\2008-12-19 22-32-220\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.

cont'd

by **mysterious** » August 6th, 2009, 8:20 am

gmerauto

GMER 1.0.15.15011 - http://www.gmer.net
Autostart scan 2009-08-06 08:12:49
Windows 5.1.2600 Service Pack 3

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxsrvc.dll
QConGina@DLLName = QConGina.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
IBM Rapid Restore Ultra Service@ = "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
IBMPMSVC@ = %SystemRoot%\system32\ibmpmsvc.exe
IJPLMSVC@ = C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
QCONSVC@ = System32\QCONSVC.EXE
RegSrvc@ = C:\WINDOWS\system32\RegSrvc.exe
S24EventMonitor@ = C:\WINDOWS\system32\S24EvMon.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
TpKmpSVC@ = C:\WINDOWS\system32\TpKmpSVC.exe
WinDefend@ = "C:\Program Files\Windows Defender\MsMpEng.exe"
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@S3TRAY2S3Tray2.exe = S3Tray2.exe
@TrackPointSrvC:\Program Files\Lenovo\TrackPoint\tp4serv.exe = C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
@TPKMAPHELPERC:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper /*file not found*/ = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper /*file not found*/
@TpShocksTpShocks.exe = TpShocks.exe
@TPHOTKEYC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe = C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
@TP4EXtp4ex.exe = tp4ex.exe
@EZEJMNAPC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
@dlaC:\WINDOWS\system32\dla\tfswctrl.exe = C:\WINDOWS\system32\dla\tfswctrl.exe
@IBMPRCC:\IBMTOOLS\UTILS\ibmprc.exe = C:\IBMTOOLS\UTILS\ibmprc.exe
@QCWLICONC:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE = C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
@BMMLREFC:\Program Files\ThinkPad\Utilities\BMMLREF.EXE = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
@BMMMONWNDrundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor = rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
@REGSHAVEC:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN /*file not found*/ = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN /*file not found*/
@AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@Windows Defender"C:\Program Files\Windows Defender\MSASCui.exe" -hide = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
@TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{56F9679E-7826-4C84-81F3-532071A8BCC5}C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}C:\PROGRA~1\WIFD1F~1\MpShHook.dll = C:\PROGRA~1\WIFD1F~1\MpShHook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Program Files\IBM RecordNow!\shlext.dll = C:\Program Files\IBM RecordNow!\shlext.dll
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/(null) =
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{97090E2F-3062-4459-855B-014F0D3CDBB1} /*Windows Search Deskbar*/C:\Program Files\Windows Desktop Search\deskbar.dll = C:\Program Files\Windows Desktop Search\deskbar.dll
@{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Program Files\Windows Desktop Search\msnlExt.dll = C:\Program Files\Windows Desktop Search\msnlExt.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\msohev.dll = C:\PROGRA~1\MICROS~3\OFFICE11\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{22BF413B-C6D2-4d91-82A9-A0F997BA588C}C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll = C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
@{3049C3E9-B461-4BC5-8870-4C09146192CA}C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll = C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
@{5CA3D70E-1895-11CF-8E15-001234567890}C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redi ... ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
AutorunsDisabled = AutorunsDisabled
Digital Line Detect.lnk = Digital Line Detect.lnk

---- EOF - GMER 1.0.15 ----

by **mysterious** » August 6th, 2009, 8:22 am

log notepad

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jahan Zaib at 2009-08-06 08:20:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 132 GB (89%) free of 148 GB
Total RAM: 1526 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:06 AM, on 8/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jahan Zaib\Local Settings\Temporary Internet Files\Content.IE5\G1QQ2LNV\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Jahan Zaib.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/games/v ... Loader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/D ... tion&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} (TrivialPursuit Control) - http://www.worldwinner.com/games/v56/tr ... ursuit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} (Jeopardy Control) - http://www.worldwinner.com/games/v56/je ... opardy.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8972777659
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} (Invoke Solutions MILiveParticipantPadHelper Control) - http://rms2.invokesolutions.com/events/ ... MILive.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (RealPlayer G2 Control) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9543 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\BMMTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{267B5597-3BC4-443D-9D12-17270A63D12A}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{3F7CCC8F-DD9F-4D2A-80CC-B980C77FBF10}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-16 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-20 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-09-02 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"=C:\WINDOWS\system32\S3Tray2.exe [2001-10-12 69632]
"TrackPointSrv"=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [2008-03-04 92960]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2004-02-04 897024]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2004-03-26 102400]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2004-08-06 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2002-09-04 53248]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2003-12-25 208896]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-09-02 127035]
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe [2004-03-19 90112]
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [2004-08-18 81920]
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2004-07-29 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2004-07-29 395776]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-05 53248]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-20 185872]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-07-30 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2004-08-18 258048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
pwdmon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe"="%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher"
"%ProgramFiles%\IBM\Updater\jre\bin\java.exe"="%ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IBM\Updater\jre\bin\java.exe"="C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher "
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe"="C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Jahan Zaib\Desktop\TurboTax Deluxe 2007\32bit\ttax.exe"="C:\Documents and Settings\Jahan Zaib\Desktop\TurboTax Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Documents and Settings\Jahan Zaib\Desktop\TurboTax Deluxe 2007\32bit\updatemgr.exe"="C:\Documents and Settings\Jahan Zaib\Desktop\TurboTax Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe"="%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher"
"%ProgramFiles%\IBM\Updater\jre\bin\java.exe"="%ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IBM\Updater\jre\bin\java.exe"="C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher "
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe"="C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-06 02:37:23 ----D---- C:\rsit
2009-08-06 01:43:23 ----D---- C:\Documents and Settings\Jahan Zaib\Application Data\Malwarebytes
2009-08-06 01:43:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-06 01:43:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-29 18:19:16 ----D---- C:\Program Files\MSECache
2009-07-29 18:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-29 01:25:17 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-29 01:25:10 ----D---- C:\Program Files\MSBuild
2009-07-29 01:24:57 ----D---- C:\Program Files\Reference Assemblies
2009-07-29 01:24:05 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-07-29 01:24:04 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-07-29 01:24:04 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-07-29 01:24:01 ----D---- C:\38a1820cc56f5f2419
2009-07-29 01:22:40 ----D---- C:\WINDOWS\SxsCaPendDel
2009-07-29 00:49:20 ----HDC---- C:\WINDOWS\ie8
2009-07-20 14:10:57 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2009-07-20 14:10:56 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2009-07-20 14:10:56 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2009-07-20 14:10:56 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2009-07-20 14:10:56 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2009-07-20 14:10:56 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2009-07-20 14:10:56 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2009-07-20 14:10:56 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2009-07-15 03:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:07:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-06 07:04:30 ----D---- C:\WINDOWS\Prefetch
2009-08-06 03:31:41 ----D---- C:\WINDOWS\Temp
2009-08-06 02:35:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-06 02:35:30 ----SD---- C:\WINDOWS\Tasks
2009-08-06 02:30:56 ----D---- C:\WINDOWS\system32\drivers
2009-08-06 02:30:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-06 01:43:14 ----RD---- C:\Program Files
2009-08-06 00:07:15 ----AD---- C:\WINDOWS
2009-08-06 00:04:05 ----AD---- C:\WINDOWS\system32
2009-08-06 00:04:00 ----HD---- C:\WINDOWS\inf
2009-08-06 00:03:54 ----D---- C:\Documents and Settings\Jahan Zaib\Application Data\Skype
2009-08-05 21:10:47 ----SHD---- C:\WINDOWS\Installer
2009-08-05 21:10:39 ----SHD---- C:\Config.Msi
2009-08-05 20:30:05 ----D---- C:\Documents and Settings\Jahan Zaib\Application Data\skypePM
2009-08-05 01:12:00 ----D---- C:\Program Files\Coupons
2009-08-02 02:48:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-01 00:47:35 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-30 03:32:06 ----RSD---- C:\WINDOWS\assembly
2009-07-30 03:25:35 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-29 18:19:39 ----RSD---- C:\WINDOWS\Fonts
2009-07-29 18:19:32 ----D---- C:\Program Files\Microsoft Office
2009-07-29 18:19:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-29 18:17:17 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-29 18:16:43 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-29 01:32:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-29 01:31:33 ----D---- C:\WINDOWS\WinSxS
2009-07-29 01:25:12 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 01:24:31 ----D---- C:\WINDOWS\system32\spool
2009-07-29 01:19:38 ----D---- C:\Program Files\Internet Explorer
2009-07-29 01:05:16 ----D---- C:\WINDOWS\Media
2009-07-29 01:05:16 ----D---- C:\WINDOWS\Help
2009-07-29 00:56:49 ----A---- C:\WINDOWS\imsins.BAK
2009-07-29 00:56:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-29 00:55:35 ----D---- C:\WINDOWS\ie8updates
2009-07-28 16:44:17 ----D---- C:\WINDOWS\ie7updates
2009-07-24 02:46:02 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-22 00:36:41 ----D---- C:\Program Files\Virtual Earth 3D
2009-07-21 00:23:30 ----D---- C:\WINDOWS\network diagnostic
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 19:52:46 ----D---- C:\WINDOWS\Cache
2009-07-15 00:42:54 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-07-11 14:38:41 ----A---- C:\WINDOWS\win.ini
2009-07-10 11:58:09 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-07-07 11:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2004-08-18 11520]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2004-08-18 2432]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 4608]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2004-07-29 14848]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2004-07-29 9341]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-06-10 16340]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2004-07-29 16384]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2004-07-15 7168]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.0.0.8; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-08 16110]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-06-02 11258]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-09-02 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-09-02 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-09-02 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-09-02 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-09-02 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-09-02 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-09-02 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-09-02 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-09-02 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-07-22 1041152]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-07-22 197888]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-07-30 724989]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [2007-06-01 21424]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\System32\DRIVERS\tp4track.sys [2008-03-04 22568]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-07-22 676096]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 laaottpi;laaottpi; \??\C:\DOCUME~1\JAHANZ~1\LOCALS~1\Temp\laaottpi.sys []
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2004-08-18 12288]
S3 S3SSavage;S3SSavage; C:\WINDOWS\System32\DRIVERS\s3ssavm.sys [2001-11-01 95104]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver for Windows XP; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-08-29 3151232]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 IBM Rapid Restore Ultra Service;IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [2004-03-19 339968]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-06-01 36400]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2004-08-18 73728]
R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2004-10-02 122950]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2004-10-02 286787]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-11 32768]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-27 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

by **mysterious** » August 6th, 2009, 8:27 am

info.txt

info.txt logfile of random's system information tool 1.06 2009-08-06 02:37:34

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM Message Center-->MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Access IBM-->MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bing Maps 3D-->MsiExec.exe /I{2D87E961-577B-492B-AD54-1368680FB9A7}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP520 series User Registration-->C:\Program Files\Canon\IJEREG\MP520 series\UNINST.EXE
Canon MP520 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Clic*Pic Gallery Creator-->C:\Program Files\ClicPic\Uninstal.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
FinePixViewer Ver.3.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Documents and Settings\Jahan Zaib\Local Settings\Temporary Internet Files\Content.IE5\9S7GLNO6\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033
IBM Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM Active Protection System-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x9 anything
IBM DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Integrated 56K Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_05591014 -S -ISFG
IBM RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Rescue and Recovery with Rapid Restore-->MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM Themes-->MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Battery MaxiMiser and Power Management Features-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
IBM ThinkPad EasyEject Utility -->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"
IBM ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
IBM Update Connector-->MsiExec.exe /X{8D815BF3-2399-459C-B121-49373FEFB9E8}
ImageMixer VCD for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel(R) Sebring API -->MsiExec.exe /I{56373057-E823-4DDE-98C3-E89AEF7895B8}
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Invoke Solutions Participant 6.2.0.1452-->"C:\Program Files\Invoke Solutions\Participant\6.2\unins000.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{A14C24F6-615B-415E-84B0-610FDAD19B68}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PIXMA Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScanSoft OmniPage SE 4-->MsiExec.exe /I{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TestDrive Client-->MsiExec.exe /X{36C9E08A-BE2B-40A0-83C5-576748F7B777}
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Software Installer-->_tpiu000.exe /U
ThinkPad TrackPoint Driver-->C:\Program Files\Lenovo\TrackPoint\tp4unins.exe
TurboTax Deluxe 2007-->C:\Documents and Settings\Jahan Zaib\Desktop\TurboTax Deluxe 2007\TaxUnst.EXE "C:\Documents and Settings\Jahan Zaib\Desktop\TurboTax Deluxe 2007\Uninstall.log" -NoGui
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
WebIQ Technology Engine-->C:\WINDOWS\system32\WebIQEngineSetup.exe u
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [2009-01-04]
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [2009-01-04]
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2009-01-04]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-01-04]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-01-04]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2009-01-04]
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2009-01-04]
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2009-01-04]
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [2009-01-04]
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe [2009-01-04]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-01-04]
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [2009-01-04]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [2009-02-02]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2009-02-02]

======System event log======

Computer Name: JAHANZ
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 6220
Source Name: W32Time
Time Written: 20090620072145.000000-240
Event Type: warning
User:

Computer Name: JAHANZ
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.100.2 on the
Network Card with network address 00164115E328.

Record Number: 6174
Source Name: Dhcp
Time Written: 20090618225747.000000-240
Event Type: error
User:

Computer Name: JAHANZ
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00164115E328. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 6173
Source Name: Dhcp
Time Written: 20090618225747.000000-240
Event Type: warning
User:

Computer Name: JAHANZ
Event Code: 1002
Message: The IP address lease 68.173.136.28 for the Network Card with network address 00164115E328 has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 6172
Source Name: Dhcp
Time Written: 20090618225716.000000-240
Event Type: error
User:

Computer Name: JAHANZ
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00164115E328. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 6171
Source Name: Dhcp
Time Written: 20090618225716.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: JAHANZ
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18372, faulting module mshtml.dll, version 8.0.6001.18372, fault address 0x00421b85.

Record Number: 3561
Source Name: Application Error
Time Written: 20090425015124.000000-240
Event Type: error
User:

Computer Name: JAHANZ
Event Code: 1001
Message: Fault bucket 1117546412.

Record Number: 3546
Source Name: Application Error
Time Written: 20090424011233.000000-240
Event Type: error
User:

Computer Name: JAHANZ
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18372, faulting module ieframe.dll, version 8.0.6001.18372, fault address 0x002b03c6.

Record Number: 3545
Source Name: Application Error
Time Written: 20090424011230.000000-240
Event Type: error
User:

Computer Name: JAHANZ
Event Code: 1001
Message: Fault bucket 1117546412.

Record Number: 3544
Source Name: Application Error
Time Written: 20090424004855.000000-240
Event Type: error
User:

Computer Name: JAHANZ
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18372, faulting module ieframe.dll, version 8.0.6001.18372, fault address 0x002b03c6.

Record Number: 3543
Source Name: Application Error
Time Written: 20090424004851.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\PROGRAM FILES\THINKPAD\UTILITIES;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\Downloaded Program Files;%SystemDrive%\IBMTOOLS\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"RRU"=C:\Program Files\IBM\IBM Rapid Restore Ultra\
"PYTHONPATH"=%SystemDrive%\IBMTOOLS\utils\support;%SystemDrive%\IBMTOOLS\utils\logger
"IBMSHARE"=%SystemDrive%\IBMSHARE
"TCL_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tcl8.4
"TK_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tk8.4
"PYTHONCASEOK"=1
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

by **Cypher** » August 7th, 2009, 5:25 am

Hi mysterious.
It will take me a while to go through your logs, but i will get back to you as soon as possible.

by **Cypher** » August 7th, 2009, 3:25 pm

Hi mysterious.

How is your computer running now?

Please post the contents of the gmerroot.txt log

If you done have it.

Double click on gmer.exe to execute.
If asked, allow the gmer.sys driver load.
If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
If you don't get a warning then...

Click the Rootkit/Malware tab at the top of the GMER window.
Click the Scan button.

Once the scan has finished... click Copy. ... Do not close the GMER window yet...
Open Notepad and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.

In your next reply.

1. gmerroot.txt log

by **mysterious** » August 7th, 2009, 10:47 pm

Hi,

I see some improvement. However, my screen fonts and layout have gotten too small. How do I enlarge them one notch?

here is the log that I had run earlier. Also, is it safe for all these log and deep compouter info online? I mean can anyone use the information and hack into my computer?

GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-06 08:11:08
Windows 5.1.2600 Service Pack 3

---- Kernel code sections - GMER 1.0.15 ----

? wtneeib.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1344] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[1952] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2260] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2808] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ibmfilter.sys (IBM FFE and RRU filter driver/IBM)

Device \FileSystem\Fastfat \Fat A7C6CD20
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Jahan Zaib\Cookies\jahan_zaib@cbsnews[1].txt 1658 bytes
File C:\Documents and Settings\Jahan Zaib\Cookies\jahan_zaib@facebook[1].txt 1156 bytes
File C:\Documents and Settings\Jahan Zaib\Cookies\jahan_zaib@www.cbsnews[6].txt 210 bytes
File C:\Documents and Settings\Jahan Zaib\Cookies\jahan_zaib@cnn[2].txt 758 bytes
File C:\Documents and Settings\Jahan Zaib\Local Settings\Temporary Internet Files\Content.IE5\7FMTHK97\video_bg_red[1].gif 0 bytes
File C:\Documents and Settings\Jahan Zaib\Local Settings\Temporary Internet Files\Content.IE5\7FMTHK97\default[1].jpg 3557 bytes
File C:\Documents and Settings\Jahan Zaib\Local Settings\Temporary Internet Files\Content.IE5\7FMTHK97\default[2].jpg 3603 bytes
File C:\Documents and Settings\Jahan Zaib\Local Settings\Temporary Internet Files\Content.IE5\7FMTHK97\default[3].jpg 3641 bytes

---- EOF - GMER 1.0.15 ----

Free Malware Removal Forum

My HJ Log- Please review

My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Re: My HJ Log- Please review

Who is online