Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: virtumonde..giving hard time

  1. #1
    Junior Member
    Join Date
    Sep 2009
    Posts
    7

    Smile virtumonde..giving hard time

    Please help me to remove this!!

    Your help would be appreciated..

    Below I have pasted the logfile..Hope that is helpful.
    Let me know if you need any other info.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:38:12, on 9/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\system32\nvraidservice.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\WordWeb\wweb32.exe
    C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    C:\Documents and Settings\Abhisetu\Application Data\U3\087572138EC08489\LaunchPad.exe
    C:\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5080603
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: UserInit=Userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5865d058-4422-4169-941e-1da7d4eab392} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Abhisetu\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [A00F2703107.exe] C:\DOCUME~1\Abhisetu\LOCALS~1\Temp\_A00F2703107.exe
    O4 - HKCU\..\Run: [A00FEABBC.exe] C:\DOCUME~1\Abhisetu\LOCALS~1\Temp\_A00FEABBC.exe
    O4 - HKCU\..\Run: [A00F111DC6.exe] C:\DOCUME~1\Abhisetu\LOCALS~1\Temp\_A00F111DC6.exe
    O4 - HKCU\..\Run: [A00F166FB6.exe] C:\DOCUME~1\Abhisetu\LOCALS~1\Temp\_A00F166FB6.exe
    O4 - HKCU\..\Run: [A00FAA661.exe] C:\DOCUME~1\Abhisetu\LOCALS~1\Temp\_A00FAA661.exe
    O4 - HKCU\..\Run: [A00F1C60D5D.exe] C:\DOCUME~1\Abhisetu\LOCALS~1\Temp\_A00F1C60D5D.exe
    O4 - HKCU\..\Run: [A00F6EEA8.exe] C:\DOCUME~1\Abhisetu\LOCALS~1\Temp\_A00F6EEA8.exe
    O4 - HKCU\..\Run: [A00F7EE5A8.exe] C:\DOCUME~1\Abhisetu\LOCALS~1\Temp\_A00F7EE5A8.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [A00F2E0668.exe] C:\DOCUME~1\Abhisetu\LOCALS~1\Temp\_A00F2E0668.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
    O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...33/mcfscan.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\duyabutu.dll,C:\WINDOWS\system32\tezojuyu.dll,C:\WINDOWS\System32\comuid32.dll
    O20 - Winlogon Notify: 54eb391d663 - C:\WINDOWS\System32\comuid32.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O20 - Winlogon Notify: __c0046DA - C:\WINDOWS\system32\__c0046DA.dat
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c9fa66a359971d) (gupdate1c9fa66a359971d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 18189 bytes

    Cheers

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi spatel

    We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    http://www.bleepingcomputer.com/comb...o-use-combofix

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    If you need help to disable your protection programs see here.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Sep 2009
    Posts
    7

    Default Re:

    Thanks for your prompt response. I am pretty sure now that I will be able to get rid of this spyware.

    Please see the ComboFix log pasted below.

    ComboFix 09-09-09.01 - Abhisetu 09/09/2009 15:53.1.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2468 [GMT -4:00]
    Running from: K:\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Abhisetu\Application Data\02000000f9598a6a663C.manifest
    c:\documents and settings\Abhisetu\Application Data\02000000f9598a6a663O.manifest
    c:\documents and settings\Abhisetu\Application Data\02000000f9598a6a663P.manifest
    c:\documents and settings\Abhisetu\Application Data\02000000f9598a6a663S.manifest
    c:\documents and settings\Abhisetu\Application Data\explorer.exe
    c:\program files\Mozilla Firefox\extensions\{3BB3F081-DBC8-43B7-9FFB-1893B79275BD}
    c:\program files\Mozilla Firefox\extensions\{3BB3F081-DBC8-43B7-9FFB-1893B79275BD}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{3BB3F081-DBC8-43B7-9FFB-1893B79275BD}\chrome\content\overlay.xul
    c:\program files\Mozilla Firefox\extensions\{3BB3F081-DBC8-43B7-9FFB-1893B79275BD}\install.rdf
    c:\windows\4c37c6c9-799f-450e-861c-bd98e86455f4.ocx
    c:\windows\Downloaded Program Files\ODCTOOLS
    c:\windows\GnuHashes.ini
    c:\windows\Installer\598724.msp
    c:\windows\Installer\772b5b.msp
    c:\windows\Installer\772b64.msp
    c:\windows\Installer\772b6f.msp
    c:\windows\run.log
    c:\windows\system32\__c0046DA.dat
    c:\windows\system32\1QFNKOi7lnq6W.vbs
    c:\windows\system32\6ae89554-7039-4bf7-901e-6221195a9a0d.dll
    c:\windows\system32\bWQnU.vbs
    c:\windows\system32\COMUID32.DLL
    c:\windows\system32\D.tmp
    c:\windows\system32\elBqvfwhTCGso.vbs
    c:\windows\system32\GroupPolicy000.dat
    c:\windows\system32\LocalService\277.crack.zip
    c:\windows\system32\LocalService\277.crack.zip.kwd
    c:\windows\system32\LocalService\278.keygen.zip
    c:\windows\system32\LocalService\278.keygen.zip.kwd
    c:\windows\system32\LocalService\279.serial.zip
    c:\windows\system32\LocalService\279.serial.zip.kwd
    c:\windows\system32\LocalService\280.setup.zip
    c:\windows\system32\LocalService\280.setup.zip.kwd
    c:\windows\system32\LocalService\281.music.au
    c:\windows\system32\LocalService\281.music.au.kwd
    c:\windows\system32\LocalService\282.music2.au
    c:\windows\system32\LocalService\282.music2.au.kwd
    c:\windows\system32\LocalService\283.music3.au
    c:\windows\system32\LocalService\283.music3.au.kwd
    c:\windows\system32\LocalService\284.music4.au
    c:\windows\system32\LocalService\284.music4.au.kwd
    c:\windows\system32\M5o0T.vbs
    c:\windows\system32\n8beU.vbs
    c:\windows\system32\PxR3A.vbs
    c:\windows\system32\qUsdU.vbs
    c:\windows\system32\tmp.reg
    c:\windows\system32\WKrMGY1.vbs
    C:\xcrashdump.dat

    .
    ((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
    .

    2009-09-09 19:29 . 2009-09-09 19:29 128888 ----a-w- c:\documents and settings\Abhisetu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-08 14:37 . 2009-09-08 14:38 -------- d-----w- C:\HijackThis
    2009-09-05 19:54 . 2009-09-05 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-09-05 19:54 . 2009-09-05 19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-09-05 19:54 . 2009-09-05 19:04 16409960 ----a-w- C:\spybotsd162.exe
    2009-09-05 19:01 . 2009-09-05 19:01 -------- d-----w- c:\documents and settings\Abhisetu\Local Settings\Application Data\beta
    2009-09-04 03:39 . 2009-09-04 03:39 -------- d-----w- c:\program files\Codemasters
    2009-09-02 22:44 . 2009-09-09 19:59 -------- d-sh--w- c:\windows\system32\LocalService
    2009-09-02 21:34 . 2009-09-02 21:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
    2009-09-02 21:34 . 2009-09-02 21:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
    2009-09-02 21:33 . 2009-09-02 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
    2009-09-02 19:33 . 2009-09-02 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
    2009-08-31 21:21 . 2009-09-02 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-08-30 01:47 . 2009-08-30 01:47 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\NSeries
    2009-08-28 00:24 . 2009-08-31 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
    2009-08-23 00:53 . 2009-08-23 00:53 -------- d-----w- c:\documents and settings\Abhisetu\Local Settings\Application Data\Codemasters
    2009-08-22 14:18 . 2009-08-22 14:18 8587 ----a-w- c:\windows\system32\nvUnsupRes.dat
    2009-08-17 14:06 . 2009-08-19 18:28 4 ----a-w- c:\windows\vx86036.dat
    2009-08-17 14:06 . 2009-08-17 14:06 -------- d-----w- c:\documents and settings\All Users\CrypKey
    2009-08-17 14:05 . 2008-08-22 20:14 21638 ----a-w- c:\windows\system32\Ckldrv.sys
    2009-08-17 14:05 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
    2009-08-17 14:05 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
    2009-08-17 14:05 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
    2009-08-17 14:05 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
    2009-08-17 14:05 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
    2009-08-17 14:05 . 2009-08-19 18:28 -------- d-----w- c:\program files\StyleWriter 4
    2009-08-17 13:59 . 2009-08-17 14:00 -------- d-----w- C:\Stylewriter Beta
    2009-08-16 12:56 . 2009-08-16 12:57 -------- d-----w- C:\Stylewriter
    2009-08-12 10:22 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
    2009-08-11 00:40 . 2009-08-11 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2009-08-11 00:39 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
    2009-08-11 00:36 . 2009-08-13 23:02 -------- d-----w- C:\Software

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-09 20:03 . 2009-02-24 06:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-09-08 14:38 . 2009-03-03 15:02 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\U3
    2009-09-05 18:31 . 2009-02-24 06:14 -------- d-----w- c:\program files\Spyware Doctor
    2009-09-04 03:39 . 2008-06-03 05:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-09-02 22:56 . 2009-05-09 11:02 -------- d-----w- c:\program files\Amazon
    2009-09-02 22:43 . 2008-06-03 05:26 -------- d-----w- c:\program files\McAfee
    2009-09-02 21:32 . 2008-06-03 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2009-09-01 02:20 . 2009-02-24 06:16 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-09-01 02:19 . 2009-09-01 02:19 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
    2009-08-31 23:24 . 2009-03-11 15:52 -------- d-----w- c:\program files\Easy DVD Copy
    2009-08-31 22:31 . 2008-06-03 05:29 -------- d-----w- c:\program files\MUSICMATCH
    2009-08-31 14:14 . 2009-06-09 02:40 -------- d-----w- c:\program files\PowerArchiver
    2009-08-31 03:44 . 2008-11-02 16:50 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\Skype
    2009-08-31 01:00 . 2009-08-31 01:00 518144 --sha-w- c:\windows\system32\2B3.tmp
    2009-08-30 01:53 . 2008-09-27 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
    2009-08-25 13:12 . 2009-07-31 22:01 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\mjusbsp
    2009-08-23 14:46 . 2008-06-14 17:14 -------- d-----w- c:\program files\Yahoo!
    2009-08-23 05:05 . 2009-03-15 04:18 1879840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-08-23 00:24 . 2009-06-09 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2009-08-23 00:01 . 2009-04-09 15:43 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\Samsung
    2009-08-22 01:16 . 2008-06-10 02:10 -------- d-----w- c:\program files\Electronic Arts
    2009-08-22 01:16 . 2009-06-08 17:09 6934 ----a-w- c:\windows\system32\ealregsnapshot1.reg
    2009-08-19 18:34 . 2009-06-09 00:57 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-08-19 18:34 . 2009-06-09 00:57 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-08-16 22:08 . 2008-07-27 13:30 -------- d-----w- c:\program files\QuickTime
    2009-08-13 00:04 . 2008-06-08 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-08-11 00:46 . 2008-06-03 05:21 -------- d-----w- c:\program files\NVIDIA Corporation
    2009-08-11 00:41 . 2008-10-19 14:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-08-07 22:26 . 2008-08-01 04:16 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\Apple Computer
    2009-08-07 20:53 . 2009-03-16 17:02 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\TeamViewer
    2009-08-06 11:11 . 2008-06-03 05:19 -------- d-----w- c:\program files\Java
    2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-02 21:04 . 2009-08-02 21:04 -------- d-----w- c:\program files\iTunes
    2009-08-02 21:04 . 2009-08-02 21:04 -------- d-----w- c:\program files\iPod
    2009-08-02 21:04 . 2008-08-01 04:15 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-01 00:53 . 2008-06-10 00:43 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-25 09:23 . 2008-11-29 14:25 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-21 16:59 . 2009-06-25 01:40 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\FrostWire
    2009-07-19 00:34 . 2008-06-03 05:25 -------- d-----w- c:\program files\Common Files\Adobe
    2009-07-18 15:43 . 2009-07-18 15:42 -------- d-----w- c:\program files\Sony
    2009-07-17 19:01 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 18:54 . 2009-05-01 02:02 1597690 ----a-w- c:\windows\system32\nvdata.bin
    2009-07-14 18:54 . 2009-02-18 19:44 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
    2009-07-14 18:54 . 2008-06-03 05:06 485920 ----a-w- c:\windows\system32\nvudisp.exe
    2009-07-14 17:35 . 2009-07-14 17:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
    2009-07-14 17:34 . 2009-07-14 17:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
    2009-07-14 03:43 . 2004-08-11 22:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-10 11:01 . 2008-06-03 05:06 485920 ----a-w- c:\windows\system32\nvuninst.exe
    2009-07-03 17:09 . 2004-08-11 22:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-25 08:25 . 2004-08-11 22:00 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2004-08-11 22:00 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2004-08-11 22:00 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:25 . 2004-08-11 22:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2004-08-11 22:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 11:18 . 2004-08-11 22:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-16 14:36 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:36 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-12 12:31 . 2004-08-11 22:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-12 12:31 . 2004-08-11 22:00 76288 ----a-w- c:\windows\system32\telnet.exe
    2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-01-15 106496]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-03 68856]
    "cdloader"="c:\documents and settings\Abhisetu\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-10-26 184352]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-15 81920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-15 8523776]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-30 198160]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-01-15 16855552]
    "PMX Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2006-11-08 49152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Abhisetu\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-3 24576]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-1-17 42168]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-04-19 00:18 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^Abhisetu^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Abhisetu\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
    backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reality Fusion GameCam SE.lnk
    backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PronunciationPatterns

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
    "c:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
    "c:\\Documents and Settings\\Abhisetu\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\WINDOWS\\system32\\nvraidservice.exe"=
    "c:\\WINDOWS\\system32\\searchindexer.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Abhisetu\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/24/2009 2:16 AM 206256]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 11:11 AM 35328]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/2/2009 5:32 PM 210216]
    R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [1/22/2009 4:47 PM 86016]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/24/2009 2:15 AM 348752]
    S1 imvibuts;imvibuts;c:\windows\system32\drivers\imvibuts.sys [2/23/2009 2:29 AM 30880]
    S1 lxhynpuh;lxhynpuh;c:\windows\system32\drivers\lxhynpuh.sys [2/23/2009 7:11 AM 30880]
    S2 gupdate1c9fa66a359971d;Google Update Service (gupdate1c9fa66a359971d);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2009 12:11 PM 133104]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/9/2009 11:43 AM 36608]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [7/18/2009 11:43 AM 39048]
    S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [6/6/2008 12:14 AM 18432]
    S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [6/6/2008 12:14 AM 14336]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

    2009-09-09 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-03 16:10]

    2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 16:11]

    2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 16:11]

    2009-08-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-03 15:53]

    2009-09-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-03 15:53]

    2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{16E17406-2B4A-4A76-BBEC-1BA81D13D6D1}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-24 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080603
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    FF - ProfilePath - c:\documents and settings\Abhisetu\Application Data\Mozilla\Firefox\Profiles\gs7pf2a7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHANS REMOVED - - - -

    BHO-{5865d058-4422-4169-941e-1da7d4eab392} - (no file)
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    Notify-54eb391d663 - c:\windows\System32\comuid32.dll
    AddRemove-HijackThis - C:\HijackThis.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-09 16:03
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3148179307-4206162727-4057685918-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:31,32,2b,83,9c,23,0c,a5,f6,a7,66,1e,79,a4,63,fd,de,d2,9b,5b,37,34,5a,
    27,e3,5c,59,15,3d,48,db,38,9f,e0,2a,41,4e,1e,33,91,88,d9,8a,84,ac,c0,be,17,\
    "??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74

    [HKEY_USERS\S-1-5-21-3148179307-4206162727-4057685918-1005\Software\SecuROM\License information*]
    "datasecu"=hex:74,19,d1,8e,bc,aa,f5,a8,dc,e0,a4,8a,8a,5a,fc,d5,74,48,c9,36,13,
    23,63,34,6e,58,a6,42,0f,0a,51,9e,8c,6e,62,98,2a,46,d0,10,f4,f6,78,3e,2b,fb,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(880)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

    - - - - - - - > 'explorer.exe'(348)
    c:\windows\system32\WININET.dll
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\Crypserv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
    c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
    c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\program files\McAfee\MSK\msksrver.exe
    c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Spyware Doctor\pctsSvc.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\searchindexer.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-09-09 16:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-09-09 20:07

    Pre-Run: 401,033,801,728 bytes free
    Post-Run: 400,889,622,528 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="windows xp professional" /fastdetect

    418 --- E O F --- 2009-09-02 00:00


    Please find the Fresh HijackThis log as below...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:10:10, on 9/9/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\system32\nvraidservice.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\WordWeb\wweb32.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5080603
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Abhisetu\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driver...reqlab_nvd.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
    O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.idesitv.com/livetv.ocx
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...33/mcfscan.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c9fa66a359971d) (gupdate1c9fa66a359971d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 16510 bytes


    I will wait for your response.

    Thanks a ton..

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.

    You will now be presented with a screen similar to the one below:



    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Sep 2009
    Posts
    7

    Default

    Unistall program list:

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Acrobat.com
    Acrobat.com
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe After Effects CS3 Presets
    Adobe AIR
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color Common Settings
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe MotionPicture Color Files
    Adobe PDF Library Files CS4
    Adobe Photoshop CS3
    Adobe Reader 9
    Adobe Setup
    Adobe Setup
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AdobeColorCommonSetRGB
    AHV content for Acrobat and Flash
    Apple Mobile Device Support
    Apple Software Update
    AutoCAD 2008 - English
    AutoCAD 2008 - English SP1
    AutoCAD Architecture 2009 Object Enabler on AutoCAD 2009 - English (United States)
    AutoCAD Architecture 2009 Object Enabler on AutoCAD Architecture 2009 - English (United States)
    AutoCAD Architecture 2009 Object Enabler on Autodesk 3ds Max 2009 32-bit - Language Neutral
    Autodesk 3ds Max 2009 32-bit
    Autodesk Backburner 2008.1
    Autodesk Design Review 2009
    Autodesk DWF Viewer 7
    Autodesk Raster Design 2008 Object Enabler on AutoCAD 2008 - English (United States)
    AviSynth 2.5
    Banctec Service Agreement
    Bonjour
    Browser Address Error Redirector
    Comcast High-Speed Internet Install Wizard
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.92 DFVc Modem
    CorelDRAW Graphics Suite 12
    Critical Update for Windows Media Player 11 (KB959772)
    DDX DWF Support
    DDXGDIRenderer
    DDXSheetSets
    DDXViewX
    Digital Line Detect
    Digital Voice Editor 3
    DivX ;-) Audio Compressor 4.02
    DivX Codec
    DivX Codec 3.1alpha release
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Web Player
    Documentation & Support Launcher
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DWGDirectX Core
    Easy DVD Copy
    EndNote 9.0.1
    FBX Plugin 2009.0 for Max 2009
    FeedReader
    ffdshow [rev 2844] [2009-03-30]
    FrostWire 4.13.3
    Games, Music, & Photos Launcher
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToAssist 8.0.0.514
    Grand Theft Auto IV
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Home Media Server 4.2.0.38
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    IDrop
    InterActual Player
    Internet Service Offers Launcher
    ISI ResearchSoft - Export Helper
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 15
    Java(TM) 6 Update 7
    Linksys EasyLink Advisor 1.5 (1044)
    Logitech QuickCam
    Logitech QuickCam Driver Package
    McAfee SecurityCenter
    McAfee Virtual Technician
    Memorex exPressit Label Design Studio
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MobileMe Control Panel
    Modem Helper
    Mouse Suite for Desktop Computers
    Movie Maker Background Music Files
    Movie Maker Sound Effects
    Movie Maker Title Images
    Mozilla Firefox (3.0.10)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    Nero 7 Essentials
    neroxml
    NetWaiting
    Nokia Connectivity Cable Driver
    Nokia Download!
    Nokia Map Loader
    Nokia NSeries Application Installer
    Nokia NSeries Application Installer 6.83.11
    Nokia NSeries Content Copier
    Nokia NSeries Content Copier 6.83.11
    Nokia NSeries Music Manager
    Nokia NSeries Music Manager 6.83.11
    Nokia NSeries One Touch Access
    Nokia NSeries One Touch Access 6.83.11
    Nokia Nseries PC Suite
    Nokia NSeries System Utilities
    Nokia NSeries System Utilities 6.83.11
    Nokia Nseries Video Manager
    Nokia Photos
    Nokia Software Updater
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA Performance
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA System Monitor
    NVIDIA System Monitor
    Orb
    PC Connectivity Solution
    PDF Settings CS4
    PDFExport
    Personal License Update Wizard for Windows Media Player
    Plus! MP3 Audio Converter LE
    PowerArchiver 2009
    PowerDVD
    PQ DVD to iPod Video Suite (remove only)
    QuickCam
    QuickTime
    Race Driver 3
    RealPlayer
    Realtek High Definition Audio Driver
    Rhapsody Player Engine
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    ScriptPro
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Skype™ 3.8
    Spybot - Search & Destroy
    Spyware Doctor 6.1
    StyleWriter 4 Beta
    SVGExport
    Switch Sound File Converter
    System Requirements Lab
    TeamViewer 4
    The Weather Channel Desktop 6
    Unit Conversion Tool Evaluation Version 5.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB957244)
    Update for Microsoft Office Excel 2007 Help (KB957242)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Microsoft Office Outlook 2007 Help (KB957246)
    Update for Microsoft Office PowerPoint 2007 Help (KB957247)
    Update for Microsoft Office Word 2007 Help (KB957252)
    Update for Outlook 2007 Junk Email Filter (kb972691)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.762
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WD Diagnostics
    Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
    Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Media Bonus Pack for Windows XP
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Media Player 11
    Windows Media Player Playlist Import to Excel Wizard
    Windows Media Player Skin Importer
    Windows Media Player Tray Control
    Windows Mobile Feb. 2008 DST Updates
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    WordWeb
    Xvid 1.1.3 final uninstall
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Software Update
    YouTube Downloader App 1.01

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    FrostWire 4.13.3


    I'd like you to read the this thread.

    Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

    Please run a new uninstall list scan when finished and post the log back here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #7
    Junior Member
    Join Date
    Sep 2009
    Posts
    7

    Default

    Updated Uninstall log:

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Acrobat.com
    Acrobat.com
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe After Effects CS3 Presets
    Adobe AIR
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color Common Settings
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe MotionPicture Color Files
    Adobe PDF Library Files CS4
    Adobe Photoshop CS3
    Adobe Reader 9
    Adobe Setup
    Adobe Setup
    Adobe Setup
    Adobe SING CS3
    Adobe Soundbooth CS3
    Adobe Soundbooth CS3 Codecs
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AdobeColorCommonSetRGB
    AHV content for Acrobat and Flash
    Apple Mobile Device Support
    Apple Software Update
    AutoCAD 2008 - English
    AutoCAD 2008 - English SP1
    AutoCAD Architecture 2009 Object Enabler on AutoCAD 2009 - English (United States)
    AutoCAD Architecture 2009 Object Enabler on AutoCAD Architecture 2009 - English (United States)
    AutoCAD Architecture 2009 Object Enabler on Autodesk 3ds Max 2009 32-bit - Language Neutral
    Autodesk 3ds Max 2009 32-bit
    Autodesk Backburner 2008.1
    Autodesk Design Review 2009
    Autodesk DWF Viewer 7
    Autodesk Raster Design 2008 Object Enabler on AutoCAD 2008 - English (United States)
    AviSynth 2.5
    Banctec Service Agreement
    Bonjour
    Browser Address Error Redirector
    Comcast High-Speed Internet Install Wizard
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.92 DFVc Modem
    CorelDRAW Graphics Suite 12
    Critical Update for Windows Media Player 11 (KB959772)
    DDX DWF Support
    DDXGDIRenderer
    DDXSheetSets
    DDXViewX
    Digital Line Detect
    Digital Voice Editor 3
    DivX ;-) Audio Compressor 4.02
    DivX Codec
    DivX Codec 3.1alpha release
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Web Player
    Documentation & Support Launcher
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DWGDirectX Core
    Easy DVD Copy
    EndNote 9.0.1
    FBX Plugin 2009.0 for Max 2009
    FeedReader
    ffdshow [rev 2844] [2009-03-30]
    Games, Music, & Photos Launcher
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToAssist 8.0.0.514
    Grand Theft Auto IV
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Home Media Server 4.2.0.38
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    IDrop
    InterActual Player
    Internet Service Offers Launcher
    ISI ResearchSoft - Export Helper
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 15
    Java(TM) 6 Update 7
    Linksys EasyLink Advisor 1.5 (1044)
    Logitech QuickCam
    Logitech QuickCam Driver Package
    McAfee SecurityCenter
    McAfee Virtual Technician
    Memorex exPressit Label Design Studio
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MobileMe Control Panel
    Modem Helper
    Mouse Suite for Desktop Computers
    Movie Maker Background Music Files
    Movie Maker Sound Effects
    Movie Maker Title Images
    Mozilla Firefox (3.0.10)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6.0 Parser (KB933579)
    Nero 7 Essentials
    neroxml
    NetWaiting
    Nokia Connectivity Cable Driver
    Nokia Download!
    Nokia Map Loader
    Nokia NSeries Application Installer
    Nokia NSeries Application Installer 6.83.11
    Nokia NSeries Content Copier
    Nokia NSeries Content Copier 6.83.11
    Nokia NSeries Music Manager
    Nokia NSeries Music Manager 6.83.11
    Nokia NSeries One Touch Access
    Nokia NSeries One Touch Access 6.83.11
    Nokia Nseries PC Suite
    Nokia NSeries System Utilities
    Nokia NSeries System Utilities 6.83.11
    Nokia Nseries Video Manager
    Nokia Photos
    Nokia Software Updater
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    NVIDIA Performance
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA System Monitor
    NVIDIA System Monitor
    Orb
    PC Connectivity Solution
    PDF Settings CS4
    PDFExport
    Personal License Update Wizard for Windows Media Player
    Plus! MP3 Audio Converter LE
    PowerArchiver 2009
    PowerDVD
    PQ DVD to iPod Video Suite (remove only)
    QuickCam
    QuickTime
    Race Driver 3
    RealPlayer
    Realtek High Definition Audio Driver
    Rhapsody Player Engine
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    ScriptPro
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Skype™ 3.8
    Spybot - Search & Destroy
    Spyware Doctor 6.1
    StyleWriter 4 Beta
    SVGExport
    Switch Sound File Converter
    System Requirements Lab
    TeamViewer 4
    The Weather Channel Desktop 6
    Unit Conversion Tool Evaluation Version 5.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB957244)
    Update for Microsoft Office Excel 2007 Help (KB957242)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Microsoft Office Outlook 2007 Help (KB957246)
    Update for Microsoft Office PowerPoint 2007 Help (KB957247)
    Update for Microsoft Office Word 2007 Help (KB957252)
    Update for Outlook 2007 Junk Email Filter (kb972691)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.762
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WD Diagnostics
    Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
    Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Media Bonus Pack for Windows XP
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Media Player 11
    Windows Media Player Playlist Import to Excel Wizard
    Windows Media Player Skin Importer
    Windows Media Player Tray Control
    Windows Mobile Feb. 2008 DST Updates
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    WordWeb
    Xvid 1.1.3 final uninstall
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Software Update
    YouTube Downloader App 1.01

  8. #8
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      File::
      
      Folder::
      c:\documents and settings\Abhisetu\Application Data\FrostWire
      c:\Program Files\FrostWire
      
      Registry::
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\FrostWire\\FrostWire.exe"=-
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #9
    Junior Member
    Join Date
    Sep 2009
    Posts
    7

    Default

    ComboFix log:

    ComboFix 09-09-09.09 - Abhisetu 09/10/2009 15:39.2.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2537 [GMT -4:00]
    Running from: c:\combofix\ComboFix.exe
    Command switches used :: c:\documents and settings\Abhisetu\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Abhisetu\Application Data\FrostWire
    c:\documents and settings\Abhisetu\Application Data\FrostWire\createtimes.cache
    c:\documents and settings\Abhisetu\Application Data\FrostWire\data.ser
    c:\documents and settings\Abhisetu\Application Data\FrostWire\fileurns.bak
    c:\documents and settings\Abhisetu\Application Data\FrostWire\fileurns.cache
    c:\documents and settings\Abhisetu\Application Data\FrostWire\filters.props
    c:\documents and settings\Abhisetu\Application Data\FrostWire\frostwire.props
    c:\documents and settings\Abhisetu\Application Data\FrostWire\installation.props
    c:\documents and settings\Abhisetu\Application Data\FrostWire\library.dat
    c:\documents and settings\Abhisetu\Application Data\FrostWire\pub1.key
    c:\documents and settings\Abhisetu\Application Data\FrostWire\public.key
    c:\documents and settings\Abhisetu\Application Data\FrostWire\questions.props
    c:\documents and settings\Abhisetu\Application Data\FrostWire\secureMessage.key
    c:\documents and settings\Abhisetu\Application Data\FrostWire\spam.dat
    c:\documents and settings\Abhisetu\Application Data\FrostWire\tables.props
    c:\documents and settings\Abhisetu\Application Data\FrostWire\themes\frostwire_theme.skin
    c:\documents and settings\Abhisetu\Application Data\FrostWire\themes\frostwire_theme\kill.png
    c:\documents and settings\Abhisetu\Application Data\FrostWire\themes\frostwire_theme\kill_on.png
    c:\documents and settings\Abhisetu\Application Data\FrostWire\themes\frostwire_theme\theme.txt
    c:\documents and settings\Abhisetu\Application Data\FrostWire\themes\windows_theme.skin
    c:\documents and settings\Abhisetu\Application Data\FrostWire\themes\windows_theme\chat.gif
    c:\documents and settings\Abhisetu\Application Data\FrostWire\themes\windows_theme\kill.png
    c:\documents and settings\Abhisetu\Application Data\FrostWire\themes\windows_theme\kill_on.png
    c:\documents and settings\Abhisetu\Application Data\FrostWire\themes\windows_theme\theme.txt
    c:\documents and settings\Abhisetu\Application Data\FrostWire\version.key
    c:\documents and settings\Abhisetu\Application Data\FrostWire\version.xml
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\data\audio.sxml
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\data\delete_me
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\misc\application.gif
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\misc\audio.gif
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\misc\document.gif
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\misc\image.gif
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\misc\video.gif
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\schemas\application.xsd
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\schemas\audio.xsd
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\schemas\document.xsd
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\schemas\image.xsd
    c:\documents and settings\Abhisetu\Application Data\FrostWire\xml\schemas\video.xsd
    c:\windows\system32\LocalService
    G:\autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
    .

    2009-09-09 19:29 . 2009-09-09 19:29 128888 ----a-w- c:\documents and settings\Abhisetu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-08 14:37 . 2009-09-10 18:59 -------- d-----w- C:\HijackThis
    2009-09-05 19:54 . 2009-09-05 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-09-05 19:54 . 2009-09-05 19:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-09-05 19:54 . 2009-09-05 19:04 16409960 ----a-w- C:\spybotsd162.exe
    2009-09-05 19:01 . 2009-09-05 19:01 -------- d-----w- c:\documents and settings\Abhisetu\Local Settings\Application Data\beta
    2009-09-04 03:39 . 2009-09-04 03:39 -------- d-----w- c:\program files\Codemasters
    2009-09-02 21:34 . 2009-09-02 21:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
    2009-09-02 21:34 . 2009-09-02 21:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
    2009-09-02 21:33 . 2009-09-02 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
    2009-09-02 19:33 . 2009-09-02 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
    2009-08-31 21:21 . 2009-09-02 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-08-30 01:47 . 2009-08-30 01:47 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\NSeries
    2009-08-28 00:24 . 2009-08-31 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
    2009-08-23 00:53 . 2009-08-23 00:53 -------- d-----w- c:\documents and settings\Abhisetu\Local Settings\Application Data\Codemasters
    2009-08-22 14:18 . 2009-08-22 14:18 8587 ----a-w- c:\windows\system32\nvUnsupRes.dat
    2009-08-17 14:06 . 2009-08-19 18:28 4 ----a-w- c:\windows\vx86036.dat
    2009-08-17 14:06 . 2009-08-17 14:06 -------- d-----w- c:\documents and settings\All Users\CrypKey
    2009-08-17 14:05 . 2008-08-22 20:14 21638 ----a-w- c:\windows\system32\Ckldrv.sys
    2009-08-17 14:05 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
    2009-08-17 14:05 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
    2009-08-17 14:05 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
    2009-08-17 14:05 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
    2009-08-17 14:05 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
    2009-08-17 14:05 . 2009-08-19 18:28 -------- d-----w- c:\program files\StyleWriter 4
    2009-08-17 13:59 . 2009-08-17 14:00 -------- d-----w- C:\Stylewriter Beta
    2009-08-16 12:56 . 2009-08-16 12:57 -------- d-----w- C:\Stylewriter
    2009-08-12 10:22 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-10 19:27 . 2009-02-24 06:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-09-10 19:22 . 2009-02-24 06:14 -------- d-----w- c:\program files\Spyware Doctor
    2009-09-08 14:38 . 2009-03-03 15:02 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\U3
    2009-09-04 03:39 . 2008-06-03 05:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-09-02 22:56 . 2009-05-09 11:02 -------- d-----w- c:\program files\Amazon
    2009-09-02 22:43 . 2008-06-03 05:26 -------- d-----w- c:\program files\McAfee
    2009-09-02 21:32 . 2008-06-03 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2009-09-01 02:20 . 2009-02-24 06:16 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-09-01 02:19 . 2009-09-01 02:19 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
    2009-08-31 23:24 . 2009-03-11 15:52 -------- d-----w- c:\program files\Easy DVD Copy
    2009-08-31 22:31 . 2008-06-03 05:29 -------- d-----w- c:\program files\MUSICMATCH
    2009-08-31 14:14 . 2009-06-09 02:40 -------- d-----w- c:\program files\PowerArchiver
    2009-08-31 03:44 . 2008-11-02 16:50 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\Skype
    2009-08-31 01:00 . 2009-08-31 01:00 518144 --sha-w- c:\windows\system32\2B3.tmp
    2009-08-30 01:53 . 2008-09-27 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
    2009-08-25 13:12 . 2009-07-31 22:01 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\mjusbsp
    2009-08-23 14:46 . 2008-06-14 17:14 -------- d-----w- c:\program files\Yahoo!
    2009-08-23 05:05 . 2009-03-15 04:18 1879840 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-08-23 00:24 . 2009-06-09 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2009-08-23 00:01 . 2009-04-09 15:43 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\Samsung
    2009-08-22 01:16 . 2008-06-10 02:10 -------- d-----w- c:\program files\Electronic Arts
    2009-08-22 01:16 . 2009-06-08 17:09 6934 ----a-w- c:\windows\system32\ealregsnapshot1.reg
    2009-08-19 18:34 . 2009-06-09 00:57 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2009-08-19 18:34 . 2009-06-09 00:57 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
    2009-08-16 22:08 . 2008-07-27 13:30 -------- d-----w- c:\program files\QuickTime
    2009-08-13 00:04 . 2008-06-08 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-08-11 00:46 . 2008-06-03 05:21 -------- d-----w- c:\program files\NVIDIA Corporation
    2009-08-11 00:41 . 2008-10-19 14:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-08-11 00:40 . 2009-08-11 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2009-08-07 22:26 . 2008-08-01 04:16 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\Apple Computer
    2009-08-07 20:53 . 2009-03-16 17:02 -------- d-----w- c:\documents and settings\Abhisetu\Application Data\TeamViewer
    2009-08-06 11:11 . 2008-06-03 05:19 -------- d-----w- c:\program files\Java
    2009-08-05 09:01 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-02 21:04 . 2009-08-02 21:04 -------- d-----w- c:\program files\iTunes
    2009-08-02 21:04 . 2009-08-02 21:04 -------- d-----w- c:\program files\iPod
    2009-08-02 21:04 . 2008-08-01 04:15 -------- d-----w- c:\program files\Common Files\Apple
    2009-08-01 00:53 . 2008-06-10 00:43 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-25 09:23 . 2008-11-29 14:25 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-19 00:34 . 2008-06-03 05:25 -------- d-----w- c:\program files\Common Files\Adobe
    2009-07-18 15:43 . 2009-07-18 15:42 -------- d-----w- c:\program files\Sony
    2009-07-17 19:01 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 18:54 . 2009-08-11 00:39 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
    2009-07-14 18:54 . 2009-05-01 02:02 1597690 ----a-w- c:\windows\system32\nvdata.bin
    2009-07-14 18:54 . 2009-02-18 19:44 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
    2009-07-14 18:54 . 2008-06-03 05:06 485920 ----a-w- c:\windows\system32\nvudisp.exe
    2009-07-14 17:35 . 2009-07-14 17:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
    2009-07-14 17:34 . 2009-07-14 17:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
    2009-07-14 03:43 . 2004-08-11 22:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-10 11:01 . 2008-06-03 05:06 485920 ----a-w- c:\windows\system32\nvuninst.exe
    2009-07-03 17:09 . 2004-08-11 22:00 915456 ------w- c:\windows\system32\wininet.dll
    2009-06-25 08:25 . 2004-08-11 22:00 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2004-08-11 22:00 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2004-08-11 22:00 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:25 . 2004-08-11 22:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2004-08-11 22:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 11:18 . 2004-08-11 22:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-16 14:36 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 14:36 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-09-09_20.03.41 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-09-10 13:39 . 2009-09-10 13:39 16384 c:\windows\Temp\Perflib_Perfdata_72c.dat
    + 2008-06-06 04:14 . 2009-09-10 19:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-06 04:14 . 2009-09-09 13:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-06 04:14 . 2009-09-10 19:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-06-06 04:14 . 2009-09-09 13:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-09-10 00:31 . 2009-09-10 19:17 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-06-06 04:14 . 2009-09-09 13:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-03-22 18:37 . 2009-09-10 19:17 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    - 2009-03-22 18:37 . 2009-03-22 18:36 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-01-15 106496]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-03 68856]
    "cdloader"="c:\documents and settings\Abhisetu\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-10-26 184352]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-15 81920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-15 8523776]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-30 198160]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-01-15 16855552]
    "PMX Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2006-11-08 49152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Abhisetu\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-3 24576]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-1-17 42168]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-04-19 00:18 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^Abhisetu^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Abhisetu\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
    backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reality Fusion GameCam SE.lnk
    backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
    "c:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
    "c:\\Documents and Settings\\Abhisetu\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\WINDOWS\\system32\\nvraidservice.exe"=
    "c:\\WINDOWS\\system32\\searchindexer.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Abhisetu\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/24/2009 2:16 AM 206256]
    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 11:11 AM 35328]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/2/2009 5:32 PM 210216]
    R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [1/22/2009 4:47 PM 86016]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/24/2009 2:15 AM 348752]
    S1 imvibuts;imvibuts;c:\windows\system32\drivers\imvibuts.sys [2/23/2009 2:29 AM 30880]
    S1 lxhynpuh;lxhynpuh;c:\windows\system32\drivers\lxhynpuh.sys [2/23/2009 7:11 AM 30880]
    S2 gupdate1c9fa66a359971d;Google Update Service (gupdate1c9fa66a359971d);c:\program files\Google\Update\GoogleUpdate.exe [7/1/2009 12:11 PM 133104]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/9/2009 11:43 AM 36608]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [7/18/2009 11:43 AM 39048]
    S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [6/6/2008 12:14 AM 18432]
    S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [6/6/2008 12:14 AM 14336]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

    2009-09-10 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-03 16:10]

    2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 16:11]

    2009-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 16:11]

    2009-08-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-03 15:53]

    2009-09-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-03 15:53]

    2009-09-10 c:\windows\Tasks\User_Feed_Synchronization-{16E17406-2B4A-4A76-BBEC-1BA81D13D6D1}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-24 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080603
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    FF - ProfilePath - c:\documents and settings\Abhisetu\Application Data\Mozilla\Firefox\Profiles\gs7pf2a7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-10 15:47
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3148179307-4206162727-4057685918-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:31,32,2b,83,9c,23,0c,a5,f6,a7,66,1e,79,a4,63,fd,de,d2,9b,5b,37,34,5a,
    27,e3,5c,59,15,3d,48,db,38,9f,e0,2a,41,4e,1e,33,91,88,d9,8a,84,ac,c0,be,17,\
    "??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74

    [HKEY_USERS\S-1-5-21-3148179307-4206162727-4057685918-1005\Software\SecuROM\License information*]
    "datasecu"=hex:74,19,d1,8e,bc,aa,f5,a8,dc,e0,a4,8a,8a,5a,fc,d5,74,48,c9,36,13,
    23,63,34,6e,58,a6,42,0f,0a,51,9e,8c,6e,62,98,2a,46,d0,10,f4,f6,78,3e,2b,fb,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(876)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    .
    Completion time: 2009-09-10 15:49
    ComboFix-quarantined-files.txt 2009-09-10 19:48

    Pre-Run: 400,716,857,344 bytes free
    Post-Run: 400,662,085,632 bytes free

    363 --- E O F --- 2009-09-02 00:00

  10. #10
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •