Hi

Looks like my computer is infected with madinjection.rtk

Scanned with Spybot Search & Destroy, found MadInjection.rtk. Cleaned using the same program. it shows a green tick goes to the recovery section. I deleted from recovery section.

Scanned the computer using Malwarebytes Anti-Malware, found nothing, log attached.

Rebooted the computer.

Scanned with Spybot Search & Destroy, found MadInjection.rtk again. It keeps coming back.

Malwarebytes found nothing.

I tried to delete it manually but it keeps coming back after reboot.

Please help. Attached is log file of HJT and Malwarebytes Anti-Malware

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:47 PM, on 19/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rahul\My Documents\Internet Downloads\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F72AD89-7BB6-4AA9-9890-15B1481E0F24}: Domain = nsw.bigpond.net.au
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6364 bytes

Log File

Malwarebytes' Anti-Malware 1.33
Database version: 1663
Windows 5.1.2600 Service Pack 3

18/01/2009 4:11:37 PM
mbam-log-2009-01-18 (16-11-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 122392
Time elapsed: 3 hour(s), 29 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.

Hi

Here is a log file for combofix

ComboFix 09-01-21.04 - Rahul 2009-01-24 14:38:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.230 [GMT 11:00]
Running from: c:\documents and settings\Rahul\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_006332_.tmp.dll
c:\windows\system32\_006333_.tmp.dll
c:\windows\system32\_006334_.tmp.dll
c:\windows\system32\_006335_.tmp.dll
c:\windows\system32\_006342_.tmp.dll
c:\windows\system32\_006343_.tmp.dll
c:\windows\system32\_006344_.tmp.dll
c:\windows\system32\_006345_.tmp.dll
c:\windows\system32\_006347_.tmp.dll
c:\windows\system32\_006348_.tmp.dll
c:\windows\system32\_006351_.tmp.dll
c:\windows\system32\_006352_.tmp.dll
c:\windows\system32\_006355_.tmp.dll
c:\windows\system32\_006356_.tmp.dll
c:\windows\system32\_006358_.tmp.dll
c:\windows\system32\_006361_.tmp.dll
c:\windows\system32\_006362_.tmp.dll
c:\windows\system32\_006367_.tmp.dll
c:\windows\system32\_006369_.tmp.dll
c:\windows\system32\_006372_.tmp.dll
c:\windows\system32\_006374_.tmp.dll
c:\windows\system32\_006375_.tmp.dll
c:\windows\system32\_006376_.tmp.dll
c:\windows\system32\_006377_.tmp.dll
c:\windows\system32\_006378_.tmp.dll
c:\windows\system32\_006381_.tmp.dll
c:\windows\system32\_006382_.tmp.dll
c:\windows\system32\_006383_.tmp.dll
c:\windows\system32\_006384_.tmp.dll
c:\windows\system32\_006385_.tmp.dll
c:\windows\system32\_006390_.tmp.dll
c:\windows\system32\_006392_.tmp.dll
c:\windows\system32\_006393_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-19 20:00 . 2009-01-19 20:00 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-19 10:29 . 2009-01-24 14:12 2,560 --a------ c:\windows\system32\drivers\mchInjDrv.sys
2009-01-17 11:53 . 2009-01-17 11:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-01-17 11:46 . 2009-01-17 11:46 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-17 11:42 . 2009-01-17 11:42 <DIR> d-------- c:\program files\Apple Software Update
2009-01-17 11:42 . 2009-01-17 11:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-17 11:32 . 2009-01-17 11:32 <DIR> d-------- c:\program files\Secunia
2009-01-09 13:18 . 2008-04-14 00:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2009-01-09 13:18 . 2008-04-14 00:15 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-31 18:17 . 2008-10-17 07:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-31 18:17 . 2007-04-17 20:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-31 18:17 . 2007-03-08 16:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-31 18:17 . 2008-10-17 07:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-31 18:17 . 2008-10-17 07:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-31 18:17 . 2008-10-17 07:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-31 18:17 . 2008-10-17 07:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-31 18:17 . 2008-10-17 07:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-31 18:17 . 2008-10-17 00:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-30 17:24 . 2009-01-09 13:29 20 --a------ C:\sccfg.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 03:41 28,388,896 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-24 03:28 67,072 ----a-w c:\windows\Internet Logs\xDB18E.tmp
2009-01-24 03:28 380,516 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-24 03:28 3,780,608 ----a-w c:\windows\Internet Logs\xDB18F.tmp
2009-01-24 03:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-24 00:01 3,778,560 ----a-w c:\windows\Internet Logs\xDB18D.tmp
2009-01-19 09:25 3,796,992 ----a-w c:\windows\Internet Logs\xDB18C.tmp
2009-01-19 09:25 154,624 ----a-w c:\windows\Internet Logs\xDB18B.tmp
2009-01-19 05:15 3,777,024 ----a-w c:\windows\Internet Logs\xDB18A.tmp
2009-01-19 00:16 175,104 ----a-w c:\windows\Internet Logs\xDB189.tmp
2009-01-18 08:42 3,782,656 ----a-w c:\windows\Internet Logs\xDB188.tmp
2009-01-18 00:55 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-17 03:48 3,771,392 ----a-w c:\windows\Internet Logs\xDB187.tmp
2009-01-17 01:48 3,811,328 ----a-w c:\windows\Internet Logs\xDB186.tmp
2009-01-17 01:48 180,736 ----a-w c:\windows\Internet Logs\xDB185.tmp
2009-01-17 01:40 --------- d-----w c:\program files\Common Files\Adobe
2009-01-17 00:48 --------- d-----w c:\program files\QuickTime
2009-01-17 00:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-16 01:54 184,832 ----a-w c:\windows\Internet Logs\xDB184.tmp
2009-01-15 03:52 3,764,736 ----a-w c:\windows\Internet Logs\xDB183.tmp
2009-01-15 03:42 3,764,224 ----a-w c:\windows\Internet Logs\xDB182.tmp
2009-01-15 03:24 49,152 ----a-w c:\windows\Internet Logs\xDB181.tmp
2009-01-15 02:54 70,144 ----a-w c:\windows\Internet Logs\xDB180.tmp
2009-01-14 07:53 240,128 ----a-w c:\windows\Internet Logs\xDB17F.tmp
2009-01-14 05:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 05:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-14 02:49 156,672 ----a-w c:\windows\Internet Logs\xDB17E.tmp
2009-01-13 09:35 3,756,032 ----a-w c:\windows\Internet Logs\xDB17D.tmp
2009-01-13 09:35 199,168 ----a-w c:\windows\Internet Logs\xDB17C.tmp
2009-01-13 02:56 3,755,520 ----a-w c:\windows\Internet Logs\xDB17B.tmp
2009-01-12 09:47 126,976 ----a-w c:\windows\Internet Logs\xDB17A.tmp
2009-01-10 12:53 111,616 ----a-w c:\windows\Internet Logs\xDB179.tmp
2009-01-10 10:06 14,336 ----a-w c:\windows\Internet Logs\xDB178.tmp
2009-01-10 10:05 348,672 ----a-w c:\windows\Internet Logs\xDBF4F.tmp
2009-01-10 05:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-10 01:24 --------- d-----w c:\program files\CCleaner
2009-01-10 01:19 --------- d-----w c:\program files\SpywareBlaster
2009-01-10 01:18 --------- d-----w c:\program files\SpywareGuard
2009-01-09 13:29 281,600 ----a-w c:\windows\Internet Logs\xDB177.tmp
2009-01-09 03:41 3,731,968 ----a-w c:\windows\Internet Logs\xDB176.tmp
2009-01-09 03:20 57,344 ----a-w c:\windows\Internet Logs\xDB174.tmp
2009-01-09 03:20 3,735,040 ----a-w c:\windows\Internet Logs\xDB175.tmp
2009-01-09 03:08 --------- d-----w c:\program files\LearningPOWER
2009-01-09 02:36 62,464 ----a-w c:\windows\Internet Logs\xDB172.tmp
2009-01-09 02:36 3,742,208 ----a-w c:\windows\Internet Logs\xDB173.tmp
2009-01-09 02:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-09 02:18 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2009-01-09 01:31 3,735,552 ----a-w c:\windows\Internet Logs\xDB171.tmp
2009-01-09 01:31 149,504 ----a-w c:\windows\Internet Logs\xDB170.tmp
2009-01-08 23:10 3,730,432 ----a-w c:\windows\Internet Logs\xDB16F.tmp
2008-12-31 08:44 48,640 ----a-w c:\windows\Internet Logs\xDB16D.tmp
2008-12-31 08:44 3,730,432 ----a-w c:\windows\Internet Logs\xDB16E.tmp
2008-12-31 08:09 10,449,278 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-31 08:08 379,904 ----a-w c:\windows\Internet Logs\xDB16B.tmp
2008-12-31 08:08 3,750,912 ----a-w c:\windows\Internet Logs\xDB16C.tmp
2008-12-30 22:08 3,727,360 ----a-w c:\windows\Internet Logs\xDB16A.tmp
2008-12-30 11:47 349,184 ----a-w c:\windows\Internet Logs\xDB169.tmp
2008-12-23 09:39 --------- d-----w c:\program files\Spyware Doctor
2008-12-23 09:39 --------- d-----w c:\program files\Common Files\PC Tools
2008-12-23 09:35 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-12-22 06:40 123,904 ----a-w c:\windows\Internet Logs\xDB168.tmp
2008-12-22 01:36 3,695,104 ----a-w c:\windows\Internet Logs\xDB167.tmp
2008-12-22 01:04 3,694,592 ----a-w c:\windows\Internet Logs\xDB166.tmp
2008-12-21 11:00 50,176 ----a-w c:\windows\Internet Logs\xDB164.tmp
2008-12-21 11:00 3,693,568 ----a-w c:\windows\Internet Logs\xDB165.tmp
2008-12-21 09:32 51,200 ----a-w c:\windows\Internet Logs\xDB162.tmp
2008-12-21 09:32 3,693,056 ----a-w c:\windows\Internet Logs\xDB163.tmp
2008-12-21 09:17 --------- d-----w c:\program files\Java
2008-12-20 02:58 42,496 ----a-w c:\windows\Internet Logs\xDB161.tmp
2008-12-20 02:31 95,232 ----a-w c:\windows\Internet Logs\xDB15F.tmp
2008-12-20 02:31 3,698,688 ----a-w c:\windows\Internet Logs\xDB160.tmp
2008-12-20 00:25 3,683,840 ----a-w c:\windows\Internet Logs\xDB15E.tmp
2008-12-20 00:09 55,296 ----a-w c:\windows\Internet Logs\xDB15C.tmp
2008-12-20 00:09 3,688,960 ----a-w c:\windows\Internet Logs\xDB15D.tmp
2008-12-12 12:35 3,686,400 ----a-w c:\windows\Internet Logs\xDB15B.tmp
2008-12-12 12:35 195,072 ----a-w c:\windows\Internet Logs\xDB15A.tmp
2008-12-11 11:04 98,304 ----a-w c:\windows\Internet Logs\xDB159.tmp
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 08:48 --------- d-----w c:\documents and settings\Rahul\Application Data\Malwarebytes
2008-12-11 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 08:39 --------- d-----w c:\program files\Lavasoft
2008-12-11 08:36 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-11 08:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-11 07:04 78,336 ----a-w c:\windows\Internet Logs\xDB157.tmp
2008-12-11 07:04 3,680,768 ----a-w c:\windows\Internet Logs\xDB158.tmp
2008-12-10 14:17 7,808 ----a-w c:\windows\system32\drivers\psi_mf.sys
2008-12-10 10:25 912,384 ----a-w c:\windows\Internet Logs\xDB155.tmp
2008-12-10 10:25 3,664,896 ----a-w c:\windows\Internet Logs\xDB156.tmp
2008-12-10 07:13 3,664,384 ----a-w c:\windows\Internet Logs\xDB154.tmp
2008-12-09 02:44 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-08 09:19 177,152 ----a-w c:\windows\Internet Logs\xDB153.tmp
2008-12-07 10:05 529,920 ----a-w c:\windows\Internet Logs\xDB151.tmp
2008-12-07 10:05 3,645,440 ----a-w c:\windows\Internet Logs\xDB152.tmp
2008-12-06 12:01 3,652,608 ----a-w c:\windows\Internet Logs\xDB150.tmp
2008-12-04 09:56 117,248 ----a-w c:\windows\Internet Logs\xDB14F.tmp
2008-12-03 10:04 89,088 ----a-w c:\windows\Internet Logs\xDB14E.tmp
2008-12-02 12:58 73,728 ----a-w c:\windows\Internet Logs\xDB14C.tmp
2008-12-02 12:58 3,642,880 ----a-w c:\windows\Internet Logs\xDB14D.tmp
2008-12-02 10:05 110,080 ----a-w c:\windows\Internet Logs\xDB14B.tmp
2008-11-30 12:37 821,248 ----a-w c:\windows\Internet Logs\xDB14A.tmp
2006-11-07 00:50 5 --sha-w c:\windows\system32\adaaee0_s.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 1481968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rahul^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Rahul\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-08-04 18:28 49152 c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-05-19 20:38 1957888 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 18:05 217088 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-09 13:44 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-08-15 18:34 57344 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [2009-01-19 2560]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-12-23 160792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-02-26 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-26 51440]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-23 356920]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-11 7808]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)
MSConfigStartUp-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-Logitech Hardware Abstraction Layer - KHALMNPR.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Rahul\Application Data\Mozilla\Firefox\Profiles\jcergwqz.Rahul\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 14:41:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(760)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Completion time: 2009-01-24 14:46:52
ComboFix-quarantined-files.txt 2009-01-24 03:46:47

Pre-Run: 61,142,204,416 bytes free
Post-Run: 61,112,045,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
290 --- E O F --- 2009-01-14 02:22:47

The combofix log does not show anything harmful remaining. It does however, indicate that you have some serious security issues.

These lines from the report:
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*

Indicate you have no realtime AntiVirus protection and no firewall active. Note that you should only have one AntiVirus program program providing real time protection.

Check your settings and make sure that Zone Alarm is fully active, if that is your program of choice.

Also, when you post back, advise if there are outstanding issues.

Hi

Anti-virus and firewall were only dis-abled during scanning by ComboFix.

Anti-virus with Spyware Doctor is always disabled. I only use 1 antivirus.

madinjection.rtk is still picked by spybot search & destroy. The location is

C:\WINDOWS\system32\drivers\mchlnjDrv.sys

Will there be a problem if we leave it there.

A file named mchlnjDrv.sys is also a part of Comodo. At any time in the recent past, did you have any programs from Comodo installed? (firewall, AV, BOClean, Security Suite)

I have never used comodo product at anytime. I have used Norton and AVG before.

Here is a log of softwares installed

5-6 MathsPOWER
ACD Product-Security-Vulnerability Update
ACDSee 9 Photo Manager
ACDSee Photo Editor
Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Photoshop CS
Adobe Reader 9
Adobe Shockwave Player
AnyDVD
Apple Software Update
Bettergrades English Workout 2.0
Bettergrades Higher English Workout 2.0
Bettergrades Higher Mathematics Quiz 2.0
Bettergrades Mathematics Quiz 2.0
Bettergrades Science Quiz 2.0
CCleaner (remove only)
Concise Oxford English Dictionary (Eleventh Edition)
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
DVD Shrink 3.2
Enable S3 for USB Device
High School Mathematics Version 5.0
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
Java™ 6 Update 11
L&H TTS3000 British English
LingvoSoft Talking Dictionary 2006 (English<->Hindi) for Windows
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Premium Suite 2005 DVD
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 6 Ultra Edition
Nero Digital
PowerISO
QuickTime
RaidApplication
Realtek AC'97 Audio
Registry Mechanic 7.0
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spyware Doctor 6.0
SpywareBlaster 4.1
SpywareGuard v2.2
SUPERAntiSpyware Professional
Tweak UI
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Windows Defender Signatures
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
WinZip
ZoneAlarm Security Suite

Let's check and see if the file is ok or bad


Please submit the following file(s) to VirusTotal for analysis: http://www.virustotal.com

C:\WINDOWS\system32\drivers\mchlnjDrv.sys


Be sure to post the results in this thread.

Hi

Here is the result for virustotal scan

ClamAV 0.94.1 2009.01.27 Trojan.Small-4369

NOD32 3805 2009.01.28 Win32/Monitor.PCAgent

TheHacker 6.3.1.5.229 2009.01.26 Trojan/Agent.go

Only 3 Antivirus showed result others were blank. Here is the link to results.

http://www.virustotal.com/analisis/a3e5c03...dd9cf90e7873639

Additional information
Tamano archivo: 2560 bytes
MD5...: 9971aa2d16cb558358d6f6f3b5055cba
SHA1..: 288c6072be03ee6bc957126f14bb9bde0d199081
SHA256: ea25afa088e47cb1bfa985f110927e88326f75b060d0c58405c211d5416b4dff
SHA512: f0154f95255e5bac0b5f3987001299171e30086a86580d3c7426b170c1d1c9e2
9427abd7e156186d14aa51f8f3d3ce157161fe343a6a9ef74365fd4284318d88
ssdeep: 24:etGSPs4zlT8IvOG6lpMWZhY45F59FN00STtWeCjoTkqG+mIhjHX1/6aKDLEQl
qqQ:6VFOGDWnYOF59T1gyilj5uVdTg5/Obs
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5e0
timedatestamp.....: 0x43c4aec8 (Wed Jan 11 07:07:52 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x280 0x39c 0x400 5.17 bba8c02edc89a185a16e5e81ef35d977
.rdata 0x680 0x38 0x80 1.35 24d52443e0783c2b71554c34489eac5f
.data 0x700 0x44 0x80 1.78 acb09af1d13a6e60e5cf129dddb7564a
INIT 0x780 0x190 0x200 4.27 3a62f884fde441da7190cf7a23091a21
.reloc 0x980 0x6c 0x80 3.79 be6b068b027353e2c831a18daf55db3e

( 1 imports )
> ntoskrnl.exe: ZwClose, ZwUnmapViewOfSection, memcpy, ExAllocatePoolWithTag, ZwMapViewOfSection, ZwOpenSection, RtlInitUnicodeString, ObfDereferenceObject, ZwAllocateVirtualMemory, ObOpenObjectByPointer, PsLookupProcessByProcessId, IofCompleteRequest, PsSetCreateProcessNotifyRoutine

( 0 exports )
CWSandbox info: http://research.sunbelt-software.com/partn...8d6f6f3b5055cba

Thanks

We can remove the file to be safe. First I want to get more info to see if there is a driver entry that needs to be removed as well. This is a little redundant after COmboFix but it will report all installed drivers.


1. Download Random's system information tool (RSIT) from here:
http://images.malwareremoval.com/random/RSIT.exe

Choose to *save* the file to your desktop.

2. Double click on RSIT.exe to run the tool.

3. Click *Continue* at the disclaimer screen.

4. Once it has finished, two logs will open in two separate notepad instances.

Please post the contents of both log.txt (will be maximized) and info.txt (will be minimized). You can just copy and paste the text from those logs into a reply to this topic here.

Hi

Here is a log for RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rahul at 2009-01-29 16:30:06
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (76%) free of 76 GB
Total RAM: 479 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:09 PM, on 29/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rahul\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Rahul\My Documents\Internet Downloads\Rahul.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Secunia PSI.lnk = ?
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F72AD89-7BB6-4AA9-9890-15B1481E0F24}: Domain = nsw.bigpond.net.au
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6595 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-09 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2009-01-26 1421984]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"=C:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2002-03-22 94208]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-03-04 1481968]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-05-19 1957888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-09 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
C:\WINDOWS\system32\sistray.exe [2006-06-29 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rahul^Start Menu^Programs^Startup^Secunia PSI.lnk]
C:\PROGRA~1\Secunia\PSI\psi.exe [2008-12-17 748840]

C:\Documents and Settings\Rahul\Start Menu\Programs\Startup
Secunia PSI.lnk -
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=E7FFFF03
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-01-29 16:30:06 ----D---- C:\rsit
2009-01-29 16:02:23 ----D---- C:\Program Files\Common Files\PC Tools
2009-01-29 16:02:06 ----D---- C:\Program Files\Spyware Doctor
2009-01-29 16:02:06 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-01-28 17:05:12 ----D---- C:\Program Files\WOT
2009-01-28 12:44:58 ----D---- C:\Documents and Settings\Rahul\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-24 17:05:12 ----A---- C:\WINDOWS\system32\TweakUI.exe
2009-01-24 16:12:01 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-01-24 15:36:35 ----SHD---- C:\RECYCLER
2009-01-24 14:46:55 ----A---- C:\ComboFix.txt
2009-01-24 14:37:33 ----A---- C:\Boot.bak
2009-01-24 14:37:25 ----RASHD---- C:\cmdcons
2009-01-24 14:35:45 ----A---- C:\WINDOWS\zip.exe
2009-01-24 14:35:45 ----A---- C:\WINDOWS\VFIND.exe
2009-01-24 14:35:45 ----A---- C:\WINDOWS\SWSC.exe
2009-01-24 14:35:45 ----A---- C:\WINDOWS\SWREG.exe
2009-01-24 14:35:45 ----A---- C:\WINDOWS\sed.exe
2009-01-24 14:35:45 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-24 14:35:45 ----A---- C:\WINDOWS\grep.exe
2009-01-24 14:35:45 ----A---- C:\WINDOWS\fdsv.exe
2009-01-24 14:35:38 ----D---- C:\WINDOWS\ERDNT
2009-01-24 14:35:38 ----D---- C:\Qoobox
2009-01-19 20:00:19 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-17 11:53:17 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-01-17 11:46:23 ----D---- C:\Program Files\Common Files\Apple
2009-01-17 11:42:48 ----D---- C:\Program Files\Apple Software Update
2009-01-17 11:42:47 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-01-17 11:32:23 ----D---- C:\Program Files\Secunia
2009-01-14 13:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2008-12-31 18:49:06 ----D---- C:\WINDOWS\ie7updates
2008-12-31 18:43:17 ----D---- C:\WINDOWS\WBEM
2008-12-31 18:37:33 ----HDC---- C:\WINDOWS\ie7
2008-12-31 18:33:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-31 18:29:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

======List of files/folders modified in the last 1 months======

2009-01-29 16:30:51 ----D---- C:\WINDOWS\Prefetch
2009-01-29 16:26:37 ----D---- C:\Program Files\Mozilla Firefox
2009-01-29 16:26:13 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-29 16:21:44 ----D---- C:\WINDOWS\Temp
2009-01-29 16:20:57 ----D---- C:\WINDOWS\Internet Logs
2009-01-29 16:02:36 ----D---- C:\WINDOWS\system32\drivers
2009-01-29 16:02:23 ----D---- C:\Program Files\Common Files
2009-01-29 16:02:06 ----RD---- C:\Program Files
2009-01-29 16:00:32 ----D---- C:\Program Files\Registry Mechanic
2009-01-29 15:57:03 ----D---- C:\WINDOWS
2009-01-29 15:13:18 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem.txt
2009-01-29 12:17:44 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-01-29 12:01:51 ----A---- C:\rollback.ini
2009-01-29 08:51:56 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-01-28 19:09:52 ----SHD---- C:\WINDOWS\Installer
2009-01-28 17:05:15 ----SD---- C:\Documents and Settings\Rahul\Application Data\Microsoft
2009-01-27 23:51:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-27 12:10:13 ----D---- C:\WINDOWS\system32
2009-01-27 12:03:26 ----D---- C:\WINDOWS\Debug
2009-01-25 09:37:07 ----D---- C:\Program Files\SpywareBlaster
2009-01-25 09:36:33 ----D---- C:\Program Files\SpywareGuard
2009-01-24 17:39:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-24 14:41:31 ----A---- C:\WINDOWS\system.ini
2009-01-24 14:40:10 ----D---- C:\WINDOWS\AppPatch
2009-01-24 14:37:33 ----RASH---- C:\boot.ini
2009-01-19 20:00:39 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-19 20:00:38 ----D---- C:\Documents and Settings\Rahul\Application Data\Adobe
2009-01-18 19:38:34 ----A---- C:\WINDOWS\win.ini
2009-01-18 19:37:15 ----D---- C:\WINDOWS\pss
2009-01-18 11:55:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-17 12:48:57 ----D---- C:\Program Files\WinRAR
2009-01-17 12:44:54 ----D---- C:\Program Files\Adobe
2009-01-17 12:40:40 ----D---- C:\Program Files\Common Files\Adobe
2009-01-17 11:53:55 ----D---- C:\Program Files\WinZip
2009-01-17 11:48:19 ----D---- C:\Program Files\QuickTime
2009-01-17 11:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-17 11:32:42 ----HD---- C:\WINDOWS\inf
2009-01-14 13:13:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-14 13:12:18 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-10 12:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-10 12:24:23 ----D---- C:\Program Files\CCleaner
2009-01-09 14:08:42 ----D---- C:\Program Files\LearningPOWER
2009-01-09 13:33:18 ----D---- C:\WINDOWS\system32\wbem
2009-01-09 13:33:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-09 13:18:52 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2009-01-09 13:18:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-09 12:24:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-31 19:08:58 ----D---- C:\WINDOWS\Help
2008-12-31 19:08:58 ----D---- C:\Program Files\Internet Explorer
2008-12-31 18:50:35 ----D---- C:\WINDOWS\system32\en-us
2008-12-31 18:44:51 ----D---- C:\WINDOWS\system32\config
2008-12-31 18:42:05 ----D---- C:\WINDOWS\Media

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-03-01 15440]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 mchInjDrv;madCodeHook DLL injection driver; \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys []
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2006-06-29 16768]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-18 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-18 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-18 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-18 199711]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-18 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-18 488383]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-15 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-15 462684]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-05-08 73928]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2007-07-31 15664]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-09-22 10368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2006-06-29 258560]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-11 32256]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-18 67167]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-06 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-06 21488]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-18 542879]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-23 68864]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-12-11 7808]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-18 57471]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-03-28 22768]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2006-10-22 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-12-11 611664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-09 152984]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-01-06 65795]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-29 16:31:19

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5-6 MathsPOWER-->MsiExec.exe /X{9522B05F-A44F-4313-8BAA-9A5D4A921A7F}
ACD Product-Security-Vulnerability Update-->MsiExec.exe /X{FA89C3ED-8EC5-457F-A31C-AE208C1CF024}
ACDSee 9 Photo Manager-->MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
ACDSee Photo Editor-->MsiExec.exe /I{FD0718A4-6CB6-42E2-A5E5-2C13777FCB4A}
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bettergrades English Workout 2.0-->"C:\Program Files\Bettergrades\English Workout\unins000.exe"
Bettergrades Higher English Workout 2.0-->"C:\Program Files\Bettergrades\Higher English Workout\unins000.exe"
Bettergrades Higher Mathematics Quiz 2.0-->"C:\Program Files\Bettergrades\Higher Mathematics Quiz\unins000.exe"
Bettergrades Mathematics Quiz 2.0-->"C:\Program Files\Bettergrades\Mathematics Quiz\unins000.exe"
Bettergrades Science Quiz 2.0-->"C:\Program Files\Bettergrades\Science Quiz\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Concise Oxford English Dictionary (Eleventh Edition)-->C:\Program Files\COED11\Uninstal.exe
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP WMA V9.1 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Enable S3 for USB Device-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
High School Mathematics Version 5.0-->MsiExec.exe /X{DBD5B581-6EF4-45E4-87CE-081661ACC1C1}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
LingvoSoft Talking Dictionary 2006 (English<->Hindi) for Windows-->C:\PROGRA~1\LINGVO~1\LINGVO~1\UNWISE.EXE C:\PROGRA~1\LINGVO~1\LINGVO~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Premium Suite 2005 DVD-->MsiExec.exe /I{055A0141-64A6-4248-A026-9745C1E9E159}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RaidApplication-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E079C542-9632-41E0-A748-7D165AC2616E}\setup.exe" -l0x9
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem5.inf
SiSAGP driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WOT for Internet Explorer-->MsiExec.exe /X{3128F292-23A1-49B4-BBCB-C5EF3C19A1D7}
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: Spyware Doctor with AntiVirus (disabled)
AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall

System event log

Computer Name: RAHUL-DESKTOP
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 89803
Source Name: Service Control Manager
Time Written: 20081212083757.000000+660
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: RAHUL-DESKTOP
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 89802
Source Name: Service Control Manager
Time Written: 20081212083754.000000+660
Event Type: information
User:

Computer Name: RAHUL-DESKTOP
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 89801
Source Name: Service Control Manager
Time Written: 20081212083750.000000+660
Event Type: information
User:

Computer Name: RAHUL-DESKTOP
Event Code: 7035
Message: The SIS PORT Driver service was successfully sent a start control.

Record Number: 89800
Source Name: Service Control Manager
Time Written: 20081212083744.000000+660
Event Type: information
User: RAHUL-DESKTOP\Rahul

Computer Name: RAHUL-DESKTOP
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 89799
Source Name: Service Control Manager
Time Written: 20081212083742.000000+660
Event Type: information
User: RAHUL-DESKTOP\Rahul

Application event log

Computer Name: RAHUL-DESKTOP
Event Code: 101
Message: MsnMsgr (624) The database engine stopped.

Record Number: 8894
Source Name: ESENT
Time Written: 20080613221919.000000+600
Event Type: information
User:

Computer Name: RAHUL-DESKTOP
Event Code: 103
Message: MsnMsgr (624) \\.\C:\Documents and Settings\Rahul\Local Settings\Application Data\Microsoft\Messenger\meenali.narayan@hotmail.com\SharingMetadata\Working\database_12CC_E82E_CCE8_E33\dfsr.db: The database engine stopped the instance (0).

Record Number: 8893
Source Name: ESENT
Time Written: 20080613221919.000000+600
Event Type: information
User:

Computer Name: RAHUL-DESKTOP
Event Code: 102
Message: MsnMsgr (624) \\.\C:\Documents and Settings\Rahul\Local Settings\Application Data\Microsoft\Messenger\meenali.narayan@hotmail.com\SharingMetadata\Working\database_12CC_E82E_CCE8_E33\dfsr.db: The database engine started a new instance (0).

Record Number: 8892
Source Name: ESENT
Time Written: 20080613221800.000000+600
Event Type: information
User:

Computer Name: RAHUL-DESKTOP
Event Code: 100
Message: MsnMsgr (624) The database engine 5.01.2600.2780 started.

Record Number: 8891
Source Name: ESENT
Time Written: 20080613221800.000000+600
Event Type: information
User:

Computer Name: RAHUL-DESKTOP
Event Code: 101
Message: MsnMsgr (624) The database engine stopped.

Record Number: 8890
Source Name: ESENT
Time Written: 20080613221736.000000+600
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;;;;;;;;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

THanks for the log. I suggest we leave the mchInjDrv.sys file as is. Further investigation turned up this:

"A madCodeHook DLL injection driver. mchInjDrv is a third party driver used by many security applications to provide process protection". ...


Used by Comodo, Online Armor, and others, its removal may present problems. None of the information available shows the file on your system to be a threat. I suggest you make an exception for the detects.

And now, on to cleanup since we are done!!


Open Adobe's Acrobat -- if you have the Full Version installed. Click Help and run the Upgrade applet found there. If no update is offered:

Use the Preferences, Internet submenu of Acrobat and uncheck to integrate with your Browser. Close Acrobat.

Whether you had the Full Version of Acrobat or not, download and install Adobe Reader 9 and use this as the integrated PDF Reader insider your

browser: http://www.adobe.com/products/acrobat/readstep2.html

Check to make sure your Sun Java version is the most current, Release 1.6.0_11, please use the Sun Web site to update your version of Java JRE for Windows if necessary;

instructions can be found here: http://aumha.net/viewtopic.php?f=26&t=37284

_______________________________________________________________

Clean-up & Housekeeping Steps:

QUOTE
For Windows XP (only):

Right click "My Computer", Properties, and then click the System Restore tab. Checkmark the box at the top to stop System Restore on all drives.

Click the "Apply" button. Agree to the deletion of old Restore Points. Then uncheck the box at the top and again

click the "Apply" button. Finally, click the "OK" button. This will create a new Restore Point reflecting your clean

system state.

For Vista (only):

To clear infected Windows Vista System Restore points:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

Now turn on Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Place a checkmark in the box for any drive you wish to enable System Restore on
7. Click OK


• Remove RSIT, if I asked you to install this utility.
  
  Delete the file rsit.exe and the folder C:\rsit. That's all there is to it!
  
• Do a formal removal of Combofix if I asked you to use this utility.
  
  Click Start, then click Run.
  Enter into the command box that opens: combofix /u and then click OK.
  :!: If you renamed this file, use the new name in following this instruction rather than "Combofix.exe".
  Note: you must insert a blank space between the end of the word "combofix" and its
  
  parameter "/u" or it will not work. For Vista, you need to use an Elevated Command Prompt.
  
  
  .
• If I did not ask you to download OTMOVEIT previously, please download the
  
  OTMoveIt3 by OldTimer. and save it to your Desktop.
  Please double-click OTMoveIt3.exe to run the utility.
• Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your
  firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the small list has been downloaded you'll be asked if
  you want to Begin cleanup process? Select Yes.\
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.

.

• Run ATF Cleaner , and checkmark "Empty Recycle Bin", click "Empty
  
  Selected" and exit the program. You can delete or keep this utility as you wish.
  .
• If Malwarebytes' Anti-Malware was installed you may choose to keep it or remove it. To remove it, use Add or Remove Programs and uninstall it. I recommend that you leave MBAM installed and run it regularly.
  .
• Use the Add or Remove installed programs feature of Windows to Uninstall any on-line scanner you might have used.

_______________________________________________________________

Concluding Thoughts About Security

My personal rules, thoughts, and suggestions, for you as to what to do next are very simple -- and note, that they are for the most part personal suggestions and not
requirements:

1. Make sure your firewall is enabled, and in good working order. The native XP or Vista firewalls are fine although many people prefer to use a third party firewall. I recommend TallEmu's Online Armour : http://www.tallemu.com/, either the full, paid version, or the free version. There are also several good alternative choices.
   
   :!: Note: If your Antivirus software Suite includes a firewall, you likely have no other option than the included firewall. Check with the Vendor.
   
2. If using Broadband Internet -- Cable or some variation of DSL, or FIOS -- use a NAT router;
   
3. Have a good, current, antivirus installed. For freeware antivirus products, I can recommend either Antivir or AVAST. There are other choices. Schedule any automatic updates for a period of time during the day when you know the computer is regularly on and connected to the internet.
   
4. Stay current at Microsft Windows Upates -- to me this means setting Automatic Updates to on.
   
5. If Vista, do not disable UAC; it is the best antimalware protection in Windows;
   
6. Use a Secunia scan, free, to remain current for all Application software: http://secunia.com/vulnerability_scanning/online/
   
7. If using XP: Install Microsoft's Windows Defender (free). It is good now, and gets better over time; http://www.microsoft.com/downloads/details.aspx?
   FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D
   
8. Optional: Consider using "passive" protections, such as SpywareBlaster ( http://www.javacoolsoftware.com/spywareblaster.html ), or a HOSTS-blocking approach --
   one good HOSTS blocking example: http://www.mvps.org/winhelp2002/hosts.htm Again, this is a suggestion. They require no system resources, and do not "scan", but
   passively block known malware agents.
   
9. Optional: Consider adding a heuristics-based active antimalware agent. These take little resources, do not "scan" your file system; but act as watchdogs. Comodo's
   BOClean ( http://www.comodo.com/boclean/CBO_download.html ) , or PC-Tools' ThreatFire ( http://www.threatfire.com/ ) are both well considered. Install only
   one.
   
10. Do not over due it. SpyBot is a reasonable on-demand scanner, but do not install any "active" components. For example, SpyBot's TeaTimer protection. Microsoft's
    free WIndows Defender handles the entire job with greater features and more elegance. Ad-aware is a reasonable adware scanner; but do not install any "active"
    components. You are well covered by items, and in better form, by the earlier items in the list.
    
11. Never install more than one active antivirus program, or more than one firewall. You would be less protected as a result. I am confident you know better; but you
    would be surprised how many logs we see with folks have two, three, four full antivirus suites installed.
    
12. If your antivirus or any other protections show warnings about an issue, contact your subscription vendor for that product and ask for help. That is what you paid money for.
    
13. If you went all "freeware", or the vendor does not help, rather than download everything you can Google to "fix" the issue, head to a malware removal site and ask for help.
    
    Every Helper here will tell you the same thing: I would rather see in an structured way a very infected machine, then puzzle over the left overs by the member's use of inept or
    inappropriate removal tools. The logs returned from the utilities we ask you to download and run are less interesting for what they found, then what they reveal about what is still
    there. If none of the previous 11 suggestions did not resolve the problem; start with a good malware removal site and ask for help. AumHa is just one of several excellent
    
    Forums providing this level of support without charge.
    
14. Please read: Should You Use a Registry Cleaner in Windows?
    http://aumha.net/viewtopic.php?t=28099
    (I vote rather strongly No.)

You can find arguments about all the points above, but I wanted to give a personal answer to you about my own thoughts about the issue. I honestly, however, have no interest
in debating any of them. It is just my honest view of reasonable security steps you should take; with a focus on how to do this inexpensively, with very low resource usage, few
annoyances, and well.

Thanks for helping to keep your computer clean...

Hi

- Updated all software using Secunia.

- Remove programs not required.

- Did system restore as requested

- Installed Windows Defender

- Disabled Tea Timer in Spybot Search & Destroy as requested

- Installed BOClean

- Now I have SuperAntiSpyware, Ad-ware, Spybot, BOClean, Spyware Guard, Spyware Blaster --
All these programs won't conflict on a single computer ?

NO they won't.

Thank you very much for your help and support.

Catch you later.

Bye for now.

Cheers