Help - Search - Members - Calendar
Full Version: My Loptop is Restarting Frequently
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
Sasi
Feb 4 2009, 05:45 AM
Hi,

My laptop is restarting frequently.could you check the hijack this log and let me know th solution.

thanks,
Sasi Bhushan.G

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:41 AM, on 2/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Speed+\Client\ventc.exe
C:\Program Files\Speed+\squid\ventcsquid.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcunlinkd.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Speed+\Configurator\ventcfg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sasi Bhushan G\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/securit...ponse/index.jsp
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Speed+\Configurator\ventcfg.exe -nomsgbox
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [cftn] C:\WINDOWS\system32\cftn.exe
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\RunServices: [cftn] C:\WINDOWS\system32\cftn.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/42.19/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232349090984
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Speed+\Client\ventc.exe

--
End of file - 8145 bytes
LoPhatPhuud
Feb 5 2009, 05:17 PM
First:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Second:
Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Third:
1. Download Random's system information tool (RSIT) from here:
http://images.malwareremoval.com/random/RSIT.exe

Choose to *save* the file to your desktop.

2. Double click on RSIT.exe to run the tool.

3. Click *Continue* at the disclaimer screen.

4. Once it has finished, two logs will open in two separate notepad instances.

Please post the contents of both log.txt (will be maximized) and info.txt (will be minimized). You can just copy and paste the text from those logs into a reply to this topic here.
Sasi
Feb 9 2009, 10:27 AM
I have done all the 3 scans.Kindly go through the logs


Logfile of random's system information tool 1.05 (written by random/random)
Run by Sasi Bhushan G at 2009-02-09 15:52:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (14%) free of 30 GB
Total RAM: 1015 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:10 PM, on 2/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Speed+\Client\ventc.exe
C:\Program Files\Speed+\squid\ventcsquid.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Speed+\squid\ventcunlinkd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Speed+\Configurator\ventcfg.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\System32\NOTEPAD.EXE
C:\Documents and Settings\Sasi Bhushan G\Desktop\New Folder\RSIT.exe
C:\Documents and Settings\Sasi Bhushan G\Desktop\HiJackThis\Sasi Bhushan G.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/securit...ponse/index.jsp
R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Speed+\Configurator\ventcfg.exe -nomsgbox
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [cftn] C:\WINDOWS\system32\cftn.exe
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\RunServices: [cftn] C:\WINDOWS\system32\cftn.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/42.19/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232349090984
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Speed+\Client\ventc.exe

--
End of file - 8430 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-12 657904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-18 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-18 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-18 137752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-02-01 115560]
"Venturi Configurator"=C:\Program Files\Speed+\Configurator\ventcfg.exe [2007-08-16 959880]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Yahoo Messenger"= []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-15 29744]
"ZSSnp211"=C:\WINDOWS\ZSSnp211.exe [2006-08-19 49152]
"Domino"=C:\WINDOWS\Domino.exe [2006-08-18 49152]
"cftn"=C:\WINDOWS\system32\cftn.exe []
"MVS Splash"=C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [2008-03-04 468288]
"McAfee Managed Services Tray"=C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe [2008-03-04 87360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-08 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Speed+\squid\ventcsquid.exe"="C:\Program Files\Speed+\squid\ventcsquid.exe:*:Enabled:ventcsquid"
"C:\Program Files\Speed+\squid\ventcdnsserver.exe"="C:\Program Files\Speed+\squid\ventcdnsserver.exe:*:Enabled:ventcdnsserver"
"C:\Program Files\Speed+\Configurator\ventcfg.exe"="C:\Program Files\Speed+\Configurator\ventcfg.exe:*:Enabled:ventcfg"
"C:\Program Files\Speed+\Configurator\VClientUpdate.exe"="C:\Program Files\Speed+\Configurator\VClientUpdate.exe:*:Enabled:VClientUpdate.exe"
"C:\Program Files\Speed+\Client\VentC.exe"="C:\Program Files\Speed+\Client\VentC.exe:*:Enabled:VentC.exe"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\CygNET Systems Pvt. Ltd\USB CopyNotify!\USBCopyNotifyServer.exe"="C:\Program Files\CygNET Systems Pvt. Ltd\USB CopyNotify!\USBCopyNotifyServer.exe:*:Enabled:USBCopyNotify! Server"
"C:\Program Files\CygNET Systems Pvt. Ltd\USB CopyNotify!\USBCopyNotify_IPConfig.exe"="C:\Program Files\CygNET Systems Pvt. Ltd\USB CopyNotify!\USBCopyNotify_IPConfig.exe:*:Enabled:USBCopyNotify! Configuration"
"C:\Program Files\CygNET Systems Pvt. Ltd\USB CopyNotify!\USBCopyNotifyClient.exe"="C:\Program Files\CygNET Systems Pvt. Ltd\USB CopyNotify!\USBCopyNotifyClient.exe:*:Enabled:USBCopyNotify! Client"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Speed+\squid\ventcsquid.exe"="C:\Program Files\Speed+\squid\ventcsquid.exe:*:Enabled:ventcsquid"
"C:\Program Files\Speed+\squid\ventcdnsserver.exe"="C:\Program Files\Speed+\squid\ventcdnsserver.exe:*:Enabled:ventcdnsserver"
"C:\Program Files\Speed+\Configurator\ventcfg.exe"="C:\Program Files\Speed+\Configurator\ventcfg.exe:*:Enabled:ventcfg"
"C:\Program Files\Speed+\Configurator\VClientUpdate.exe"="C:\Program Files\Speed+\Configurator\VClientUpdate.exe:*:Enabled:VClientUpdate.exe"
"C:\Program Files\Speed+\Client\VentC.exe"="C:\Program Files\Speed+\Client\VentC.exe:*:Enabled:VentC.exe"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce1ffff-ec23-11dd-89e2-001a73d3976d}]
shell\AutoRun\command - F:\izzjpj.exe
shell\explore\command - F:\izzjpj.exe
shell\open\command - F:\izzjpj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82abd032-dba0-11dd-89c3-001a73d3976d}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaa5d380-d0e7-11dd-89b6-001a73d3976d}]
shell\AutoRun\command - F:\eemect.exe
shell\explore\command - F:\eemect.exe
shell\open\command - F:\eemect.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9ea3e76-c98e-11dd-89ad-001a73d3976d}]
shell\AutoRun\command - F:\eemect.exe
shell\explore\command - F:\eemect.exe
shell\open\command - F:\eemect.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9d5fc1a-bb66-11dd-898d-001a73d3976d}]
shell\AutoRun\command - F:\laqils.exe
shell\explore\command - F:\laqils.exe
shell\open\command - F:\laqils.exe


======List of files/folders created in the last 1 months======

2009-02-09 15:52:56 ----D---- C:\rsit
2009-02-09 14:30:48 ----D---- C:\Documents and Settings\Sasi Bhushan G\Application Data\Malwarebytes
2009-02-09 14:30:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-09 14:30:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-09 09:06:44 ----SHD---- C:\FOUND.030
2009-02-08 08:19:22 ----SHD---- C:\FOUND.029
2009-02-07 06:48:36 ----SHD---- C:\FOUND.028
2009-02-06 09:44:58 ----SHD---- C:\FOUND.027
2009-02-05 18:50:40 ----SHD---- C:\FOUND.026
2009-02-05 18:26:30 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-02-05 11:02:58 ----SHD---- C:\FOUND.025
2009-02-03 11:25:10 ----SHD---- C:\FOUND.024
2009-02-02 22:25:26 ----SHD---- C:\FOUND.023
2009-02-02 11:29:40 ----D---- C:\Program Files\McAfee
2009-02-01 21:13:58 ----SHD---- C:\FOUND.022
2009-02-01 15:24:28 ----SHD---- C:\FOUND.021
2009-02-01 11:19:22 ----SHD---- C:\FOUND.020
2009-01-29 15:12:55 ----D---- C:\Program Files\VS Revo Group
2009-01-28 22:18:04 ----SHD---- C:\FOUND.019
2009-01-28 21:10:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-01-28 21:04:26 ----SHD---- C:\FOUND.018
2009-01-27 17:41:12 ----SHD---- C:\FOUND.017
2009-01-27 13:34:10 ----SHD---- C:\FOUND.016
2009-01-27 08:48:48 ----SHD---- C:\FOUND.015
2009-01-27 08:15:20 ----SHD---- C:\FOUND.014
2009-01-23 19:37:46 ----A---- C:\WINDOWS\system32\spevt.dll
2009-01-23 19:37:45 ----D---- C:\Program Files\CygNET Systems Pvt. Ltd
2009-01-23 19:37:28 ----A---- C:\WINDOWS\system32\usbsys.tmp
2009-01-21 12:04:49 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-21 12:04:43 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-21 12:04:37 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-21 12:04:31 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-21 12:04:25 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-21 12:04:18 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-21 12:04:01 ----HD---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-21 12:03:53 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-21 12:03:47 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-21 12:03:40 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-21 12:03:29 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-21 12:03:19 ----HD---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-21 12:03:12 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-21 12:03:07 ----HD---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-21 12:02:20 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-21 12:02:14 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-21 12:02:08 ----HD---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-21 12:02:02 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-21 12:01:55 ----HD---- C:\WINDOWS\$NtUninstallKB929399$
2009-01-21 12:01:24 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-21 12:01:16 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-21 12:01:10 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-21 12:01:04 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-21 12:00:58 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-21 12:00:51 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-21 12:00:45 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-21 12:00:41 ----D---- C:\Program Files\MSXML 4.0
2009-01-21 12:00:23 ----HD---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-01-21 11:38:17 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-21 10:43:58 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-01-21 06:31:28 ----SHD---- C:\FOUND.013
2009-01-19 12:55:13 ----D---- C:\WINDOWS\system32\Adobe
2009-01-19 12:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-19 12:43:56 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-19 12:43:54 ----HD---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-19 12:43:53 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-19 12:35:12 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-17 11:34:58 ----SHD---- C:\FOUND.012
2009-01-16 22:20:08 ----SHD---- C:\FOUND.011
2009-01-16 21:40:54 ----RSHD---- C:\RECYCLER
2009-01-12 14:46:13 ----D---- C:\Documents and Settings\Sasi Bhushan G\Application Data\Google
2009-01-12 14:41:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

======List of files/folders modified in the last 1 months======

2009-02-09 09:10:38 ----A---- C:\WINDOWS\ModemLog_ZTE USB Modem FFFD.txt
2009-02-05 14:13:56 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-04 22:00:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 16:58:52 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-01 15:25:20 ----A---- C:\WINDOWS\DUMPf0ee.tmp
2009-01-24 07:47:52 ----A---- C:\WINDOWS\ModemLog_SIT_1x_usbmodem.txt
2009-01-21 12:04:48 ----A---- C:\WINDOWS\imsins.BAK
2009-01-14 10:10:38 ----A---- C:\WINDOWS\DUMP81ae.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-12-01 201320]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2007-12-01 55016]
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-03-21 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-03-21 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-30 191536]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-11-16 1123328]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-12-15 127248]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-02-12 625664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-08 5776864]
R3 MfeAVFK;McAfee Inc. MfeAVFK; C:\WINDOWS\system32\drivers\MfeAVFK.sys [2007-12-01 79304]
R3 MfeBOPK;McAfee Inc. MfeBOPK; C:\WINDOWS\system32\drivers\MfeBOPK.sys [2007-12-01 35240]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090131.023\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090131.023\NAVEX15.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-03-12 49536]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vwinter;Venturi Wireless Intercepter; \??\C:\WINDOWS\system32\drivers\vwinter.sys []
R3 vwredir;Venturi Wireless Redirector; \??\C:\WINDOWS\system32\drivers\vwredir.sys []
S1 ethvqqoh;ethvqqoh; C:\WINDOWS\system32\drivers\ethvqqoh.sys [2009-01-03 135072]
S3 BTCFilterService;USB Networking Driver Filter Service; C:\WINDOWS\system32\DRIVERS\motfilt.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\WINDOWS\system32\drivers\MfeRKDK.sys [2007-12-01 33832]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys []
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys []
S3 Motousbnet;Motorola USB Networking Driver Service; C:\WINDOWS\system32\DRIVERS\Motousbnet.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 sit_bus;SIT_1x_usbmodem Device; C:\WINDOWS\System32\Drivers\sit_bus.sys [2007-04-17 22144]
S3 sit_flt;SUNGIL USB Filter Service; C:\WINDOWS\system32\DRIVERS\sit_flt.sys [2007-04-18 4352]
S3 sit_mdm;SIT_1x_usbmodem ; C:\WINDOWS\System32\Drivers\sit_mdm.sys [2007-04-17 39680]
S3 sit_prt;SIT_1x_usbmodem Port; C:\WINDOWS\System32\Drivers\sit_prt.sys [2007-04-17 38656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-03-21 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-30 27696]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC211;USB PC Camera (ZS0211); C:\WINDOWS\System32\Drivers\ZS211.sys [2006-10-18 391866]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\zteusbser.sys [2007-08-08 100480]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 EngineServer;EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [2007-12-01 14144]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2008-03-04 169280]
R2 VenturiClient;Venturi Client; C:\Program Files\Speed+\Client\ventc.exe [2007-08-16 2475360]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R3 McShield;McShield; C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe [2007-12-01 144704]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-12 182768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-15 29744]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-11 3093872]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2008-06-30 296328]
S4 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-01 108392]
S4 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-01 108392]
S4 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2008-07-27 2479488]
S4 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-07-27 2238904]
S4 USBCopyNotifyClient;USBCopyNotify Client Service; C:\Program Files\CygNET Systems Pvt. Ltd\USB CopyNotify!\USBCopyNotifyClient.exe [2008-10-10 360448]

-----------------EOF-----------------






info.txt logfile of random's system information tool 1.05 2009-02-09 15:53:12

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CIF USB Camera (2110)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED515DCC-93C1-493D-9DBA-49261DD14E2C}\Setup.exe" -l0x9
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -ICpV30D5a.INF
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Documents and Settings\Sasi Bhushan G\Desktop\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP LaserJet M1120 MFP Series-->C:\Program Files\HP\HP LaserJet M1120 MFP\UnInstall.exe
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers-->Prounstl.exe
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Virus and Spyware Protection Service-->C:\PROGRA~1\McAfee\MANAGE~1\Agent\myinx /Script=C:\PROGRA~1\McAfee\MANAGE~1\VScan\vsasap.inx /Section=DefaultUninstall
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Motorola Software Update-->MsiExec.exe /I{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}
MrvlUsgTracking-->MsiExec.exe /I{BB1DE0B0-3AEB-4890-A4F0-3388D51BC331}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 7 Premium-->MsiExec.exe /I{692854CC-97EF-4307-B787-8C6787B91033}
Picasa 3-->"C:\Documents and Settings\Sasi Bhushan G\My Documents\Google\Picasa3\Uninstall.exe"
Revo Uninstaller 1.50-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Scan To-->MsiExec.exe /I{1204162A-1E08-4BB4-8F9C-D963D6375834}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Speed+-->C:\Program Files\InstallShield Installation Information\{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}\setup.exe -runfromtemp -l0x0009 -vuninstall -removeonly
Symantec Endpoint Protection-->MsiExec.exe /I{BB0500E8-A6D5-4D66-A4F9-1457530E5B6F}
TATA Indicom Dialer-->MsiExec.exe /I{9B5FE330-0E0C-4CE2-BD96-303E4E9827CE}
TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB PC Camera (ZS0211)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
ZTE CDMA1X MODEM-->"C:\Program Files\ZTE CDMA1X MODEM\unins000.exe"

======Security center information======

AV: Total Protection
AV: Symantec Endpoint Protection (disabled)
FW: Symantec Endpoint Protection (disabled)

System event log

Computer Name: LOGIX-435FBE684
Event Code: 7035
Message: The COH_Mon service was successfully sent a start control.

Record Number: 7237
Source Name: Service Control Manager
Time Written: 20090122141538.000000+330
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: LOGIX-435FBE684
Event Code: 7036
Message: The Google Software Updater service entered the stopped state.

Record Number: 7236
Source Name: Service Control Manager
Time Written: 20090122133001.000000+330
Event Type: information
User:

Computer Name: LOGIX-435FBE684
Event Code: 7036
Message: The Google Software Updater service entered the running state.

Record Number: 7235
Source Name: Service Control Manager
Time Written: 20090122132900.000000+330
Event Type: information
User:

Computer Name: LOGIX-435FBE684
Event Code: 7035
Message: The Google Software Updater service was successfully sent a start control.

Record Number: 7234
Source Name: Service Control Manager
Time Written: 20090122132900.000000+330
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: LOGIX-435FBE684
Event Code: 7035
Message: The COH_Mon service was successfully sent a start control.

Record Number: 7233
Source Name: Service Control Manager
Time Written: 20090122131542.000000+330
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: LOGIX-435FBE684
Event Code: 35
Message: The 'ccEvtMgr' service has started.

Record Number: 1342
Source Name: ccSvcHst
Time Written: 20081214180209.000000+330
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: LOGIX-435FBE684
Event Code: 34
Message: The 'ccEvtMgr' service is starting.

Record Number: 1341
Source Name: ccSvcHst
Time Written: 20081214180209.000000+330
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: LOGIX-435FBE684
Event Code: 35
Message: The 'ccSetMgr' service has started.

Record Number: 1340
Source Name: ccSvcHst
Time Written: 20081214180209.000000+330
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: LOGIX-435FBE684
Event Code: 34
Message: The 'ccSetMgr' service is starting.

Record Number: 1339
Source Name: ccSvcHst
Time Written: 20081214180209.000000+330
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: LOGIX-435FBE684
Event Code: 101
Message: wuauclt (2284) The database engine stopped.

Record Number: 1338
Source Name: ESENT
Time Written: 20081214085745.000000+330
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Malwarebytes' Anti-Malware 1.33
Database version: 1740
Windows 5.1.2600 Service Pack 2

2/9/2009 3:50:20 PM
mbam-log-2009-02-09 (15-50-20).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 147556
Time elapsed: 1 hour(s), 18 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.





LoPhatPhuud
Feb 9 2009, 05:25 PM
Thank you for the RSIT log, but I also need to see the MBAM log. Would you post is please.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.