Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anything Wrong With My Computer?


  • This topic is locked This topic is locked
6 replies to this topic

#1 im_adi

im_adi

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 04 April 2008 - 12:41 PM

i am worried that i have some virus or some infection in my pc...so can you PLEASE check logs ??? here i post it...i have read preparation post before posting this log...so doing as per given there...just skipped kaspersky step... sorry for that ...but please help me ! please!

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-04 22:58:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-04-04 17:28:49 UTC - RP45 - Deckard's System Scanner Restore Point
12: 2008-04-04 10:35:38 UTC - RP44 - Removed Nokia PC Suite
11: 2008-04-04 10:34:28 UTC - RP43 - Removed Nokia PC Connectivity Solution
10: 2008-04-04 10:32:27 UTC - RP42 - Removed Nokia Connectivity Cable Driver
9: 2008-04-04 05:57:24 UTC - RP41 - Installed BlueSoleil


-- First Restore Point --
1: 2008-03-31 03:53:44 UTC - RP33 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.44 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:47 PM, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\Program Files\SeePassword\SeePassword.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Sensiva\Sensiva.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eyemail Technology Inc\CameraServer.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
D:\Softwares\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09F3C307-A309-4521-8FB2-ADAF61122E83} - (no file)
O2 - BHO: (no name) - {158101FE-270A-4809-92EC-85E4C9AC79D9} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {359FBCEF-719B-4AF4-92EB-0904C70F091A} - (no file)
O2 - BHO: (no name) - {38E6048C-B6FC-4AD0-96DE-4203B5B84EB3} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {65789E88-2674-4B3E-A496-5EFC6290F496} - (no file)
O2 - BHO: (no name) - {70259058-9F39-40F6-B76C-57E3DB591222} - (no file)
O2 - BHO: (no name) - {702EEBD6-E05E-467D-A9D0-D5E2D59A63F6} - (no file)
O2 - BHO: (no name) - {75E23530-2F9B-47B2-9FCD-3357DC66747A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {88C351B2-8245-43E6-BD78-7B46B739B167} - (no file)
O2 - BHO: (no name) - {8E0D99B0-B0CC-4EC3-9B4D-8AE804111C32} - (no file)
O2 - BHO: (no name) - {94B084C1-267D-4E99-BF0A-6972E2B5ABE8} - (no file)
O2 - BHO: (no name) - {A46C6329-B67B-4CBA-9C20-78D949991EEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {CC56E58B-6895-44F5-AE10-C9E11323A70F} - (no file)
O2 - BHO: (no name) - {CCDE785D-7ACA-44AD-8A1D-29019586D207} - (no file)
O2 - BHO: (no name) - {D9B1705F-B18B-4737-A817-F3948BC3835A} - (no file)
O2 - BHO: (no name) - {EE69575E-DB38-4370-9A90-7D41FE40BAD0} - (no file)
O2 - BHO: (no name) - {FC6EB812-9B6A-4352-B704-AEA04A14469D} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe /start_context sys_auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [BMa7ef49bf] Rundll32.exe "C:\WINDOWS\system32\ytlfvwei.dll",s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SeePassword] C:\Program Files\SeePassword\SeePassword.exe
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [Sensiva] C:\Program Files\Sensiva\Sensiva.exe
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: IM-History.lnk = C:\Program Files\IM-History\im-history.exe
O4 - Startup: SpywareGuard.lnk.disabled
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1FC4811-B87F-473B-901F-8CB47DB8B5D1}: NameServer = 218.248.240.208 218.248.240.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D66531-8D5F-41E5-A417-C360C99A58B1}: NameServer = 218.248.255.145,61.1.96.69
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\IM-History\Skype4Com.dll
O20 - Winlogon Notify: urqpopp - urqpopp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CameraServer - Unknown owner - C:\Program Files\Eyemail Technology Inc\CameraServer.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DPDStartingService - Unknown owner - C:\PROGRA~1\DAP\PRIVAC~1\SFSERV~1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 11459 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R1 SbPd - c:\windows\system32\drivers\sbpd.sys <Not Verified; SpeedBit; SbPd>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 PhoneTrayDriver - c:\windows\system32\drivers\ptdrv.sys <Not Verified; Traysoft Inc.; PhoneTray Dialup>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S2 FLYCAM (FlyCam, WDM Video Capture) - c:\windows\system32\drivers\flycam.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 BTCAMDRV (Mobiola Web Camera driver) - c:\windows\system32\drivers\btcamdrv.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 CameraServer - c:\program files\eyemail technology inc\cameraserver.exe <Not Verified; ; CameraServer Module>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 Crypkey License - crypserv.exe <Not Verified; CrypKey (Canada) Ltd.; CrypKey Software Licensing System>
R2 O&O Defrag - c:\windows\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 DPDStartingService - c:\progra~1\dap\privac~1\sfserv~1.exe
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
S4 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: FlyCam, WDM Video Capture
Device ID: ROOT\FLYCAM\0000
Manufacturer: Microsoft
Name: FlyCam, WDM Video Capture
PNP Device ID: ROOT\FLYCAM\0000
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: FlyCam, WDM Video Capture
Device ID: ROOT\FLYCAM\0001
Manufacturer: Microsoft
Name: FlyCam, WDM Video Capture
PNP Device ID: ROOT\FLYCAM\0001
Service:

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Mobiola Web Camera driver
Device ID: ROOT\MEDIA\0001
Manufacturer: Warelex
Name: Mobiola Web Camera driver
PNP Device ID: ROOT\MEDIA\0001
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-10-02 11:33:12 406 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-06-02 20:34:01 668 --a------ C:\WINDOWS\Tasks\EaseBackup (Administrator) - Backup of all files on all hard disks.job
2007-01-28 15:57:05 284 --a------ C:\WINDOWS\Tasks\EaseBackup (Administrator) - DO NOT EDIT OR DELETE ME.job


-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-04 21:57:57 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-04 16:09:24 0 d-------- C:\Documents and Settings\Administrator\Phone Browser
2008-04-04 16:07:05 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-04 16:06:34 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-04 16:04:53 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-04 16:00:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-04 11:30:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-04 10:15:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2008-04-04 10:11:01 0 d-------- C:\Program Files\DIFX
2008-04-04 10:09:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-04-04 10:09:01 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-04 10:08:18 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-04 10:07:28 0 d-------- C:\Program Files\Nokia
2008-04-02 05:45:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-03-30 12:34:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\COWON
2008-03-30 12:34:31 0 d-------- C:\Program Files\JetAudio
2008-03-24 00:27:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-03-24 00:24:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\.purple
2008-03-24 00:24:00 0 d-------- C:\Program Files\Pidgin
2008-03-24 00:23:46 0 d-------- C:\Program Files\Common Files\GTK
2008-03-23 15:17:08 822254 -rahs---- C:\WINDOWS\system32\kinza.exe
2008-03-23 15:17:08 0 d-------- C:\Documents and Settings\All Users\Application Data\syswin
2008-03-23 15:17:06 29184 --a------ C:\WINDOWS\system32\wproxp.exe
2008-03-23 15:17:06 58880 --ahs---- C:\WINDOWS\system32\imapde.dll <Not Verified; ; Delphi Zip>
2008-03-23 15:17:06 30208 --ahs---- C:\WINDOWS\system32\imapdd.dll <Not Verified; ; Dynamic Link Library>
2008-03-23 15:17:06 199680 --ahs---- C:\WINDOWS\system32\imapdc.dll
2008-03-23 15:17:06 33280 --ahs---- C:\WINDOWS\system32\imapdb.dll
2008-03-23 15:17:06 35840 --a------ C:\WINDOWS\system32\dxdlg.exe
2008-03-23 15:17:06 17578 -rahs---- C:\WINDOWS\system32\boot.vbs
2008-03-23 15:17:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\dxdlls
2008-03-23 11:37:16 0 d-------- C:\Program Files\gAlwaysIdle
2008-03-23 11:35:40 0 d-------- C:\Program Files\NetMeter
2008-03-19 00:09:33 0 d-------- C:\Program Files\IM-History
2008-03-19 00:09:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\IM-History
2008-03-14 15:19:03 0 d-------- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2008-04-04 22:35:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-04 22:33:16 11638 --a------ C:\Program Files\hijackthisat 4th april .log
2008-04-04 22:24:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-04-04 22:20:16 2305280 --a------ C:\blockstrain.dat
2008-04-04 16:07:05 0 d-------- C:\Program Files\Common Files
2008-04-04 11:27:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-03 17:07:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\DMCache
2008-04-02 23:05:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-03-30 10:35:35 0 d-------- C:\Program Files\ICQToolbar
2008-03-20 04:07:33 0 d-------- C:\Program Files\Dictionary
2008-03-04 17:28:34 0 d-------- C:\Program Files\Baraha 7.0
2008-03-02 18:13:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-03-01 05:20:08 0 d-------- C:\Program Files\Oberon Media
2008-03-01 05:20:08 0 d-------- C:\Program Files\Common Files\Oberon Media
2008-02-29 16:29:11 0 d-------- C:\Program Files\City Interactive
2008-02-22 20:31:42 0 d-------- C:\Program Files\LingvoSoft
2008-02-22 20:28:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\LingvoSoft
2008-02-22 20:10:44 0 d-------- C:\Program Files\uTorrent
2008-02-15 18:52:13 0 d-------- C:\Program Files\Google
2008-02-15 03:06:50 0 d-------- C:\Program Files\Common Files\Skype
2008-02-15 03:04:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
2008-02-14 22:34:28 0 d-------- C:\Program Files\SeePassword
2008-02-14 03:30:36 0 d-------- C:\Program Files\ICQ6
2008-02-14 03:30:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\ICQ
2008-02-14 03:29:50 0 d-------- C:\Program Files\ICQLite
2008-02-14 03:27:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-02-14 01:39:14 0 d-------- C:\Program Files\UltraSMS
2008-02-08 22:42:27 0 d-------- C:\Program Files\Noki
2008-02-05 19:13:02 0 d-------- C:\Program Files\Pcsx2_0.9.4
2008-01-19 07:34:17 22720 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-01-16 05:53:08 190527 --ahs---- C:\WINDOWS\system32\accdd.ini2
2008-01-16 03:00:04 0 --------- C:\WINDOWS\system32\dswwpulr.dll
2008-01-04 03:07:22 0 --------- C:\WINDOWS\system32\aeoikhna.dll
2008-01-04 03:00:37 0 --------- C:\WINDOWS\system32\aqavugmr.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09F3C307-A309-4521-8FB2-ADAF61122E83}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{158101FE-270A-4809-92EC-85E4C9AC79D9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{359FBCEF-719B-4AF4-92EB-0904C70F091A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38E6048C-B6FC-4AD0-96DE-4203B5B84EB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65789E88-2674-4B3E-A496-5EFC6290F496}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70259058-9F39-40F6-B76C-57E3DB591222}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{702EEBD6-E05E-467D-A9D0-D5E2D59A63F6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75E23530-2F9B-47B2-9FCD-3357DC66747A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88C351B2-8245-43E6-BD78-7B46B739B167}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E0D99B0-B0CC-4EC3-9B4D-8AE804111C32}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94B084C1-267D-4E99-BF0A-6972E2B5ABE8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A46C6329-B67B-4CBA-9C20-78D949991EEB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC56E58B-6895-44F5-AE10-C9E11323A70F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCDE785D-7ACA-44AD-8A1D-29019586D207}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9B1705F-B18B-4737-A817-F3948BC3835A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE69575E-DB38-4370-9A90-7D41FE40BAD0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC6EB812-9B6A-4352-B704-AEA04A14469D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [07/09/2006 10:49 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [30/03/2008 12:07 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [30/06/2007 09:25 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00 AM]
"supertintin_skype"="C:\Program Files\Supertintin for Skype\supertintin_skype.exe" [25/09/2007 02:54 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 02:55 PM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/08/2004 04:26 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/02/2006 06:09 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/02/2006 06:06 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/02/2006 06:10 AM]
"SigmatelSysTrayApp"="sttray.exe" [27/07/2006 11:49 AM C:\WINDOWS\sttray.exe]
"BMa7ef49bf"="C:\WINDOWS\system32\ytlfvwei.dll" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50 AM]
"SeePassword"="C:\Program Files\SeePassword\SeePassword.exe" [25/06/2005 06:18 PM]
"gidle"="C:\Program Files\gAlwaysIdle\gidle.exe" [08/01/2008 02:05 AM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [23/03/2007 01:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 05:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 04:26 AM]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [11/08/2007 03:50 PM]
"Sensiva"="C:\Program Files\Sensiva\Sensiva.exe" [09/06/2007 10:16 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
IM-History.lnk - C:\Program Files\IM-History\im-history.exe [06/02/2008 7:45:40 PM]
SpywareGuard.lnk.disabled [04/01/2008 11:57:11 PM]
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [08/01/2007 9:08:16 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [04/04/2008 11:27:29 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisbleRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"status"=present
"winlogon"=C:\heap41a\svchost.exe C:\heap41a\std.txt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpopp]
urqpopp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a4dc7a23]
rundll32.exe "C:\WINDOWS\system32\vndjmjuc.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\gAMES\daemon\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneTray]
C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sensiva]
C:\Program Files\Sensiva\Sensiva.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"c:\program files\divx\divx pro codec\gain_trickler_3102.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1472d2c2-271e-11dc-b546-0011670eda5c}]
Auto\command- J:\GH0ST.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GH0ST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fb940e4-caf4-11db-b48b-0011670eda5c}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc91c747-1643-11dc-b532-0011670eda5c}]
AutoRun\command- .\Recycled\Driveinfo.exe
Open\Command- .\Recycled\Driveinfo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c96c6913-53cc-11dc-b58e-0011670eda5c}]
Auto\command- K:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c96c6914-53cc-11dc-b58e-0011670eda5c}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7853 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-04 23:02:54 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1013.93 MiB / 540.23 MiB
Pagefile Memory (total/avail): 2440.56 MiB / 1943.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1893.57 MiB

C: is Fixed (NTFS) - 9.77 GiB total, 0.44 GiB free.
D: is Fixed (NTFS) - 14.65 GiB total, 1.38 GiB free.
E: is Fixed (NTFS) - 14.65 GiB total, 0.78 GiB free.
F: is Fixed (NTFS) - 14.65 GiB total, 0.16 GiB free.
G: is Fixed (NTFS) - 20.81 GiB total, 0.69 GiB free.
H: is CDROM (Unformatted)
I: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - ST380211AS - 74.53 GiB - 5 partitions
\PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 64.75 GiB - D: - E: - F: - G:

\\.\PHYSICALDRIVE1 - SanDisk USB Flash Drive USB Device - 1898.31 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 1905.99 MiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: avast! antivirus 4.8.1169 [VPS 080404-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\WINDOWS\\system32\\qfweikvp.exe"="C:\\WINDOWS\\system32\\qfw"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Torrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VIJAY-CF264D1D8
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\VIJAY-CF264D1D8
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Autodesk Shared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=VIJAY-CF264D1D8
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Torrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ֻͯʥر --> "C:\Program Files\wedomo\sjboy\unins000.exe"
1Click DVD to Divx Avi 2.12 --> "C:\Program Files\1Click DVD to Divx Avi\unins000.exe"
7-Zip 4.30 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
ACDSee --> C:\PROGRA~1\ACD\ACDSee\UNWISE.EXE C:\PROGRA~1\ACD\ACDSee\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe PageMaker 6.5 --> C:\WINDOWS\uninst.exe -fC:\PM65\DeIsL1.isu
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Anti Tracks 6.0.1 --> "C:\Program Files\Anti Tracks\unins000.exe"
AutoCAD 2004 --> MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}
AutoCAD Express Tools Volumes 1-9 --> MsiExec.exe /X{5783F2D7-0211-0409-0000-0060B0CE6BBA}
Autodesk Express Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AutoPlay Express 4.5 --> "C:\Program Files\AutoPlay Express 4.5\unins000.exe"
AutoRun Pro version 6.0 --> "C:\Program Files\Longtion\AutoRunPro\unins000.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Baraha 7.0 --> "C:\Program Files\Baraha 7.0\unins000.exe"
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
BOOKcase 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TEXTware\BOOKcase40\Uninst.isu"
Cambridge Dictionary of American English, version 1.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cambridge\CAE002CP\Uninst.isu"
CDCheck --> "C:\Program Files\CDCheck\uninst.exe"
Cheatbook Database 2005 --> "C:\Program Files\Cheatbook Database 2005\Uninstal.exe"
Cool Plane Game Powered by AdVantage --> "C:\Program Files\FreeGamesWay.com\Cool Plane Game\unins000.exe"
Crazy Nut 1.0 --> "D:\gAMES\Crazy Nut\unins000.exe"
DivX 5.0.1 Pro Bundle --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVD Author ActiveX Control --> "C:\Program Files\DVD Author ActiveX Control\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
Easy HTML Autorun Builder --> C:\Program Files\Easy HTML Autorun Builder\uninst.exe
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
eMusic - 100 Free MP3 offer --> "C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
FileRecovery for MultiMediaCard --> "C:\Program Files\FileRecovery for MultiMediaCard\uninstall.exe"
Flying Bomber --> C:\Program Files\Flying Bomber\uninstall.exe
Freecorder 2.3 (with Skype Call Recording) --> C:\WINDOWS\iun6002.exe "C:\Program Files\Freecorder\irunin.ini"
gAlwaysIdle --> "C:\Program Files\gAlwaysIdle\uninstall.exe"
GoldWave v5.20 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTK+ Runtime 2.12.8 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Hide My Files 1.0 --> "C:\Program Files\Hide My Files\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ Toolbar --> regsvr32 /u /s "C:\PROGRA~1\ICQTOO~1\toolbaru.dll"
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
IM-History (remove only) --> "C:\Program Files\IM-History\Uninstall.exe"
ImTOO AVI to DVD Converter --> C:\Program Files\ImTOO\AVI to DVD Converter\Uninstall.exe
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel® PRO Network Connections Drivers --> Prounstl.exe
Internet Download Manager --> C:\Program Files\Internet Download Manager\Uninstall.exe
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
K-Lite Mega Codec Pack 1.40 --> "G:\K-Lite Codec Pack\unins000.exe"
LingvoSoft Talking Dictionary 2006 (English<->Hindi) for Windows --> C:\PROGRA~1\LINGVO~1\LINGVO~3\UNWISE.EXE C:\PROGRA~1\LINGVO~1\LINGVO~3\INSTALL.LOG
LingvoSoft Talking Dictionary 2008 English<->Slovak for Windows --> C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2008 (English-Slovak) for Windows\Uninstall.exe
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
MakeCDROM --> C:\Program Files\MakeCDROM4\Uninstal.exe
Maruti Alto Screen Saver --> C:\WINDOWS\NCUNINST.EXe REMOVE Maruti Alto
Mathematica 5.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F2219B4D-F582-4A54-9C8C-F69E8B6AFFF3}
Menu Creator 2007 (0.7.3) & Menu Extended 0.8.2 --> "C:\Program Files\Menu Creator\unins000.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
MIKSOFT Mobile 3GP converter --> "C:\Program Files\MIKSOFT\Mobile 3GP converter\unins000.exe"
MIKSOFT Mobile Media Converter --> "C:\Program Files\MIKSOFT\Mobile Media Converter\unins000.exe"
MobileDVD Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2204F8B-FBF6-4E0B-80AB-E018C170E83A}\setup.exe" -l0x9 -removeonly
Mobiola Web Camera 1.0.3 --> "C:\Program Files\Mobiola Web Camera\unins000.exe"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 To Ringtone 1.36 --> "C:\Program Files\AnMing\unins000.exe"
mpowerplayer --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://mpowerplayer.com/content/lib/player.jarjnlp"
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Need for Speed Underground 2 --> D:\gAMES\NFS\EAUninstall.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBus Pro --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NetBus Pro\Uninst.isu" -c"C:\Program Files\NetBus Pro\NBUninst.dll"
NetMeter 1.1.3 --> "C:\Program Files\NetMeter\unins000.exe"
Noki v1.4 --> "C:\Program Files\Noki\unins000.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng_web.exe /LANG="2057"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
One-click Ringtone Converter --> MsiExec.exe /X{FE4D2090-9E16-43A2-8020-EA825E9E7F5E}
Opera 9 Beta --> C:\PROGRA~1\OPERA9~1\uninst\unwise.exe C:\PROGRA~1\OPERA9~1\uninst\install.log
Opera 9.02 --> MsiExec.exe /X{738179D8-3D76-4AFF-A7BE-AEF3B4370CB4}
Orkut Cute --> C:\Program Files\Orkut Cute\uninstall.exe
Pacific Heroes --> "C:\Program Files\City Interactive\Pacific Heroes\Uninstall.exe" "C:\Program Files\City Interactive\Pacific Heroes\install.log"
Pacific Heroes --> "C:\Program Files\Oberon Media\Pacific Heroes\Uninstall.exe" "C:\Program Files\Oberon Media\Pacific Heroes\install.log"
Pamela Business 3.5 --> C:\Program Files\Pamela\Uninst.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pawn 2 --> C:\Program Files\Pawn 2\Uninstall.exe
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Pcsx2 0.9.4 Watermoose --> "C:\Program Files\Pcsx2_0.9.4\unins000.exe"
PDF4U Pro 2.0 --> "C:\Program Files\PDF4U Pro\unins000.exe"
PhoneTray Dialup --> C:\Program Files\TraySoft\PhoneTray\Uninstall.exe
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
RAR Password Cracker 4.12 --> C:\Program Files\RAR Password Cracker\uninstall.exe
REALbasic 2006r2 --> "G:\REALbasic 2006r2\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ReNamer --> "G:\ReNamer\unins000.exe"
RM to MP3 Converter 1.21 --> "C:\Program Files\RM to MP3 Converter\unins000.exe"
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
SeePassword --> MsiExec.exe /X{48948338-3777-41EB-AB05-DF48D3A59591}
Sensiva --> C:\WINDOWS\sva_unst.exe
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SK Games --> "D:\gAMES\NFS7\setup\uninst.exe"
Skype 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoftK56 Data Fax Voice Speakerphone CARP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200414F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200414F1
SolSuite --> C:\PROGRA~1\SolSuite\UNWISE.EXE C:\PROGRA~1\SolSuite\INSTALL.LOG
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Stellar Phoenix Windows Data Recovery V3.0 --> "C:\Program Files\Stellar Phoenix Windows Data Recovery\unins000.exe"
Supertintin 1.0.0.9029 --> "C:\Program Files\Supertintin for Skype\unins000.exe"
Tomb Raider: Legend Demo 1.0 --> D:\gAMES\Tomb Raider - Legend Demo\uninsttrl.exe
TomeRaider --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TomeRaider\Uninst.isu"
Total Video Converter 3.10 --> "C:\Program Files\Total Video Converter\unins000.exe"
Traces Viewer --> "C:\Program Files\Traces Viewer\unins000.exe"
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Turbo C++ --> C:\WINDOWS\uninst.exe -fc:\tcc\DeIsL1.isu -cc:\tcc\_ISREG32.DLL
Turbo Torrent 1.1.2 --> C:\Program Files\Turbo Torrent\uninst.exe
TypingMaster Typing Test --> C:\WINDOWS\uninst.exe -f"C:\Program Files\TypingMaster\TypingTest\DeIsL1.isu" -c"C:\Program Files\TypingMaster\TypingTest\_ISREG32.DLL"
UltraSMS --> "C:\Program Files\UltraSMS\unins000.exe"
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
VCD Menu Lite 2.00 --> "C:\Program Files\Briggs Softworks\VCD Menu Lite\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Video Converter Plus version 3.01 --> "C:\Program Files\Video Converter Plus\unins000.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Webshots! --> C:\WINDOWS\WebshotsUninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xml Viewer --> MsiExec.exe /I{B4EFDE89-2CE4-4B9A-A324-3D2D9F183D35}
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
YS FLIGHT SIMULATION SYSTEM 2000 --> "C:\Program Files\YSFLIGHT.COM\YSFLIGHT\ysuninst6816.exe" "C:\Program Files\YSFLIGHT.COM\YSFLIGHT\ysuninst6816.lst"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1146 / Error
Event Submitted/Written: 04/04/2008 11:01:39 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type1145 / Error
Event Submitted/Written: 04/04/2008 11:01:09 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type1144 / Error
Event Submitted/Written: 04/04/2008 10:33:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application opera.exe, version 9.2.8585.0, faulting module opera.dll, version 9.2.8585.0, fault address 0x001925cc.
Processing media-specific event for [opera.exe!ws!]

Event Record #/Type1130 / Error
Event Submitted/Written: 04/04/2008 05:46:24 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application SFService.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (SFService.exe!ld!)

Event Record #/Type1112 / Error
Event Submitted/Written: 04/04/2008 11:31:16 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6263 / Error
Event Submitted/Written: 04/04/2008 10:20:30 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
sptd

Event Record #/Type6262 / Error
Event Submitted/Written: 04/04/2008 10:20:28 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The FlyCam, WDM Video Capture service failed to start due to the following error:
%%1058

Event Record #/Type6260 / Error
Event Submitted/Written: 04/04/2008 10:19:28 PM / 04/04/2008 10:20:28 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .

Event Record #/Type6256 / Error
Event Submitted/Written: 04/04/2008 10:19:06 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type6255 / Error
Event Submitted/Written: 04/04/2008 10:17:35 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-04-04 23:02:54 ------------



thanks in advance :thumbsup:
waiting for your valuable help !

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:08 AM

Posted 04 April 2008 - 01:07 PM

Hello im_adi,

Welcome to Bleeping Computer :thumbsup:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {09F3C307-A309-4521-8FB2-ADAF61122E83} - (no file)
O2 - BHO: (no name) - {158101FE-270A-4809-92EC-85E4C9AC79D9} - (no file)
O2 - BHO: (no name) - {359FBCEF-719B-4AF4-92EB-0904C70F091A} - (no file)
O2 - BHO: (no name) - {38E6048C-B6FC-4AD0-96DE-4203B5B84EB3} - (no file)
O2 - BHO: (no name) - {65789E88-2674-4B3E-A496-5EFC6290F496} - (no file)
O2 - BHO: (no name) - {70259058-9F39-40F6-B76C-57E3DB591222} - (no file)
O2 - BHO: (no name) - {702EEBD6-E05E-467D-A9D0-D5E2D59A63F6} - (no file)
O2 - BHO: (no name) - {75E23530-2F9B-47B2-9FCD-3357DC66747A} - (no file)
O2 - BHO: (no name) - {88C351B2-8245-43E6-BD78-7B46B739B167} - (no file)
O2 - BHO: (no name) - {8E0D99B0-B0CC-4EC3-9B4D-8AE804111C32} - (no file)
O2 - BHO: (no name) - {94B084C1-267D-4E99-BF0A-6972E2B5ABE8} - (no file)
O2 - BHO: (no name) - {A46C6329-B67B-4CBA-9C20-78D949991EEB} - (no file)
O2 - BHO: (no name) - {CC56E58B-6895-44F5-AE10-C9E11323A70F} - (no file)
O2 - BHO: (no name) - {CCDE785D-7ACA-44AD-8A1D-29019586D207} - (no file)
O2 - BHO: (no name) - {D9B1705F-B18B-4737-A817-F3948BC3835A} - (no file)
O2 - BHO: (no name) - {EE69575E-DB38-4370-9A90-7D41FE40BAD0} - (no file)
O2 - BHO: (no name) - {FC6EB812-9B6A-4352-B704-AEA04A14469D} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [BMa7ef49bf] Rundll32.exe "C:\WINDOWS\system32\ytlfvwei.dll",s
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O20 - Winlogon Notify: urqpopp - urqpopp.dll (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 im_adi

im_adi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 12 April 2008 - 10:49 AM

hi sorry for late reply im really sorrry but i had exams in college so.... ok i did whatever u told me im pasting log of combofix and then log of hjt pls help me in solving my problem :thumbsup: i will be highly obliged to you all :blink: thanks in advance ;)


here comes log


ComboFix 08-04-09.9 - Administrator 2008-04-12 15:19:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.492 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\ComboFix_2.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMa7ef49bf.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\Rundll.exe
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\DXDLG.EXE
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-09 23:11 . 2008-04-09 23:11 <DIR> d-------- C:\ComboFix
2008-04-08 22:46 . 2008-04-12 00:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 22:46 . 2008-04-08 22:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-08 22:29 . 2008-04-08 22:32 <DIR> d-------- C:\Python25
2008-04-08 22:28 . 2007-11-22 19:05 33,280 --ahs---- C:\WINDOWS\system32\imapdb.dll
2008-04-08 22:28 . 2007-11-22 19:21 29,184 --a------ C:\WINDOWS\system32\wproxp.exe
2008-04-04 22:58 . 2008-04-04 22:58 <DIR> d-------- C:\Deckard
2008-04-04 21:58 . 2007-11-23 08:14 1,708 --ah----- C:\WINDOWS\system32\ActMon.ini
2008-04-04 21:57 . 2008-04-04 21:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-04 16:09 . 2008-04-09 11:29 <DIR> d-------- C:\Documents and Settings\Administrator\Phone Browser
2008-04-04 16:07 . 2008-04-04 16:07 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-04 16:06 . 2008-04-04 16:07 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-04 16:04 . 2008-04-04 16:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-04 16:03 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-04 16:03 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-04 16:03 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-04 16:03 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-04-04 16:03 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-04-04 16:00 . 2008-04-10 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-04 11:30 . 2008-04-04 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-04 10:15 . 2008-04-09 11:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2008-04-04 10:11 . 2008-04-04 16:07 <DIR> d-------- C:\Program Files\DIFX
2008-04-04 10:09 . 2008-04-04 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-04 10:09 . 2008-04-09 11:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-04-04 10:08 . 2008-04-04 16:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-04 10:07 . 2008-04-04 16:06 <DIR> d-------- C:\Program Files\Nokia
2008-04-04 10:07 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-01 13:46 . 2008-03-30 00:01 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-01 13:46 . 2008-03-30 00:05 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-30 12:34 . 2008-03-30 13:17 <DIR> d-------- C:\Program Files\JetAudio
2008-03-30 12:34 . 2008-03-30 12:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\COWON
2008-03-24 00:27 . 2008-03-26 00:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-03-24 00:24 . 2008-03-24 00:24 <DIR> d-------- C:\Program Files\Pidgin
2008-03-24 00:24 . 2008-03-27 04:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.purple
2008-03-24 00:23 . 2008-03-24 00:23 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-03-23 15:17 . 2008-04-04 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\syswin
2008-03-23 15:17 . 2008-04-09 12:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\dxdlls
2008-03-23 15:17 . 2008-04-05 10:56 411,829 -rahs---- C:\WINDOWS\system32\kinza.exe
2008-03-23 15:17 . 2007-11-22 19:05 199,680 --ahs---- C:\WINDOWS\system32\imapdc.dll
2008-03-23 15:17 . 2007-11-22 19:06 58,880 --ahs---- C:\WINDOWS\system32\imapde.dll
2008-03-23 15:17 . 2007-11-22 19:05 30,208 --ahs---- C:\WINDOWS\system32\imapdd.dll
2008-03-23 15:17 . 2008-03-23 15:17 17,578 -rahs---- C:\WINDOWS\system32\boot.vbs
2008-03-23 11:37 . 2008-03-23 11:37 <DIR> d-------- C:\Program Files\gAlwaysIdle
2008-03-23 11:35 . 2008-03-23 11:40 <DIR> d-------- C:\Program Files\NetMeter
2008-03-19 00:09 . 2008-03-19 00:09 <DIR> d-------- C:\Program Files\IM-History
2008-03-19 00:09 . 2008-03-19 00:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IM-History
2008-03-14 15:19 . 2008-03-14 15:19 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 09:54 2,305,280 ----a-w C:\blockstrain.dat
2008-04-12 02:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-12 02:23 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-04-11 18:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-04-05 05:10 --------- d-----w C:\Program Files\Crazy Nut
2008-04-04 17:03 11,638 ----a-w C:\Program Files\hijackthisat 4th april .log
2008-04-04 05:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 05:05 --------- d-----w C:\Program Files\ICQToolbar
2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-26 23:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\.purple
2008-03-19 22:37 --------- d-----w C:\Program Files\Dictionary
2008-03-04 11:58 --------- d-----w C:\Program Files\Baraha 7.0
2008-03-02 12:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-02-29 23:50 --------- d-----w C:\Program Files\Oberon Media
2008-02-29 23:50 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-02-29 10:59 --------- d-----w C:\Program Files\City Interactive
2008-02-22 15:01 --------- d-----w C:\Program Files\LingvoSoft
2008-02-22 14:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LingvoSoft
2008-02-22 14:40 --------- d-----w C:\Program Files\uTorrent
2008-02-15 13:22 --------- d-----w C:\Program Files\Google
2008-02-14 21:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-14 21:36 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-14 21:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
2008-02-13 22:00 --------- d-----w C:\Program Files\ICQ6
2008-02-13 22:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-02-13 21:59 --------- d-----w C:\Program Files\ICQLite
2008-02-13 21:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-02-13 20:09 --------- d-----w C:\Program Files\UltraSMS
2007-07-09 19:37 230 -c--a-w C:\Program Files\dict.ini
2004-10-01 09:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2007-11-22 13:35 33,280 --sha-w C:\WINDOWS\system32\imapdb.dll
2007-11-22 13:35 199,680 --sha-w C:\WINDOWS\system32\imapdc.dll
2007-11-22 13:35 30,208 --sha-w C:\WINDOWS\system32\imapdd.dll
2007-11-22 13:36 58,880 --sha-w C:\WINDOWS\system32\imapde.dll
2007-12-25 16:01 194,109 --sha-w C:\WINDOWS\system32\srutv.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:26 15360]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2007-08-11 15:50 331264]
"Sensiva"="C:\Program Files\Sensiva\Sensiva.exe" [2007-06-09 10:16 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 22:49 15872]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-30 21:25 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"supertintin_skype"="C:\Program Files\Supertintin for Skype\supertintin_skype.exe" [2007-09-25 14:54 167936]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55 6731312]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:26 158208]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 06:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 06:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 06:10 118784]
"SigmatelSysTrayApp"="sttray.exe" [2006-07-27 11:49 282624 C:\WINDOWS\sttray.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SeePassword"="C:\Program Files\SeePassword\SeePassword.exe" [ ]
"gidle"="C:\Program Files\gAlwaysIdle\gidle.exe" [2008-01-08 02:05 49152]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
IM-History.lnk - C:\Program Files\IM-History\im-history.exe [2008-02-06 19:45:40 1355776]
SpywareGuard.lnk.disabled [2008-01-04 23:57:11 655]
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2007-01-08 09:08:16 192512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisbleRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"status"= present

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a4dc7a23]
C:\WINDOWS\system32\vndjmjuc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
--a--c--- 2001-12-23 16:32 4608 C:\WINDOWS\system32\carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
D:\gAMES\daemon\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a--c--- 2007-01-02 02:52 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra--c--- 2006-02-07 06:06 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra--c--- 2006-02-07 06:10 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra--c--- 2006-02-07 06:09 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2006-02-10 21:40 2048000 C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneTray]
--a--c--- 2007-05-25 03:54 839168 C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-----c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sensiva]
--a------ 2007-06-09 10:16 389120 C:\Program Files\Sensiva\Sensiva.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-07-27 11:49 282624 C:\WINDOWS\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-06-30 21:25 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
c:\program files\divx\divx pro codec\gain_trickler_3102.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 00:01]
R1 SbPd;SbPd;C:\WINDOWS\system32\Drivers\SbPd.sys [2007-06-03 01:28]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 00:05]
R2 CameraServer;CameraServer;C:\Program Files\Eyemail Technology Inc\CameraServer.exe [2006-01-12 08:22]
R3 PhoneTrayDriver;PhoneTrayDriver;C:\WINDOWS\system32\Drivers\ptdrv.sys [2007-04-13 08:11]
S2 DPDStartingService;DPDStartingService;C:\PROGRA~1\DAP\PRIVAC~1\SFSERV~1.EXE [2007-06-03 01:28]
S2 FLYCAM;FlyCam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\flycam.sys [2006-01-12 07:59]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 18:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05b3bb62-6784-11dc-b5de-0011670eda5c}]
\Shell\AutoRun\command - kinza.exe
\Shell\explore\Command - kinza.exe
\Shell\open\Command - kinza.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1472d2c2-271e-11dc-b546-0011670eda5c}]
\Shell\Auto\command - J:\GH0ST.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GH0ST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3974a1fc-0401-11dd-b772-0011670eda5c}]
\Shell\AutoRun\command - J:\kinza.exe
\Shell\explore\Command - J:\kinza.exe
\Shell\open\Command - J:\kinza.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c96c6913-53cc-11dc-b58e-0011670eda5c}]
\Shell\Auto\command - K:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 06:03:12 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-06-02 15:04:01 C:\WINDOWS\Tasks\EaseBackup (Administrator) - Backup of all files on all hard disks.job"
- G:\ease backup\EBShell.exe,/GS:C:\Documents and Settings\Administrator\Local Settings\Application Data\KieSoft\EaseBackup\Catalogs\Backup of all files on all hard disks\Backup of all files on all hard disks.zip
"2007-01-28 10:27:05 C:\WINDOWS\Tasks\EaseBackup (Administrator) - DO NOT EDIT OR DELETE ME.job"
- G:\ease backup\EBShell.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 15:25:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Program Files\\NetMeter\\NetMeter.exe"="C:\\Program Files\\NetMeter\\NetMeter.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\gAlwaysIdle\gidle.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\Crypserv.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rasautou.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-12 15:28:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-12 09:58:21
Pre-Run: 690,786,304 bytes free
Post-Run: 614,653,952 bytes free




then hjt log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:35 PM, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eyemail Technology Inc\CameraServer.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Sensiva\Sensiva.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\IM-History\im-history.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe /start_context sys_auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SeePassword] C:\Program Files\SeePassword\SeePassword.exe
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [Sensiva] C:\Program Files\Sensiva\Sensiva.exe
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: IM-History.lnk = C:\Program Files\IM-History\im-history.exe
O4 - Startup: SpywareGuard.lnk.disabled
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1FC4811-B87F-473B-901F-8CB47DB8B5D1}: NameServer = 218.248.240.208 218.248.240.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D66531-8D5F-41E5-A417-C360C99A58B1}: NameServer = 218.248.255.145,61.1.96.69
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\IM-History\Skype4Com.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CameraServer - Unknown owner - C:\Program Files\Eyemail Technology Inc\CameraServer.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DPDStartingService - Unknown owner - C:\PROGRA~1\DAP\PRIVAC~1\SFSERV~1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 9708 bytes
thanks ! waiting for reply :wacko:
take very good care :)

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:08 AM

Posted 12 April 2008 - 11:07 AM

Hello,

Not a problem. :thumbsup: Real life happens sometimes. :blink:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a4dc7a23]

File::
C:\WINDOWS\system32\vndjmjuc.dll


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

How is it running now? :wacko:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 im_adi

im_adi
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 13 April 2008 - 03:16 PM

hi tea ! i am here again ! oh first of all i want to thank you for taking so much efforts for me :thumbsup: and also for giving replies in very short time ! my computer running quiet ok now ONLY BECAUSE OF UR VALUABLE GUIDANCE :blink: thanks for it again :wacko:

i did everything what u told :) so i am posting log of combofix along with hjt log created today :) pls suggest further and i wil be obliged to you :)


here comes combo fix log


ComboFix 08-04-09.9 - Administrator 2008-04-14 1:35:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.530 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\ComboFix_2.exe
Command switches used :: C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\vndjmjuc.dll
.

((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-09 23:11 . 2008-04-09 23:11 <DIR> d-------- C:\ComboFix
2008-04-08 22:46 . 2008-04-14 00:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 22:46 . 2008-04-08 22:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-08 22:29 . 2008-04-08 22:32 <DIR> d-------- C:\Python25
2008-04-08 22:28 . 2007-11-22 19:05 33,280 --ahs---- C:\WINDOWS\system32\imapdb.dll
2008-04-08 22:28 . 2007-11-22 19:21 29,184 --a------ C:\WINDOWS\system32\wproxp.exe
2008-04-04 22:58 . 2008-04-04 22:58 <DIR> d-------- C:\Deckard
2008-04-04 21:58 . 2007-11-23 08:14 1,708 --ah----- C:\WINDOWS\system32\ActMon.ini
2008-04-04 21:57 . 2008-04-04 21:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-04 16:09 . 2008-04-09 11:29 <DIR> d-------- C:\Documents and Settings\Administrator\Phone Browser
2008-04-04 16:07 . 2008-04-04 16:07 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-04-04 16:06 . 2008-04-04 16:07 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-04-04 16:04 . 2008-04-04 16:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-04 16:03 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-04-04 16:03 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-04 16:03 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-04-04 16:03 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-04-04 16:03 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-04-04 16:00 . 2008-04-10 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-04-04 11:30 . 2008-04-04 11:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-04 10:15 . 2008-04-09 11:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2008-04-04 10:11 . 2008-04-04 16:07 <DIR> d-------- C:\Program Files\DIFX
2008-04-04 10:09 . 2008-04-04 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-04 10:09 . 2008-04-09 11:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-04-04 10:08 . 2008-04-04 16:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-04 10:07 . 2008-04-04 16:06 <DIR> d-------- C:\Program Files\Nokia
2008-04-04 10:07 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-01 13:46 . 2008-03-30 00:01 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-01 13:46 . 2008-03-30 00:05 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-30 12:34 . 2008-03-30 13:17 <DIR> d-------- C:\Program Files\JetAudio
2008-03-30 12:34 . 2008-03-30 12:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\COWON
2008-03-24 00:27 . 2008-03-26 00:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
2008-03-24 00:24 . 2008-03-24 00:24 <DIR> d-------- C:\Program Files\Pidgin
2008-03-24 00:24 . 2008-03-27 04:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.purple
2008-03-24 00:23 . 2008-03-24 00:23 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-03-23 15:17 . 2008-04-04 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\syswin
2008-03-23 15:17 . 2008-04-09 12:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\dxdlls
2008-03-23 15:17 . 2008-04-05 10:56 411,829 -rahs---- C:\WINDOWS\system32\kinza.exe
2008-03-23 15:17 . 2007-11-22 19:05 199,680 --ahs---- C:\WINDOWS\system32\imapdc.dll
2008-03-23 15:17 . 2007-11-22 19:06 58,880 --ahs---- C:\WINDOWS\system32\imapde.dll
2008-03-23 15:17 . 2007-11-22 19:05 30,208 --ahs---- C:\WINDOWS\system32\imapdd.dll
2008-03-23 15:17 . 2008-03-23 15:17 17,578 -rahs---- C:\WINDOWS\system32\boot.vbs
2008-03-23 11:37 . 2008-03-23 11:37 <DIR> d-------- C:\Program Files\gAlwaysIdle
2008-03-23 11:35 . 2008-03-23 11:40 <DIR> d-------- C:\Program Files\NetMeter
2008-03-19 00:09 . 2008-03-19 00:09 <DIR> d-------- C:\Program Files\IM-History
2008-03-19 00:09 . 2008-03-19 00:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IM-History
2008-03-14 15:19 . 2008-03-14 15:19 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 20:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-13 20:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DMCache
2008-04-13 18:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-04-13 02:59 2,305,280 ----a-w C:\blockstrain.dat
2008-04-05 05:10 --------- d-----w C:\Program Files\Crazy Nut
2008-04-04 17:03 11,638 ----a-w C:\Program Files\hijackthisat 4th april .log
2008-04-04 05:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-30 05:05 --------- d-----w C:\Program Files\ICQToolbar
2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-26 23:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\.purple
2008-03-19 22:37 --------- d-----w C:\Program Files\Dictionary
2008-03-04 11:58 --------- d-----w C:\Program Files\Baraha 7.0
2008-03-02 12:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-02-29 23:50 --------- d-----w C:\Program Files\Oberon Media
2008-02-29 23:50 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-02-29 10:59 --------- d-----w C:\Program Files\City Interactive
2008-02-22 15:01 --------- d-----w C:\Program Files\LingvoSoft
2008-02-22 14:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LingvoSoft
2008-02-22 14:40 --------- d-----w C:\Program Files\uTorrent
2008-02-15 13:22 --------- d-----w C:\Program Files\Google
2008-02-14 21:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-14 21:36 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-14 21:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
2008-02-13 22:00 --------- d-----w C:\Program Files\ICQ6
2008-02-13 22:00 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-02-13 21:59 --------- d-----w C:\Program Files\ICQLite
2008-02-13 21:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-02-13 20:09 --------- d-----w C:\Program Files\UltraSMS
2007-07-09 19:37 230 -c--a-w C:\Program Files\dict.ini
2004-10-01 09:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
2007-11-22 13:35 33,280 --sha-w C:\WINDOWS\system32\imapdb.dll
2007-11-22 13:35 199,680 --sha-w C:\WINDOWS\system32\imapdc.dll
2007-11-22 13:35 30,208 --sha-w C:\WINDOWS\system32\imapdd.dll
2007-11-22 13:36 58,880 --sha-w C:\WINDOWS\system32\imapde.dll
2007-12-25 16:01 194,109 --sha-w C:\WINDOWS\system32\srutv.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_15.28.07.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-12 09:54:29 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-13 20:07:46 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-13 02:58:58 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_624.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:26 15360]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2007-08-11 15:50 331264]
"Sensiva"="C:\Program Files\Sensiva\Sensiva.exe" [2007-06-09 10:16 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 22:49 15872]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-30 21:25 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"supertintin_skype"="C:\Program Files\Supertintin for Skype\supertintin_skype.exe" [2007-09-25 14:54 167936]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55 6731312]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:26 158208]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 06:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 06:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 06:10 118784]
"SigmatelSysTrayApp"="sttray.exe" [2006-07-27 11:49 282624 C:\WINDOWS\sttray.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SeePassword"="C:\Program Files\SeePassword\SeePassword.exe" [ ]
"gidle"="C:\Program Files\gAlwaysIdle\gidle.exe" [2008-01-08 02:05 49152]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
IM-History.lnk - C:\Program Files\IM-History\im-history.exe [2008-02-06 19:45:40 1355776]
SpywareGuard.lnk.disabled [2008-01-04 23:57:11 655]
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2007-01-08 09:08:16 192512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisbleRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"status"= present

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
--a--c--- 2001-12-23 16:32 4608 C:\WINDOWS\system32\carpserv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
D:\gAMES\daemon\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a--c--- 2007-01-02 02:52 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra--c--- 2006-02-07 06:06 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra--c--- 2006-02-07 06:10 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra--c--- 2006-02-07 06:09 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2006-02-10 21:40 2048000 C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneTray]
--a--c--- 2007-05-25 03:54 839168 C:\Program Files\TraySoft\PhoneTray\PhoneTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-----c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sensiva]
--a------ 2007-06-09 10:16 389120 C:\Program Files\Sensiva\Sensiva.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-07-27 11:49 282624 C:\WINDOWS\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-06-30 21:25 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
c:\program files\divx\divx pro codec\gain_trickler_3102.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 00:01]
R1 SbPd;SbPd;C:\WINDOWS\system32\Drivers\SbPd.sys [2007-06-03 01:28]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 00:05]
R2 CameraServer;CameraServer;C:\Program Files\Eyemail Technology Inc\CameraServer.exe [2006-01-12 08:22]
R3 PhoneTrayDriver;PhoneTrayDriver;C:\WINDOWS\system32\Drivers\ptdrv.sys [2007-04-13 08:11]
S2 DPDStartingService;DPDStartingService;C:\PROGRA~1\DAP\PRIVAC~1\SFSERV~1.EXE [2007-06-03 01:28]
S2 FLYCAM;FlyCam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\flycam.sys [2006-01-12 07:59]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 18:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05b3bb62-6784-11dc-b5de-0011670eda5c}]
\Shell\AutoRun\command - kinza.exe
\Shell\explore\Command - kinza.exe
\Shell\open\Command - kinza.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1472d2c2-271e-11dc-b546-0011670eda5c}]
\Shell\Auto\command - J:\GH0ST.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GH0ST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3974a1fc-0401-11dd-b772-0011670eda5c}]
\Shell\AutoRun\command - J:\kinza.exe
\Shell\explore\Command - J:\kinza.exe
\Shell\open\Command - J:\kinza.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c96c6913-53cc-11dc-b58e-0011670eda5c}]
\Shell\Auto\command - K:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 06:03:12 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-06-02 15:04:01 C:\WINDOWS\Tasks\EaseBackup (Administrator) - Backup of all files on all hard disks.job"
- G:\ease backup\EBShell.exe/GS:C:\Documents and Settings\Administrator\Local Settings\Application Data\KieSoft\EaseBackup\Catalogs\Backup of all files on all hard disks\Backup of all files on all hard disks.zip
"2007-01-28 10:27:05 C:\WINDOWS\Tasks\EaseBackup (Administrator) - DO NOT EDIT OR DELETE ME.job"
- G:\ease backup\EBShell.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 01:37:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\Program Files\\NetMeter\\NetMeter.exe"="C:\\Program Files\\NetMeter\\NetMeter.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\gAlwaysIdle\gidle.dll
.
Completion time: 2008-04-14 1:39:05
ComboFix-quarantined-files.txt 2008-04-13 20:08:32
ComboFix2.txt 2008-04-12 09:58:30
Pre-Run: 639,795,200 bytes free
Post-Run: 629,702,656 bytes free



aaaaaaaaaand ,, here comes hjt log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:34 AM, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sttray.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Sensiva\Sensiva.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eyemail Technology Inc\CameraServer.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe /start_context sys_auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SeePassword] C:\Program Files\SeePassword\SeePassword.exe
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [Sensiva] C:\Program Files\Sensiva\Sensiva.exe
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: IM-History.lnk = C:\Program Files\IM-History\im-history.exe
O4 - Startup: SpywareGuard.lnk.disabled
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1FC4811-B87F-473B-901F-8CB47DB8B5D1}: NameServer = 218.248.240.208 218.248.240.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7D66531-8D5F-41E5-A417-C360C99A58B1}: NameServer = 218.248.255.145,61.1.96.69
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\IM-History\Skype4Com.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CameraServer - Unknown owner - C:\Program Files\Eyemail Technology Inc\CameraServer.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DPDStartingService - Unknown owner - C:\PROGRA~1\DAP\PRIVAC~1\SFSERV~1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 9738 bytes




thanks in advance :)
bye !
take very goood care !
-adi

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:08 AM

Posted 13 April 2008 - 03:44 PM

Hello,

You're most welcome. :thumbsup: This looks good! Are you having any problems, or is everything all right?

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

If there are no further problems:

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!Posted Image
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:08 AM

Posted 17 April 2008 - 12:41 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users