Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help me on this


  • Please log in to reply
5 replies to this topic

#1 jayawardhan009

jayawardhan009

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 18 October 2008 - 05:59 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:31 PM, on 10/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [a0db0671] rundll32.exe "C:\WINDOWS\system32\nekayiui.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-21-484763869-1659004503-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Admin')
O4 - HKUS\S-1-5-21-484763869-1659004503-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Admin')
O4 - S-1-5-21-484763869-1659004503-725345543-1003 Startup: GIGABYTE VGA Utility.lnk = ? (User 'Admin')
O4 - S-1-5-21-484763869-1659004503-725345543-1003 User Startup: GIGABYTE VGA Utility.lnk = ? (User 'Admin')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mobilityart.com
O17 - HKLM\Software\..\Telephony: DomainName = mobilityart.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FFA0ADB-EE4B-46F1-8D4D-6946330E6CCD}: NameServer = 202.63.96.1,202.63.120.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mobilityart.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FFA0ADB-EE4B-46F1-8D4D-6946330E6CCD}: NameServer = 202.63.96.1,202.63.120.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mobilityart.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FFA0ADB-EE4B-46F1-8D4D-6946330E6CCD}: NameServer = 202.63.96.1,202.63.120.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rzdztq.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7876 bytes

Please help in solving this.

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:50 AM

Posted 18 October 2008 - 11:26 AM

Hello jayawardhan009

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 jayawardhan009

jayawardhan009
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 20 October 2008 - 12:18 AM

*************LOG.TXT************************
_________________
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-10-20 10:44:38
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (31%) free of 40 GB
Total RAM: 2045 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:43 AM, on 10/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\jayawardhan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {54D29D06-798E-40EF-AB25-7996327EF9A0} - C:\WINDOWS\system32\byXQGaWO.dll
O2 - BHO: mxlivemedia browser enhancer - {722A7DF5-29D7-101E-BF6B-79E502685D0F} - C:\WINDOWS\system32\zqhghnqpoy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {78527A84-D05B-4E8A-AF04-DFBCA5544E48} - C:\WINDOWS\system32\fcccayyY.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8DAN8HQZ\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [fdeipoppanyhj] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\zqhghnqpoy.dll"
O4 - HKLM\..\Run: [a0db0671] rundll32.exe "C:\WINDOWS\system32\qoeaanbx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-21-484763869-1659004503-725345543-1010\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'jayawardhan')
O4 - HKUS\S-1-5-21-484763869-1659004503-725345543-1010\..\Run: [Google Update] "C:\Documents and Settings\jayawardhan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'jayawardhan')
O4 - HKUS\S-1-5-21-484763869-1659004503-725345543-1010\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'jayawardhan')
O4 - HKUS\S-1-5-21-484763869-1659004503-725345543-1010\..\Run: [cmds] rundll32.exe C:\WINDOWS\system32\byXQGaWO.dll,c (User 'jayawardhan')
O4 - HKUS\S-1-5-21-484763869-1659004503-725345543-1010\..\Run: [MS Juan] rundll32 "C:\WINDOWS\system32\ibdtja.dll",run (User 'jayawardhan')
O4 - S-1-5-21-484763869-1659004503-725345543-1010 Startup: Microsoft Office Outlook 2003.lnk = ? (User 'jayawardhan')
O4 - S-1-5-21-484763869-1659004503-725345543-1010 User Startup: Microsoft Office Outlook 2003.lnk = ? (User 'jayawardhan')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mobilityart.com
O17 - HKLM\Software\..\Telephony: DomainName = mobilityart.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FFA0ADB-EE4B-46F1-8D4D-6946330E6CCD}: NameServer = 202.63.96.1,202.63.120.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mobilityart.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FFA0ADB-EE4B-46F1-8D4D-6946330E6CCD}: NameServer = 202.63.96.1,202.63.120.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mobilityart.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FFA0ADB-EE4B-46F1-8D4D-6946330E6CCD}: NameServer = 202.63.96.1,202.63.120.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: rzdztq.dll
O20 - Winlogon Notify: fcccayyY - C:\WINDOWS\SYSTEM32\fcccayyY.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9722 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-14 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54D29D06-798E-40EF-AB25-7996327EF9A0}]
C:\WINDOWS\system32\byXQGaWO.dll [2008-10-18 243712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{722A7DF5-29D7-101E-BF6B-79E502685D0F}]
mxlivemedia browser enhancer - C:\WINDOWS\system32\zqhghnqpoy.dll [2008-10-14 171520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78527A84-D05B-4E8A-AF04-DFBCA5544E48}]
C:\WINDOWS\system32\fcccayyY.dll [2008-10-18 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-08 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-08 2403392]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-08-19 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-02-12 262401]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
""= []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-14 185896]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SBI"=C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8DAN8HQZ\setup_sbd_en[1].exe []
"fdeipoppanyhj"=C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]
"a0db0671"=C:\WINDOWS\system32\qoeaanbx.dll [2008-10-20 69120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-22 68856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe [2008-03-24 218496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a0db0671]
C:\WINDOWS\system32\nekayiui.dll [2008-10-18 69120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="rzdztq.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fcccayyY]
C:\WINDOWS\system32\fcccayyY.dll [2008-10-18 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{78527A84-D05B-4E8A-AF04-DFBCA5544E48}"=C:\WINDOWS\system32\fcccayyY.dll [2008-10-18 40960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\byXQGaWO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NaturalMotion\morphemeConnect 1.3.5\morphemeRuntimeTarget_pc.exe"="C:\Program Files\NaturalMotion\morphemeConnect 1.3.5\morphemeRuntimeTarget_pc.exe:*:Enabled:morphemeRuntimeTarget_pc"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Autodesk\Maya8.5\bin\maya.exe"="C:\Program Files\Autodesk\Maya8.5\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\NaturalMotion\morphemeConnect 1.3.5.1\morphemeRuntimeTarget_pc.exe"="C:\Program Files\NaturalMotion\morphemeConnect 1.3.5.1\morphemeRuntimeTarget_pc.exe:*:Enabled:morphemeRuntimeTarget_pc"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Autodesk\Combustion 2008\combustion.exe"="C:\Program Files\Autodesk\Combustion 2008\combustion.exe:*:Enabled:Combustion"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-10-20 10:44:38 ----D---- C:\rsit
2008-10-20 09:09:01 ----A---- C:\WINDOWS\system32\ibdtja.dll
2008-10-20 09:08:58 ----A---- C:\WINDOWS\system32\ttrkimjr.dll
2008-10-20 09:08:54 ----SH---- C:\WINDOWS\system32\xbnaaeoq.ini
2008-10-20 09:08:49 ----A---- C:\WINDOWS\system32\qoeaanbx.dll
2008-10-19 04:21:39 ----A---- C:\WINDOWS\system32\orvccbesqa.exe
2008-10-19 04:21:08 ----D---- C:\Documents and Settings\All Users\Application Data\Solt Lake Software
2008-10-19 01:32:25 ----D---- C:\Program Files\Antivirus 2009
2008-10-18 18:32:31 ----D---- C:\VundoFix Backups
2008-10-18 18:32:31 ----A---- C:\VundoFix.txt
2008-10-18 17:46:30 ----A---- C:\WINDOWS\system32\aoopob.dll
2008-10-18 17:46:29 ----A---- C:\WINDOWS\system32\qwkueunn.dll
2008-10-18 17:44:17 ----SH---- C:\WINDOWS\system32\bhdboxmf.ini
2008-10-18 17:03:00 ----D---- C:\WINDOWS\pss
2008-10-18 16:00:17 ----D---- C:\Program Files\Trend Micro
2008-10-18 14:48:48 ----D---- C:\Program Files\UltraISO
2008-10-18 10:59:02 ----SH---- C:\WINDOWS\system32\iuiyaken.ini
2008-10-18 10:59:01 ----A---- C:\WINDOWS\system32\rzdztq.dll
2008-10-18 10:59:00 ----A---- C:\WINDOWS\system32\jfhvbgmv.dll
2008-10-18 10:58:58 ----A---- C:\WINDOWS\system32\nekayiui.dll
2008-10-18 10:57:54 ----A---- C:\WINDOWS\system32\abf8c20f-.txt
2008-10-18 10:56:51 ----ASH---- C:\WINDOWS\system32\OWaGQXyb.ini2
2008-10-18 10:56:51 ----ASH---- C:\WINDOWS\system32\OWaGQXyb.ini
2008-10-18 10:56:45 ----A---- C:\WINDOWS\system32\byXQGaWO.dll
2008-10-18 10:51:26 ----A---- C:\WINDOWS\system32\fcccayyY.dll
2008-10-18 10:33:01 ----D---- C:\Program Files\WinPcap
2008-10-17 00:36:34 ----D---- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-10-17 00:36:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-10-15 12:23:57 ----D---- C:\Program Files\Next Limit
2008-10-14 16:57:20 ----A---- C:\WINDOWS\system32\zqhghnqpoy.dll
2008-10-14 15:08:11 ----D---- C:\Blade1.5.158.34341
2008-10-14 15:04:03 ----D---- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2008-10-10 15:54:57 ----D---- C:\QUARANTINE
2008-10-10 15:36:38 ----D---- C:\Program Files\Common Files\Cisco Systems
2008-10-10 15:36:38 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll
2008-10-04 14:07:34 ----D---- C:\Program Files\TVUPlayer
2008-09-26 11:06:10 ----A---- C:\WINDOWS\dbplugin.exe
2008-09-26 11:04:58 ----D---- C:\WINDOWS\system32\DNAML
2008-09-26 11:04:58 ----A---- C:\WINDOWS\system32\DNLEng.dll
2008-09-26 11:04:58 ----A---- C:\WINDOWS\PICN1120.dll
2008-09-26 11:04:58 ----A---- C:\WINDOWS\picn1020.dll
2008-09-26 11:04:58 ----A---- C:\WINDOWS\eSellerateEngine.dll
2008-09-23 20:35:11 ----A---- C:\WINDOWS\wininit.ini
2008-09-23 20:31:32 ----D---- C:\Program Files\FileZilla FTP Client

======List of files/folders modified in the last 1 months======

2008-10-20 10:44:43 ----D---- C:\WINDOWS\Prefetch
2008-10-20 09:11:46 ----D---- C:\WINDOWS\Temp
2008-10-20 09:09:04 ----D---- C:\WINDOWS\system32
2008-10-20 09:08:14 ----D---- C:\WINDOWS\Profiles
2008-10-20 09:07:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-19 04:25:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-19 03:16:56 ----D---- C:\WINDOWS\Internet Logs
2008-10-19 01:44:29 ----RD---- C:\Program Files
2008-10-18 18:19:43 ----D---- C:\WINDOWS
2008-10-18 18:19:43 ----D---- C:\Program Files\MSN
2008-10-18 18:19:29 ----D---- C:\Program Files\Mozilla Firefox
2008-10-18 18:13:15 ----SH---- C:\boot.ini
2008-10-18 18:13:15 ----A---- C:\WINDOWS\win.ini
2008-10-18 18:13:15 ----A---- C:\WINDOWS\system.ini
2008-10-18 18:11:37 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-10-18 15:23:11 ----D---- C:\WINDOWS\system32\config
2008-10-18 15:23:04 ----D---- C:\WINDOWS\system32\wbem
2008-10-18 15:23:03 ----D---- C:\WINDOWS\Registration
2008-10-18 15:22:21 ----D---- C:\Program Files\Common Files
2008-10-18 14:33:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-18 14:30:23 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-18 14:11:38 ----D---- C:\WINDOWS\system32\Restore
2008-10-18 11:18:30 ----HD---- C:\WINDOWS\inf
2008-10-18 11:10:06 ----D---- C:\Program Files\Autodesk
2008-10-18 10:49:31 ----SHD---- C:\WINDOWS\CSC
2008-10-18 10:33:02 ----D---- C:\WINDOWS\system32\drivers
2008-10-17 02:59:07 ----D---- C:\WINDOWS\security
2008-10-15 12:24:29 ----SHD---- C:\WINDOWS\Installer
2008-10-10 17:50:28 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-02 16:07:07 ----D---- C:\WINDOWS\Cursors
2008-09-30 09:58:51 ----D---- C:\Program Files\Stereoscopic Player
2008-09-24 15:18:39 ----A---- C:\WINDOWS\system32\ssprs.dll
2008-09-24 15:18:39 ----A---- C:\WINDOWS\system32\lsprst7.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-03-04 79424]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2007-05-28 352256]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R2 TVicHW32;TVicHW32; C:\WINDOWS\system32\drivers\TVicHW32.sys [2006-10-13 29536]
R3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-07-05 238976]
R3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-07-23 46336]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-07-05 14976]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-22 4432384]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-07-12 90880]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-03-07 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-03-26 147201]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2007-08-09 1757696]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-05 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-08 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2003-04-04 77824]

-----------------EOF-----------------


*****************INFO.TXT**************
_______________________________________
info.txt logfile of random's system information tool 1.04 2008-10-20 10:44:45

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Third Party Content-->C:\Program Files\Common Files\Adobe\Installers\3675c95c239b992d5d0ee8fce969b9e\Setup.exe
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->C:\Program Files\Common Files\Adobe\Installers\71c180716438072ebd356ce2549df41\Setup.exe
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Setup-->MsiExec.exe /I{004685F7-9FB6-4789-812F-59ABB34A55AF}
Adobe Setup-->MsiExec.exe /I{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}
Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Autodesk Backburner 2008.0.0-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Autodesk DirectConnect 2.0-->MsiExec.exe /I{28C74612-2C48-4421-BF67-3949CD90748E}
Autodesk MotionBuilder 7.5 Extension 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{61113434-A733-4197-A78A-1305BD8F0FA3}
Avira AntiVir Personal – Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Camtasia Studio 5-->MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
Combustion 2008-->C:\WINDOWS\unvise32.exe C:\Program Files\Autodesk\Combustion 2008\uninstal.log
CueClub-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Real\RealGames\CueClub\setup.exe"
Disk Cleaner (remove only)-->"C:\Program Files\Disk Cleaner\uninstall.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
FaceGen Modeller 3.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0208A2F9-6C0E-4B04-9825-1D50008ACE33}
FileZilla Client 3.1.3-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Google Gears-->MsiExec.exe /I{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lustre 2008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1456657-73F0-4A9A-B0B9-164D27483BD9}\Setup.exe" -l0x9
Lustre Color 2008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00312384-A622-4EEB-A9C1-F4EBF1DB1B16}\Setup.exe" -l0x9
Maya 8.5 Documentation (en_US)-->MsiExec.exe /I{81525B87-9344-4834-883C-C6A9D78EA1DF}
Maya 8.5-->MsiExec.exe /I{A1E0E88A-F5E9-4414-A0D7-31940E965EC5}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NaturalMotion endorphin 2.7.1-->"C:\Program Files\NaturalMotion\endorphin 2.7.1\unins000.exe"
NaturalMotion morphemeConnect 1.3.5 (remove only)-->"C:\Program Files\NaturalMotion\morphemeConnect 1.3.5\uninstall_morphemeConnect.exe"
NaturalMotion morphemeConnect 1.3.5.1 (remove only)-->"C:\Program Files\NaturalMotion\morphemeConnect 1.3.5.1\uninstall_morphemeConnect.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealFlow-->MsiExec.exe /I{A1BBC33D-F769-426E-9F83-0F63AD07BB58}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RON Tool Mxlivemedia-->C:\WINDOWS\system32\orvccbesqa.exe
Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Stereoscopic Player-->MsiExec.exe /I{252D1438-BD16-4D9B-9BFB-F619DE67B814}
The Ring Screensaver-->"C:\Program Files\The Ring Screensaver\unins000.exe"
TVicHW32 Version 1.0-->"C:\Program Files\GIGABYTE\TVicHW32\unins000.exe"
TVUPlayer 2.3.4.1-->C:\Program Files\TVUPlayer\uninst.exe
VC8MSI-->MsiExec.exe /I{4F1758C9-1A0C-4A92-A72E-C2297AAE493B}
VGA Utility-->MsiExec.exe /I{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM-->MsiExec.exe /I{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}
WebEx Productivity Tools-->MsiExec.exe /X{BEFC063D-D95E-423D-A30D-3960F25C6163}
WebEx Recorder and Player-->MsiExec.exe /I{1D243F00-1389-4C63-A7E9-B17E967D1901}
WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinPcap 3.0-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: Avira AntiVir PersonalEdition (disabled)
FW: ZoneAlarm Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Autodesk\Maya8.5\bin;C:\Program Files\Autodesk\Backburner;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"MAYA_SCRIPT_PATH"=C:\PROGRAM FILES\NATURALMOTION\ENDORPHIN 2.7.1\RESOURCES\THIRD PARTY\MAYA\SCRIPTS
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------


Please reply soon. I got this virus in my office system, I have to clean it ASAP.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:50 AM

Posted 20 October 2008 - 04:16 AM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 jayawardhan009

jayawardhan009
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 31 October 2008 - 07:05 AM

ComboFix 08-10-30.12 - Admin 2008-10-31 16:37:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1607 [GMT 5.5:30]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bhdboxmf.ini
C:\WINDOWS\system32\ddcCUoLd.dll
C:\WINDOWS\system32\dLoUCcdd.ini
C:\WINDOWS\system32\dLoUCcdd.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fcccayyY.dll
C:\WINDOWS\system32\iuiyaken.ini
C:\WINDOWS\system32\kgvwruel.ini
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ntqqjrri.ini
C:\WINDOWS\system32\oVDLnnmp.ini
C:\WINDOWS\system32\oVDLnnmp.ini2
C:\WINDOWS\system32\OWaGQXyb.ini
C:\WINDOWS\system32\OWaGQXyb.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\pxrneeow.ini
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\tdpgmrkp.ini
C:\WINDOWS\system32\tmkuroha.ini
C:\WINDOWS\system32\tpbjanio.ini
C:\WINDOWS\system32\vxpcqnqb.ini
C:\WINDOWS\system32\wjrgnjgv.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xbnaaeoq.ini
C:\WINDOWS\system32\ynpvyflv.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-31 10:39 . 2008-10-31 10:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-31 10:39 . 2007-02-22 20:50 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-10-31 10:39 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-10-31 10:39 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-10-31 10:39 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-10-31 10:39 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-10-31 10:39 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-10-31 10:38 . 2008-10-31 10:39 <DIR> d-------- C:\Program Files\McAfee
2008-10-31 10:38 . 2008-10-31 10:38 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-10-30 20:12 . 2008-10-30 20:12 120 --ahs---- C:\WINDOWS\system32\hdmxywrk.ini
2008-10-28 05:20 . 2008-10-28 05:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-10-28 05:16 . 2008-10-28 05:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-10-24 19:41 . 2008-10-31 10:46 <DIR> dr--s---- C:\Program Files\WinDriveGuard
2008-10-22 21:33 . 2008-10-22 21:33 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-10-22 16:47 . 2008-10-25 11:28 <DIR> d-------- C:\Program Files\Massive
2008-10-22 16:45 . 2001-10-24 07:50 9 --a------ C:\WINDOWS\ldf.dat
2008-10-22 14:22 . 2008-10-22 16:46 <DIR> d-------- C:\Program Files\massive_mhost
2008-10-21 10:00 . 2008-10-21 10:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-21 10:00 . 2008-10-21 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-20 14:45 . 2008-10-21 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-20 14:44 . 2008-10-20 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-20 10:44 . 2008-10-20 10:44 <DIR> d-------- C:\rsit
2008-10-18 18:32 . 2008-10-18 18:32 <DIR> d-------- C:\VundoFix Backups
2008-10-18 18:19 . 2008-10-18 18:19 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\MSNInstaller
2008-10-18 16:00 . 2008-10-18 16:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-18 10:33 . 2008-10-18 10:33 <DIR> d-------- C:\Program Files\WinPcap
2008-10-17 00:36 . 2008-10-17 00:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-10-15 12:24 . 2008-10-15 12:24 <DIR> d-------- C:\Documents and Settings\jayawardhan\scenes
2008-10-15 12:23 . 2008-10-15 12:23 <DIR> d-------- C:\Program Files\Next Limit
2008-10-14 15:08 . 2008-10-14 15:08 <DIR> d-------- C:\Blade1.5.158.34341
2008-10-14 15:04 . 2008-10-14 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2008-10-10 15:54 . 2008-10-31 16:23 <DIR> d-------- C:\QUARANTINE
2008-10-10 15:36 . 2008-10-10 15:36 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-10-10 15:36 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2008-10-06 20:45 . 2008-10-06 20:45 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\Apple Computer
2008-10-05 10:46 . 2008-10-18 15:22 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
2008-10-04 14:07 . 2008-10-04 14:08 <DIR> d-------- C:\Program Files\TVUPlayer
2008-10-04 14:07 . 2008-10-04 14:07 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\TVU Networks
2008-10-02 13:50 . 2008-10-02 13:50 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\Autodesk
2008-09-27 15:14 . 2008-09-27 15:14 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\Stereoscopic Player
2008-09-26 11:06 . 2008-09-26 11:06 1,015,776 --a------ C:\WINDOWS\dbplugin.exe
2008-09-26 11:04 . 2008-09-26 11:04 <DIR> d-------- C:\WINDOWS\system32\DNAML
2008-09-26 11:04 . 2006-12-18 15:55 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-09-26 11:04 . 2008-08-26 11:12 213,072 --a------ C:\WINDOWS\system32\DNLEng.dll
2008-09-26 11:04 . 2003-05-15 12:52 143,360 --a------ C:\WINDOWS\PICN1120.dll
2008-09-26 11:04 . 2001-06-09 18:55 143,360 --a------ C:\WINDOWS\picn1020.dll
2008-09-24 09:24 . 2008-09-25 11:11 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\combustion2008
2008-09-23 20:35 . 2008-10-30 10:51 1,639 --a------ C:\WINDOWS\wininit.ini
2008-09-23 20:31 . 2008-09-23 20:31 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-09-23 20:31 . 2008-10-24 11:47 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\FileZilla
2008-09-17 18:46 . 2008-09-17 18:46 549,159 -rahs---- C:\Program Files\Norton2009Reset.exe
2008-09-16 09:27 . 2008-10-30 12:06 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\skypePM
2008-09-16 09:25 . 2008-10-30 15:49 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\Skype
2008-09-13 15:30 . 2008-09-15 12:33 <DIR> d-------- C:\Program Files\Singular Inversions
2008-09-09 18:59 . 2008-10-27 15:01 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\U3
2008-09-09 13:07 . 2008-09-09 13:07 <DIR> d-------- C:\myProject
2008-09-08 13:44 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-08 13:06 . 2008-09-08 13:06 0 --a------ C:\10A.tmp
2008-09-08 13:06 . 2008-09-08 13:06 0 --a------ C:\108.tmp
2008-09-08 13:06 . 2008-09-08 13:06 0 --a------ C:\107.tmp
2008-09-08 13:06 . 2008-09-08 13:06 0 --a------ C:\106.tmp
2008-09-04 23:02 . 2008-09-04 23:02 <DIR> d---s---- C:\Documents and Settings\jayawardhan\UserData
2008-09-04 12:50 . 2008-10-30 19:50 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\uTorrent
2008-09-04 10:51 . 2008-09-04 10:51 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\vlc
2008-09-04 10:27 . 2008-10-29 22:28 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\Webex
2008-09-02 20:55 . 2008-09-02 21:00 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Webex
2008-09-02 20:55 . 2008-09-02 20:55 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Productivity Tools
2008-09-02 20:54 . 2008-09-02 20:54 <DIR> d-------- C:\WINDOWS\Sun
2008-09-02 20:12 . 2008-09-02 20:12 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Talkback
2008-09-02 19:55 . 2008-09-02 19:55 <DIR> d-------- C:\Documents and Settings\jayawardhan\7BB40A228D9843F9A08AE7EFF5AB1324.TMP
2008-09-02 18:47 . 2008-09-02 18:47 <DIR> d-------- C:\Documents and Settings\jayawardhan\Application Data\Talkback
2008-09-02 18:44 . 2008-10-30 19:51 <DIR> d-------- C:\Documents and Settings\jayawardhan
2008-09-02 18:44 . 2008-09-02 18:44 9,736 --a------ C:\Documents and Settings\jayawardhan\Application Data\SecSystem.exe
2008-09-01 19:26 . 2008-10-22 20:16 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\U3
2008-09-01 18:40 . 2008-10-21 13:06 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-09-01 18:21 . 2008-09-02 20:55 <DIR> d-------- C:\Program Files\WebEx
2008-09-01 18:14 . 2008-09-01 18:14 <DIR> d-------- C:\Program Files\Sun
2008-09-01 18:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-01 18:13 . 2008-09-01 18:14 <DIR> d-------- C:\Program Files\Java
2008-09-01 18:13 . 2008-09-01 18:13 <DIR> d-------- C:\Program Files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 11:16 35,377,184 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-31 11:12 421,796 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-31 06:51 1,433,088 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-10-30 05:00 --------- d-----w C:\Documents and Settings\Admin\Application Data\Skype
2008-10-30 04:59 --------- d-----w C:\Documents and Settings\Admin\Application Data\skypePM
2008-10-24 21:36 1,817,540 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-21 04:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-10-21 03:45 1,250,816 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-10-21 03:42 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-10-21 03:40 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-10-21 03:40 1,250,816 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-10-21 03:36 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-10-21 03:36 1,249,792 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-10-20 18:29 16,384 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-10-20 18:29 1,249,280 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-10-20 18:27 1,250,816 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-10-20 18:07 1,250,816 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-10-20 18:04 1,250,816 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-10-20 18:02 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-10-20 18:02 1,250,816 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-10-20 13:08 14,336 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-10-20 12:57 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-10-20 09:43 14,336 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-10-20 09:43 1,250,816 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-10-20 09:39 13,312 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-10-20 09:37 14,848 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-10-20 09:37 1,249,792 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-10-20 09:34 1,249,280 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-10-20 09:32 14,336 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-10-20 09:30 15,360 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-10-20 09:28 1,249,280 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-10-20 09:26 14,336 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-10-20 09:23 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-10-20 09:23 1,643,520 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-10-20 09:22 814,080 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-10-20 09:22 1,643,520 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-10-20 09:21 1,643,008 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-10-20 05:28 --------- d-----w C:\Program Files\Real
2008-10-20 05:26 --------- d-----w C:\Program Files\Bonjour
2008-10-18 09:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-18 05:40 --------- d-----w C:\Program Files\Autodesk
2008-09-30 04:28 --------- d-----w C:\Program Files\Stereoscopic Player
2008-09-24 10:15 --------- d-----w C:\Documents and Settings\Nayeem\Application Data\Skype
2008-09-24 10:13 --------- d-----w C:\Documents and Settings\Nayeem\Application Data\skypePM
2008-09-24 08:58 --------- d-----w C:\Documents and Settings\Nayeem\Application Data\combustion2008
2008-09-11 06:22 --------- d-----w C:\Documents and Settings\Nayeem\Application Data\uTorrent
2008-09-11 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-02 11:43 --------- d-----w C:\Documents and Settings\Nayeem\Application Data\Apple Computer
2008-08-31 08:43 3,083,776 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-08-29 14:19 --------- d-----w C:\Documents and Settings\Nayeem\Application Data\U3
2008-08-20 19:07 202,827 ----a-w C:\WINDOWS\system32\atasnt40.dll
2008-08-14 12:53 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-14 12:53 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-07 05:54 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-08-07 05:54 191,488 ----a-w C:\WINDOWS\system32\hlvdd.dll
2008-07-24 13:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-09 03:35 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 03:35 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-09-02 15:24 27,976 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2008-09-02 15:24 125,848 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2008-09-02 15:27 46,408 ----a-w C:\Program Files\mozilla firefox\plugins\atmccli.dll
2008-09-02 15:28 98,712 ----a-w C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 7700480]

C:\Documents and Settings\jayawardhan\Start Menu\Programs\Startup\
Microsoft Office Outlook 2003.lnk - C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2008-07-24 794624]

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
GIGABYTE VGA Utility.lnk - C:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2008-07-24 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= CSvidcap.dll
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 14:00 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 14:00 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-19 10:56 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-19 10:56 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-08-22 09:39 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-14 18:23 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 16:13 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-19 10:56 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-06-13 12:19 16377344 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NaturalMotion\\morphemeConnect 1.3.5\\morphemeRuntimeTarget_pc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"C:\\Program Files\\NaturalMotion\\morphemeConnect 1.3.5.1\\morphemeRuntimeTarget_pc.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\Combustion 2008\\combustion.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"1055:TCP"= 1055:TCP:Discreet BrowseD
"1066:TCP"= 1066:TCP:Discreet Slave Render

R2 aksfridge;HASP Fridge;C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2007-05-28 352256]
R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe -run [ ]
R2 Mhost;Mhost;C:\Program Files\massive_mhost\mhost.exe [2007-09-01 67584]
R3 akshhl;Aladdin HASP HL Key;C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-07-23 46336]
S2 .norton2009Reset;Norton2009 Reset;C:\Program Files\Norton2009Reset.exe [2008-09-17 549159]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af6d01fb-5989-11dd-851a-0019d1afa231}]
\Shell\AutoRun\command - wscript.exe VirusRemoval.vbs
\Shell\open\Command - wscript.exe VirusRemoval.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EC04D97-5F10-DD1B-0306-020403060503}]
C:\WINDOWS\system32\SecSystem.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-30 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\jayawardhan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 19:39]
.
- - - - ORPHANS REMOVED - - - -

BHO-{033FC801-73F8-48BF-BFBA-3C1F7FD45D33} - C:\WINDOWS\system32\ddcCUoLd.dll
BHO-{41E8D19C-845A-4C67-B305-25B0E9E29415} - (no file)
BHO-{6E8EBE07-22E9-4621-9A22-74DDAD24844F} - (no file)
BHO-{722A7DF5-29D7-101E-BF6B-79E502685D0F} - (no file)
BHO-{78527A84-D05B-4E8A-AF04-DFBCA5544E48} - C:\WINDOWS\system32\fcccayyY.dll
BHO-{97AFEEA5-D241-40FF-B8DA-262DF0E6E8BC} - (no file)
BHO-{CFB8A5EE-1869-4D5B-97B7-801BE52F50A5} - (no file)
BHO-{EEEDE762-2EA8-4A2F-9606-9CD99AAA5867} - (no file)
HKLM-Run-SBI - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\8DAN8HQZ\setup_sbd_en[1].exe
HKLM-Explorer_Run-System Drives Protector - C:\Program Files\WinDriveGuard\DriveGuard.exe
ShellExecuteHooks-{78527A84-D05B-4E8A-AF04-DFBCA5544E48} - C:\WINDOWS\system32\fcccayyY.dll
Notify-fcccayyY - (no file)
MSConfigStartUp-a0db0671 - C:\WINDOWS\system32\nekayiui.dll
MSConfigStartUp-ieupdate - C:\WINDOWS\system32\ieexplorer32.exe
MSConfigStartUp-Pro Antispyware 2009 - C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\w6sv8l7x.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 16:45:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
.
**************************************************************************
.
Completion time: 2008-10-31 17:00:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-31 11:30:23

Pre-Run: 5,199,048,704 bytes free
Post-Run: 5,787,422,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

337


what to do next?????

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:50 AM

Posted 31 October 2008 - 09:22 AM

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users