Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant open up my task manager


  • This topic is locked This topic is locked
23 replies to this topic

#1 mmkbad

mmkbad

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 16 November 2008 - 06:33 AM

Help! I cant open up my task-manager. Even pressing Alt + Ctrl + Del wont help.
Think my system is badly infected.
I've run through all the anti-virus, Ad-aware,Spybot S&D and Malwarebytes Anti-Malware and it still does not solve the problem.
Below is my attached HJT log:
Thanks in advance, i'll be waiting patiently for ur reply. :thumbsup:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:30 PM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {23B277A1-3E02-47BB-96F5-EA365530D66F} (RachWeb2P) - http://webphone.angels.com.sg/RachWeb2P.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204211633515
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: zesttns.dll,cenbezn.dll,HBSO2.dll,HBKDXY.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBBO.dll,HBSOUL.dll,HBDNF.dll,HBTL.dll,HBQQFFO.dll,avgrsstx.dll
O21 - SSODL: uujfyhkd.dll - {EA4D8F95-8F2E-4658-A234-E8F4C9AC21C5} - C:\WINDOWS\system32\uujfyhkd.dll (file missing)
O21 - SSODL: ohgcwykg.dll - {432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D} - C:\WINDOWS\system32\ohgcwykg.dll (file missing)
O21 - SSODL: qrpvwboc.dll - {4BD36A11-8E6A-47bd-A49E-740D8ACF73A0} - C:\WINDOWS\system32\qrpvwboc.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14330 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:55 AM

Posted 17 November 2008 - 07:55 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 mmkbad

mmkbad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 21 November 2008 - 08:35 PM

Hi Sam, thanks for the assistance.
Here is my MBAM log:

Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 2

11/22/2008 9:10:43 AM
mbam-log-2008-11-22 (09-10-43).txt

Scan type: Quick Scan
Objects scanned: 85441
Time elapsed: 22 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3474a8c2-bef9-46c8-983a-a26a0030ec30} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{432bdc7c-de5b-43f4-aa81-e7f8afb0182d} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{122b901e-493f-4ad9-bc69-7de8c3e52fcc} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12b02216-ac3f-42a7-8313-449771237061} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4bd36a11-8e6a-47bd-a49e-740d8acf73a0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea4d8f95-8f2e-4658-a234-e8f4c9ac21c5} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af976dcd-754f-4ac2-be49-951dc7aa57d2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\4901228 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3474a8c2-bef9-46c8-983a-a26a0030ec30} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{432bdc7c-de5b-43f4-aa81-e7f8afb0182d} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{122b901e-493f-4ad9-bc69-7de8c3e52fcc} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{12b02216-ac3f-42a7-8313-449771237061} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4bd36a11-8e6a-47bd-a49e-740d8acf73a0} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ea4d8f95-8f2e-4658-a234-e8f4c9ac21c5} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{af976dcd-754f-4ac2-be49-951dc7aa57d2} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ohgcwykg.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qrpvwboc.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\uujfyhkd.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



and this is my new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:32 AM, on 11/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Documents and Settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {23B277A1-3E02-47BB-96F5-EA365530D66F} (RachWeb2P) - http://webphone.angels.com.sg/RachWeb2P.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204211633515
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: zesttns.dll,cenbezn.dll,HBSO2.dll,HBKDXY.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBBO.dll,HBSOUL.dll,HBDNF.dll,HBTL.dll,HBQQFFO.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13876 bytes


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:55 AM

Posted 22 November 2008 - 09:34 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 mmkbad

mmkbad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 22 November 2008 - 11:47 AM

Thanks for the prompt reply Sam.

Here is my Combofix log:

ComboFix 08-11-21.05 - Miftahul 2008-11-23 0:21:46.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1455 [GMT 8:00]
Running from: c:\documents and settings\Miftahul\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\documents\setup.exe
c:\windows\driver.inf
c:\windows\system32\122B901E.cfg
c:\windows\system32\12B02216.cfg
c:\windows\system32\3474A8C2.cfg
c:\windows\system32\3D144530.cfg
c:\windows\system32\4F34C688.cfg
c:\windows\system32\58FF3024.cfg
c:\windows\system32\C56BCC10.cfg
c:\windows\system32\drivers\aliimz
c:\windows\system32\drivers\npf.sys
c:\windows\system32\E4814792.cfg
c:\windows\system32\esxegabw.nls
c:\windows\system32\knwiumih.nls
c:\windows\system32\packet.dll
c:\windows\system32\qzemaqpj.nls
c:\windows\system32\sys05019.add
c:\windows\system32\sys05026.add
c:\windows\system32\sys07013.add
c:\windows\system32\tmplljydf0.exe
c:\windows\system32\tmplljydf1.exe
c:\windows\system32\tmplljydf3.exe
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\ynbhmumc.nls

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_4901228
-------\Service_8b52f47
-------\Service_9fd8db
-------\Service_aliimz
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 )))))))))))))))))))))))))))))))
.

2008-11-12 17:00 . 2008-11-12 17:00 1,393 --a------ c:\windows\imsins.BAK
2008-11-11 22:42 . 2008-11-11 22:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-11-11 22:06 . 2008-11-11 22:06 <DIR> d-------- c:\program files\Electronic Arts
2008-11-11 22:06 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-11-11 22:06 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-11-11 22:06 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2008-11-11 22:06 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-11-11 22:05 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-11-11 22:05 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-11-11 22:05 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2008-11-11 22:05 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-11-11 22:05 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-11-11 22:05 . 2007-03-05 12:42 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-10-31 15:03 . 2008-10-31 15:29 <DIR> d-------- c:\documents and settings\Guest\Application Data\AVGTOOLBAR
2008-10-30 21:14 . 2008-11-03 17:19 <DIR> d-------- c:\documents and settings\Khairun\Application Data\AVGTOOLBAR
2008-10-28 21:15 . 2008-11-22 18:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-28 06:12 . 2008-11-05 14:05 <DIR> d-------- c:\documents and settings\Ahmad Dini\Application Data\AVGTOOLBAR
2008-10-27 22:19 . 2008-11-21 21:28 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-10-27 22:19 . 2008-10-27 22:19 <DIR> d-------- c:\program files\AVG
2008-10-27 22:19 . 2008-10-28 21:54 <DIR> d-------- c:\documents and settings\Miftahul\Application Data\AVGTOOLBAR
2008-10-27 22:19 . 2008-10-27 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-10-27 22:19 . 2008-10-27 22:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-10-27 22:19 . 2008-10-27 22:19 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-10-27 22:19 . 2008-10-27 22:19 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-10-27 22:19 . 2008-10-27 22:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-10-26 09:09 . 2008-10-26 09:09 <DIR> d-------- c:\documents and settings\Khairun\Application Data\Malwarebytes
2008-10-26 01:48 . 2008-10-27 14:18 <DIR> d-------- c:\program files\MoSo Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 16:38 46,741,536 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-22 16:37 --------- d-----w c:\documents and settings\Miftahul\Application Data\DMCache
2008-11-22 16:30 551,528 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-22 16:19 --------- d-----w c:\documents and settings\Miftahul\Application Data\BitTorrent
2008-11-21 14:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-09 03:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-31 17:37 --------- d-----w c:\documents and settings\Miftahul\Application Data\dvdcss
2008-10-29 15:42 662,528 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2008-10-29 15:42 4,654,080 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2008-10-28 13:16 4,648,960 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-10-28 13:16 3,257,856 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-22 08:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 08:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-21 12:45 44,357 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_10_21_16_24_36_small.dmp.zip
2008-10-20 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2008-10-20 11:20 --------- d-----w c:\documents and settings\Miftahul\Application Data\Malwarebytes
2008-10-20 11:20 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-19 13:25 31,455,141 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-19 13:04 --------- d-----w c:\program files\Trend Micro
2008-10-19 12:50 4,574,720 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-10-19 12:50 1,706,496 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-10-19 00:30 4,573,184 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-10-19 00:30 3,652,096 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-10-18 16:47 102,400 ----a-w c:\windows\DUMP5004.tmp
2008-10-18 16:42 102,400 ----a-w c:\windows\DUMP6ea8.tmp
2008-10-18 05:18 --------- d-----w c:\program files\Panda Security
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 06:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 06:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 23:15 --------- d-----w c:\program files\Java
2008-10-14 12:29 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-10-13 12:24 2,784 ----a-w c:\windows\system32\drivers\IsDrv122.tmp
2008-10-13 11:34 3,348,480 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-10-13 11:32 --------- d-----w c:\program files\Enigma Software Group
2008-10-13 10:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-13 08:47 --------- d-----w c:\program files\Lavasoft
2008-10-13 08:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-13 08:29 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-11 15:38 4,541,952 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-10-09 15:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-09 15:32 --------- d-----w c:\program files\VUGames
2008-10-09 15:30 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-09 15:29 --------- d-----w c:\program files\FlashGet
2008-10-04 17:36 --------- d-----w c:\documents and settings\Miftahul\Application Data\mIRC
2008-10-04 16:51 --------- d-----w c:\program files\mIRC
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 08:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 22:43 4,224 ----a-w c:\windows\system32\drivers\beep.sys
2008-09-23 22:43 4,224 ----a-w c:\windows\system32\dllcache\beep.sys
2008-09-21 08:46 4,458,496 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-09-21 08:46 3,657,728 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2007-12-14 09:05 39,440 -c--a-w c:\documents and settings\Khairun\Application Data\GDIPFONTCACHEV1.DAT
2007-10-16 12:33 39,440 -c--a-w c:\documents and settings\Miftahul\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 931760]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2008-04-30 587568]
"Google Update"="c:\documents and settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-05-23 100056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-11 286720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2005-09-22 425984]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-17 397312]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2005-09-30 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-27 1235736]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-23 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-10-27 12936]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-02-05 85888]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-18 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-27 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
R2 int15.sys;int15.sys;\??\c:\acer\Empowering Technology\eRecovery\int15.sys [2007-05-11 69632]
S0 owkddqc;owkddqc;c:\windows\system32\drivers\lalqxi.sys []
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2007-07-30 219264]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\Miftahul\LOCALS~1\Temp\DMSKSSRh.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\weiai.exe
\Shell\Explore\Command - L:\weiai.exe
\Shell\Open\Command - L:\weiai.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 20:33]

2008-11-21 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Miftahul.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 12:20]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-weiai - c:\windows\system32\weiai.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Miftahul\Application Data\Mozilla\Firefox\Profiles\20k1q43y.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 00:36:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Messenger\msmsgs.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-23 0:40:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-22 16:40:29
ComboFix2.txt 2008-10-19 13:33:29

Pre-Run: 44,652,474,368 bytes free
Post-Run: 45,528,133,632 bytes free

282 --- E O F --- 2008-11-12 09:03:06

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:55 AM

Posted 23 November 2008 - 12:22 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
DMSKSSRh
owkddqc

File::
L:\weiai.exe
c:\docume~1\Miftahul\LOCALS~1\Temp\DMSKSSRh.sys
c:\windows\system32\drivers\lalqxi.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


==================


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.


=====================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 mmkbad

mmkbad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 27 November 2008 - 10:04 PM

Hi Sam, many thanks for your prompt and fast replies. I was out of town for the weekdays past 2 weeks so i was only able to respond on weekends...

Anyways, i have done all the 3 scans u have asked me to.

Here are the log reports:


ComboFix log


ComboFix 08-11-21.05 - Miftahul 2008-11-27 23:25:43.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1527 [GMT 8:00]
Running from: c:\documents and settings\Miftahul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miftahul\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\Miftahul\LOCALS~1\Temp\DMSKSSRh.sys
c:\windows\system32\drivers\lalqxi.sys
L:\weiai.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMSKSSRH
-------\Service_DMSKSSRh
-------\Service_owkddqc


((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.

2008-11-12 17:00 . 2008-11-12 17:00 1,393 --a------ c:\windows\imsins.BAK
2008-11-11 22:42 . 2008-11-11 22:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-11-11 22:06 . 2008-11-11 22:06 <DIR> d-------- c:\program files\Electronic Arts
2008-11-11 22:06 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-11-11 22:06 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-11-11 22:06 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2008-11-11 22:06 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-11-11 22:05 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-11-11 22:05 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-11-11 22:05 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2008-11-11 22:05 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-11-11 22:05 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-11-11 22:05 . 2007-03-05 12:42 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-10-31 15:03 . 2008-10-31 15:29 <DIR> d-------- c:\documents and settings\Guest\Application Data\AVGTOOLBAR
2008-10-30 21:14 . 2008-11-03 17:19 <DIR> d-------- c:\documents and settings\Khairun\Application Data\AVGTOOLBAR
2008-10-28 21:15 . 2008-11-22 18:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-28 06:12 . 2008-11-05 14:05 <DIR> d-------- c:\documents and settings\Ahmad Dini\Application Data\AVGTOOLBAR
2008-10-27 22:19 . 2008-11-21 21:28 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-10-27 22:19 . 2008-10-27 22:19 <DIR> d-------- c:\program files\AVG
2008-10-27 22:19 . 2008-10-28 21:54 <DIR> d-------- c:\documents and settings\Miftahul\Application Data\AVGTOOLBAR
2008-10-27 22:19 . 2008-10-27 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-10-27 22:19 . 2008-10-27 22:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-10-27 22:19 . 2008-10-27 22:19 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-10-27 22:19 . 2008-10-27 22:19 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-10-27 22:19 . 2008-10-27 22:19 10,520 --a------ c:\windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 15:34 47,568,928 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-27 15:33 --------- d-----w c:\documents and settings\Miftahul\Application Data\DMCache
2008-11-27 15:31 33,280,203 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-27 15:30 561,512 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-27 15:22 --------- d-----w c:\documents and settings\Miftahul\Application Data\BitTorrent
2008-11-25 04:24 39,995 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_11_25_12_21_13_small.dmp.zip
2008-11-21 14:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-09 03:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-31 17:37 --------- d-----w c:\documents and settings\Miftahul\Application Data\dvdcss
2008-10-29 15:42 662,528 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2008-10-29 15:42 4,654,080 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2008-10-28 13:16 4,648,960 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-10-28 13:16 3,257,856 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-10-27 06:18 --------- d-----w c:\program files\MoSo Anti-Malware
2008-10-26 01:09 --------- d-----w c:\documents and settings\Khairun\Application Data\Malwarebytes
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-22 08:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 08:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-21 12:45 44,357 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_10_21_16_24_36_small.dmp.zip
2008-10-20 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2008-10-20 11:20 --------- d-----w c:\documents and settings\Miftahul\Application Data\Malwarebytes
2008-10-20 11:20 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-19 13:04 --------- d-----w c:\program files\Trend Micro
2008-10-19 12:50 4,574,720 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-10-19 12:50 1,706,496 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-10-19 00:30 4,573,184 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-10-19 00:30 3,652,096 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-10-18 16:47 102,400 ----a-w c:\windows\DUMP5004.tmp
2008-10-18 16:42 102,400 ----a-w c:\windows\DUMP6ea8.tmp
2008-10-18 05:18 --------- d-----w c:\program files\Panda Security
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 06:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 06:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 23:15 --------- d-----w c:\program files\Java
2008-10-14 12:29 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-10-13 12:24 2,784 ----a-w c:\windows\system32\drivers\IsDrv122.tmp
2008-10-13 11:34 3,348,480 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-10-13 11:32 --------- d-----w c:\program files\Enigma Software Group
2008-10-13 10:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-13 08:47 --------- d-----w c:\program files\Lavasoft
2008-10-13 08:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-13 08:29 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-11 15:38 4,541,952 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-10-09 15:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-09 15:32 --------- d-----w c:\program files\VUGames
2008-10-09 15:30 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-09 15:29 --------- d-----w c:\program files\FlashGet
2008-10-04 17:36 --------- d-----w c:\documents and settings\Miftahul\Application Data\mIRC
2008-10-04 16:51 --------- d-----w c:\program files\mIRC
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 08:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 22:43 4,224 ----a-w c:\windows\system32\dllcache\beep.sys
2008-09-21 08:46 4,458,496 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-09-21 08:46 3,657,728 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2007-12-14 09:05 39,440 -c--a-w c:\documents and settings\Khairun\Application Data\GDIPFONTCACHEV1.DAT
2007-10-16 12:33 39,440 -c--a-w c:\documents and settings\Miftahul\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 931760]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2008-04-30 587568]
"Google Update"="c:\documents and settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-05-23 100056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-11 286720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2005-09-22 425984]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-17 397312]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2005-09-30 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-27 1235736]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-23 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-10-27 12936]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-02-05 85888]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-18 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-27 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
R2 int15.sys;int15.sys;\??\c:\acer\Empowering Technology\eRecovery\int15.sys [2007-05-11 69632]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2007-07-30 219264]
.
Contents of the 'Scheduled Tasks' folder

2008-11-27 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 20:33]

2008-11-21 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Miftahul.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 12:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 23:32:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Miftahul\LOCALS~1\Temp\BIT5.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-11-27 23:36:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-27 15:36:46
ComboFix2.txt 2008-11-22 16:40:51
ComboFix3.txt 2008-10-19 13:33:29

Pre-Run: 40,682,323,968 bytes free
Post-Run: 40,892,682,240 bytes free

242 --- E O F --- 2008-11-12 09:03:06



SDfix Report:


SDFix: Version 1.240
Run by Miftahul on Fri 11/28/2008 at 12:16 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 00:36:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:58,11,12,59,1f,1c,12,ec,88,af,0d,66,85,1d,01,38,cc,16,d7,29,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,24,15,3f,fe,f9,67,a2,91,b9,18,c2,ef,a8,9f,86,17,..
"khjeh"=hex:a0,ed,0c,65,54,25,ba,7e,5d,64,7c,31,81,dd,c8,e1,d6,52,18,7e,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:62,b5,a0,39,28,e5,17,66,47,e7,f8,0c,53,68,6c,08,93,db,04,f4,b2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:58,11,12,59,1f,1c,12,ec,88,af,0d,66,85,1d,01,38,cc,16,d7,29,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,24,15,3f,fe,f9,67,a2,91,b9,18,c2,ef,a8,9f,86,17,..
"khjeh"=hex:a0,ed,0c,65,54,25,ba,7e,5d,64,7c,31,81,dd,c8,e1,d6,52,18,7e,99,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:62,b5,a0,39,28,e5,17,66,47,e7,f8,0c,53,68,6c,08,93,db,04,f4,b2,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000307
"TracesSuccessful"=dword:00000016
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A0D62AF7-7965-B7D4-036C-FEE2F0636E19}]
"iabmejfkkdmndmagbg"=hex:6a,61,6b,64,70,64,64,66,64,65,66,69,70,6f,61,70,62,65,6d,6d,00,..
"hadmchdnjmbegimb"=hex:6a,61,6b,64,70,64,64,66,64,65,66,69,70,6f,61,70,62,65,6d,6d,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\AVG\\AVG8\\avgam.exe"="C:\\Program Files\\AVG\\AVG8\\avgam.exe:*:Enabled:avgam.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 29 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 29 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Tue 29 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Tue 29 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Tue 29 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Tue 18 Mar 2008 104,960 ...H. --- "C:\Documents and Settings\Khairun\My Documents\~WRL0991.tmp"
Sun 16 Mar 2008 99,840 ...H. --- "C:\Documents and Settings\Khairun\My Documents\~WRL1383.tmp"
Tue 18 Mar 2008 105,472 ...H. --- "C:\Documents and Settings\Khairun\My Documents\~WRL3801.tmp"
Fri 11 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 26 Jan 2008 444 ...HR --- "C:\Documents and Settings\Miftahul\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!





Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, November 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 27, 2008 22:54:05
Records in database: 1422378
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 86917
Threat name: 3
Infected objects: 15
Suspicious objects: 0
Duration of the scan: 01:55:14


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
C:\Program Files\Norton AntiVirus\Quarantine\03F4678F.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\22AB367F.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\24E63423.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\26136447.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\29B32540.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\3D9E05B8.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\47125879.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\47192C71.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\48251F4B.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\4C5328A5.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\4D5C338D.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\5E8B7422.htm Infected: Exploit.JS.Agent.vp 1
C:\Program Files\Norton AntiVirus\Quarantine\7ED91171.htm Infected: Exploit.JS.Agent.vp 1
C:\WINDOWS\system32\drivers\IsDrv122.tmp Infected: Rootkit.Win32.Agent.eow 1

The selected area was scanned.



Aside from not being to open up my task manager, my system is behaving normally. I could use it without any problem, but its just annoying not being able to open up my task manager to kill tasks...

Thanks a lot Sam, appreciate all the effort you have put in... :thumbsup:

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:55 AM

Posted 29 November 2008 - 10:15 AM

We'll get that fixed for you. Let's remove the one file that concerns me in your Kaspersky scan

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\drivers\IsDrv122.tmp
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



=======================



Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"**del.DisableTaskMgr"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DisableCAD"=dword:00000000
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.



Reboot and check to see if your task manager works.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 mmkbad

mmkbad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 30 November 2008 - 11:50 AM

I've run both things you've asked me to.
Here is the combofix log:

ComboFix 08-11-29.03 - Miftahul 2008-11-30 15:07:10.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1192 [GMT 8:00]
Running from: c:\documents and settings\Miftahul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miftahul\Desktop\cfscript.txt
* Created a new restore point

FILE ::
c:\windows\system32\drivers\IsDrv122.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\IsDrv122.tmp

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-30 12:41 . 2008-11-30 12:41 <DIR> d--h----- c:\windows\PIF
2008-11-28 00:13 . 2008-11-28 00:13 <DIR> d-------- c:\windows\ERUNT
2008-11-28 00:09 . 2008-11-28 00:38 <DIR> d-------- C:\SDFix
2008-11-12 17:00 . 2008-11-12 17:00 1,393 --a------ c:\windows\imsins.BAK
2008-11-11 22:42 . 2008-11-11 22:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-11-11 22:06 . 2008-11-11 22:06 <DIR> d-------- c:\program files\Electronic Arts
2008-11-11 22:06 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-11-11 22:06 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-11-11 22:06 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2008-11-11 22:06 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-11-11 22:05 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-11-11 22:05 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-11-11 22:05 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2008-11-11 22:05 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-11-11 22:05 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-11-11 22:05 . 2007-03-05 12:42 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-10-31 15:03 . 2008-10-31 15:29 <DIR> d-------- c:\documents and settings\Guest\Application Data\AVGTOOLBAR
2008-10-30 21:14 . 2008-11-03 17:19 <DIR> d-------- c:\documents and settings\Khairun\Application Data\AVGTOOLBAR
2008-10-28 21:15 . 2008-11-22 18:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-28 06:12 . 2008-11-05 14:05 <DIR> d-------- c:\documents and settings\Ahmad Dini\Application Data\AVGTOOLBAR
2008-10-27 22:19 . 2008-11-21 21:28 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-10-27 22:19 . 2008-10-27 22:19 <DIR> d-------- c:\program files\AVG
2008-10-27 22:19 . 2008-10-28 21:54 <DIR> d-------- c:\documents and settings\Miftahul\Application Data\AVGTOOLBAR
2008-10-27 22:19 . 2008-10-27 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-10-27 22:19 . 2008-10-27 22:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-10-27 22:19 . 2008-10-27 22:19 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-10-27 22:19 . 2008-10-27 22:19 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-10-27 22:19 . 2008-10-27 22:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-10-26 09:09 . 2008-10-26 09:09 <DIR> d-------- c:\documents and settings\Khairun\Application Data\Malwarebytes
2008-10-26 01:48 . 2008-10-27 14:18 <DIR> d-------- c:\program files\MoSo Anti-Malware
2008-10-20 20:17 . 2008-10-20 20:17 288 --a------ c:\windows\system32\qrpvwboc.nls
2008-10-20 20:17 . 2008-10-20 20:17 288 --a------ c:\windows\system32\ahrtmmmm.nls
2008-10-20 20:16 . 2008-10-20 20:16 288 --a------ c:\windows\system32\gjnpghqt.nls
2008-10-20 20:15 . 2008-10-20 20:15 428 --a------ c:\windows\system32\vtlrqoac.nls
2008-10-20 20:15 . 2008-10-20 20:15 428 --a------ c:\windows\system32\lljtauds.nls
2008-10-20 20:14 . 2008-10-20 20:14 428 --a------ c:\windows\system32\buhvkafj.nls
2008-10-20 19:20 . 2008-11-21 22:25 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-20 19:20 . 2008-10-20 19:20 <DIR> d-------- c:\documents and settings\Miftahul\Application Data\Malwarebytes
2008-10-20 19:20 . 2008-10-20 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-20 19:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-20 19:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-19 23:55 . 2008-10-19 23:55 288 --a------ c:\windows\system32\ohgcwykg.nls
2008-10-19 23:54 . 2008-10-19 23:54 288 --a------ c:\windows\system32\dnpwrwxr.nls
2008-10-19 23:53 . 2008-10-19 23:53 428 --a------ c:\windows\system32\sfnqbcih.nls
2008-10-19 23:53 . 2008-10-19 23:53 428 --a------ c:\windows\system32\mzulsygu.nls
2008-10-19 23:53 . 2008-10-19 23:53 428 --a------ c:\windows\system32\mgfsvwqj.nls
2008-10-19 23:53 . 2008-10-19 23:53 288 --a------ c:\windows\system32\zvbcexvq.nls
2008-10-19 23:53 . 2008-10-19 23:53 288 --a------ c:\windows\system32\gbuomtxe.nls
2008-10-19 23:21 . 2008-10-20 20:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2008-10-19 21:04 . 2008-10-19 21:04 <DIR> d-------- c:\program files\Trend Micro
2008-10-19 20:05 . 2008-10-19 20:05 288 --a------ c:\windows\system32\jhaokinc.nls
2008-10-19 20:04 . 2008-10-19 20:04 288 --a------ c:\windows\system32\ulhvnfqc.nls
2008-10-19 20:03 . 2008-10-19 20:03 288 --a------ c:\windows\system32\hsljmlaa.nls
2008-10-19 20:02 . 2008-10-19 20:02 428 --a------ c:\windows\system32\cxrpkdjb.nls
2008-10-19 20:02 . 2008-10-19 20:02 288 --a------ c:\windows\system32\wcjlwrkq.nls
2008-10-19 20:01 . 2008-10-19 20:01 428 --a------ c:\windows\system32\pemecjah.nls
2008-10-19 20:01 . 2008-10-19 20:01 428 --a------ c:\windows\system32\eokglqdx.nls
2008-10-19 19:04 . 2008-10-19 19:04 288 --a------ c:\windows\system32\rjtxjlxc.nls
2008-10-19 19:02 . 2008-10-19 19:02 428 --a------ c:\windows\system32\yuolkulq.nls
2008-10-19 19:02 . 2008-10-19 19:02 288 --a------ c:\windows\system32\ombujyss.nls
2008-10-19 19:02 . 2008-10-19 19:02 288 --a------ c:\windows\system32\cfxxrkim.nls
2008-10-19 19:01 . 2008-10-19 19:01 428 --a------ c:\windows\system32\xjopsnnu.nls
2008-10-19 19:01 . 2008-10-19 19:01 428 --a------ c:\windows\system32\kckabavo.nls
2008-10-19 18:03 . 2008-10-19 18:03 288 --a------ c:\windows\system32\nfrzmxjy.nls
2008-10-19 18:01 . 2008-10-19 18:01 428 --a------ c:\windows\system32\ypuguvkd.nls
2008-10-19 18:01 . 2008-10-19 18:01 428 --a------ c:\windows\system32\eocdibbs.nls
2008-10-19 18:01 . 2008-10-19 18:01 428 --a------ c:\windows\system32\btlekytx.nls
2008-10-19 18:01 . 2008-10-19 18:01 288 --a------ c:\windows\system32\rkjblzqp.nls
2008-10-19 18:01 . 2008-10-19 18:01 288 --a------ c:\windows\system32\opsdvwiu.nls
2008-10-19 18:01 . 2008-10-19 18:01 288 --a------ c:\windows\system32\ijhrntog.nls
2008-10-19 16:04 . 2008-10-19 16:04 288 --a------ c:\windows\system32\jigfwnjq.nls
2008-10-19 16:03 . 2008-10-19 16:03 288 --a------ c:\windows\system32\vlvthkly.nls
2008-10-19 16:02 . 2008-10-19 16:02 288 --a------ c:\windows\system32\kdwhcbkv.nls
2008-10-19 16:02 . 2008-10-19 16:02 288 --a------ c:\windows\system32\htriyqvw.nls
2008-10-19 16:01 . 2008-10-19 16:01 428 --a------ c:\windows\system32\zncbmimm.nls
2008-10-19 16:00 . 2008-10-19 16:00 428 --a------ c:\windows\system32\muyxdows.nls
2008-10-19 16:00 . 2008-10-19 16:00 428 --a------ c:\windows\system32\cewrnuga.nls
2008-10-19 15:12 . 2008-10-19 15:12 288 --a------ c:\windows\system32\ylskavqx.nls
2008-10-19 15:11 . 2008-10-19 15:11 288 --a------ c:\windows\system32\gefusrbl.nls
2008-10-19 15:10 . 2008-10-19 15:10 288 --a------ c:\windows\system32\slbijfkr.nls
2008-10-19 15:09 . 2008-10-19 15:09 428 --a------ c:\windows\system32\vdczlreo.nls
2008-10-19 15:09 . 2008-10-19 15:09 288 --a------ c:\windows\system32\ivhltlni.nls
2008-10-19 15:08 . 2008-10-19 15:08 428 --a------ c:\windows\system32\kuabufhx.nls
2008-10-19 15:08 . 2008-10-19 15:08 428 --a------ c:\windows\system32\aeydemrn.nls
2008-10-19 15:04 . 2008-10-19 15:04 288 --a------ c:\windows\system32\qcjtrjdt.nls
2008-10-19 15:03 . 2008-10-19 15:03 288 --a------ c:\windows\system32\ychbedxy.nls
2008-10-19 15:02 . 2008-10-19 15:02 288 --a------ c:\windows\system32\oufdojzg.nls
2008-10-19 15:01 . 2008-10-19 15:01 428 --a------ c:\windows\system32\atmlqanb.nls
2008-10-19 15:01 . 2008-10-19 15:01 288 --a------ c:\windows\system32\rwktjvng.nls
2008-10-19 15:00 . 2008-10-19 15:00 428 --a------ c:\windows\system32\tyxxvlgx.nls
2008-10-19 15:00 . 2008-10-19 15:00 428 --a------ c:\windows\system32\maqahowz.nls
2008-10-19 14:13 . 2008-10-19 14:13 288 --a------ c:\windows\system32\egvlklam.nls
2008-10-19 14:11 . 2008-10-19 14:11 288 --a------ c:\windows\system32\sqelohdi.nls
2008-10-19 14:10 . 2008-10-19 14:10 288 --a------ c:\windows\system32\uigcpbxx.nls
2008-10-19 14:10 . 2008-10-19 14:10 288 --a------ c:\windows\system32\iacfxvnz.nls
2008-10-19 14:09 . 2008-10-19 14:09 428 --a------ c:\windows\system32\aungdfeh.nls
2008-10-19 14:08 . 2008-10-19 14:08 428 --a------ c:\windows\system32\twqzixuq.nls
2008-10-19 14:08 . 2008-10-19 14:08 428 --a------ c:\windows\system32\qmlinugy.nls
2008-10-19 14:02 . 2008-10-19 14:02 288 --a------ c:\windows\system32\nqtrdwnm.nls
2008-10-19 14:00 . 2008-10-19 14:00 428 --a------ c:\windows\system32\yqaeoafy.nls
2008-10-19 14:00 . 2008-10-19 14:00 428 --a------ c:\windows\system32\vyvksbdy.nls
2008-10-19 14:00 . 2008-10-19 14:00 428 --a------ c:\windows\system32\skpsfeml.nls
2008-10-19 14:00 . 2008-10-19 14:00 288 --a------ c:\windows\system32\zuayftqm.nls
2008-10-19 14:00 . 2008-10-19 14:00 288 --a------ c:\windows\system32\ppythbdq.nls
2008-10-19 14:00 . 2008-10-19 14:00 288 --a------ c:\windows\system32\iknphycc.nls
2008-10-19 12:33 . 2008-10-19 12:33 288 --a------ c:\windows\system32\xxphadwv.nls
2008-10-19 12:31 . 2008-10-19 12:31 288 --a------ c:\windows\system32\vaprrvnt.nls
2008-10-19 12:31 . 2008-10-19 12:31 288 --a------ c:\windows\system32\lsntbcpk.nls
2008-10-19 12:30 . 2008-10-19 12:30 428 --a------ c:\windows\system32\njpkkwjy.nls
2008-10-19 12:30 . 2008-10-19 12:30 288 --a------ c:\windows\system32\xrriaqhi.nls
2008-10-19 12:29 . 2008-10-19 12:29 428 --a------ c:\windows\system32\dtnmuclp.nls
2008-10-19 12:28 . 2008-10-19 12:28 428 --a------ c:\windows\system32\fdsdqoap.nls
2008-10-19 11:33 . 2008-10-19 11:33 288 --a------ c:\windows\system32\wfhikvjv.nls
2008-10-19 11:31 . 2008-10-19 11:31 288 --a------ c:\windows\system32\uxdspvnr.nls
2008-10-19 11:31 . 2008-10-19 11:31 288 --a------ c:\windows\system32\egfqfpda.nls
2008-10-19 11:30 . 2008-10-19 11:30 428 --a------ c:\windows\system32\zzzojqsq.nls
2008-10-19 11:30 . 2008-10-19 11:30 288 --a------ c:\windows\system32\gfhhgjxw.nls
2008-10-19 11:29 . 2008-10-19 11:29 428 --a------ c:\windows\system32\fmgsxuza.nls
2008-10-19 11:28 . 2008-10-19 11:28 428 --a------ c:\windows\system32\vdeuhbbr.nls
2008-10-19 10:32 . 2008-10-19 10:32 288 --a------ c:\windows\system32\urvaqbzf.nls
2008-10-19 10:30 . 2008-10-19 10:30 288 --a------ c:\windows\system32\cgpijezh.nls
2008-10-19 10:29 . 2008-10-19 10:29 428 --a------ c:\windows\system32\klulsuuj.nls
2008-10-19 10:29 . 2008-10-19 10:29 288 --a------ c:\windows\system32\rynkskjx.nls
2008-10-19 10:29 . 2008-10-19 10:29 288 --a------ c:\windows\system32\hilmcrlo.nls
2008-10-19 10:28 . 2008-10-19 10:28 428 --a------ c:\windows\system32\rqnpbxno.nls

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 07:10 --------- d-----w c:\documents and settings\Miftahul\Application Data\DMCache
2008-11-30 03:28 --------- d-----w c:\documents and settings\Miftahul\Application Data\BitTorrent
2008-11-30 03:26 562,064 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-30 03:26 47,722,528 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-27 15:31 33,280,203 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-25 04:24 39,995 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_11_25_12_21_13_small.dmp.zip
2008-10-31 17:37 --------- d-----w c:\documents and settings\Miftahul\Application Data\dvdcss
2008-10-29 15:42 662,528 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2008-10-29 15:42 4,654,080 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2008-10-28 13:16 4,648,960 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-10-28 13:16 3,257,856 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-21 12:45 44,357 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_10_21_16_24_36_small.dmp.zip
2008-10-19 12:50 4,574,720 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-10-19 12:50 1,706,496 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-10-19 00:30 4,573,184 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-10-19 00:30 3,652,096 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-10-18 16:47 102,400 ----a-w c:\windows\DUMP5004.tmp
2008-10-18 16:42 102,400 ----a-w c:\windows\DUMP6ea8.tmp
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 06:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 06:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 23:15 --------- d-----w c:\program files\Java
2008-10-13 11:34 3,348,480 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-10-13 11:32 --------- d-----w c:\program files\Enigma Software Group
2008-10-13 08:47 --------- d-----w c:\program files\Lavasoft
2008-10-13 08:29 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-11 15:38 4,541,952 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-10-09 15:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-09 15:32 --------- d-----w c:\program files\VUGames
2008-10-09 15:30 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-09 15:29 --------- d-----w c:\program files\FlashGet
2008-10-04 17:36 --------- d-----w c:\documents and settings\Miftahul\Application Data\mIRC
2008-10-04 16:51 --------- d-----w c:\program files\mIRC
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 08:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 22:43 4,224 ----a-w c:\windows\system32\dllcache\beep.sys
2008-09-21 08:46 4,458,496 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-09-21 08:46 3,657,728 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ----a-w c:\windows\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-08-16 10:36 4,285,440 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-08-16 10:36 3,471,872 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-08-14 10:00 2,180,352 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ----a-w c:\windows\system32\dllcache\ntkrpamp.exe
2008-08-13 13:28 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-08-08 14:35 3,239,936 ----a-w c:\windows\Internet Logs\xDB6D.tmp
2008-08-08 14:34 4,271,104 ----a-w c:\windows\Internet Logs\xDB6E.tmp
2007-12-14 09:05 39,440 -c--a-w c:\documents and settings\Khairun\Application Data\GDIPFONTCACHEV1.DAT
2007-10-16 12:33 39,440 -c--a-w c:\documents and settings\Miftahul\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-11-23_ 0.39.30.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-11-27 16:13:43 8,798,208 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-11-27 16:13:43 397,312 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-11-27 16:13:42 8,798,208 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-11-27 16:13:42 397,312 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 931760]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2008-04-30 587568]
"Google Update"="c:\documents and settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-05-23 100056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-11 286720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2005-09-22 425984]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-17 397312]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2005-09-30 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-27 1235736]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-23 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-10-27 12936]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-02-05 85888]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-18 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-27 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2007-07-30 219264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\weiai.exe
\Shell\Explore\Command -
\Shell\Open\Command -

*Newly Created Service* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder

2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 20:33]

2008-11-21 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Miftahul.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 12:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 15:10:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-11-30 15:11:43
ComboFix-quarantined-files.txt 2008-11-30 07:11:39
ComboFix2.txt 2008-11-30 03:14:08
ComboFix3.txt 2008-11-27 15:36:58
ComboFix4.txt 2008-11-22 16:40:51
ComboFix5.txt 2008-11-30 07:06:04

Pre-Run: 44,751,327,232 bytes free
Post-Run: 44,774,617,088 bytes free

328 --- E O F --- 2008-11-12 09:03:06



i've done the fixme.reg but my task manager still wont work. Any other suggestions?
Just curious, what was the file that you asked me to remove? Was it very bad?

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:55 AM

Posted 30 November 2008 - 12:01 PM

It was part of a rootkit infection that is hiding the main malware files from us.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\windows\system32\ahrtmmmm.nls
c:\windows\system32\gjnpghqt.nls
c:\windows\system32\vtlrqoac.nls
c:\windows\system32\lljtauds.nls
c:\windows\system32\buhvkafj.nls
c:\windows\system32\ohgcwykg.nls
c:\windows\system32\dnpwrwxr.nls
c:\windows\system32\sfnqbcih.nls
c:\windows\system32\mzulsygu.nls
c:\windows\system32\mgfsvwqj.nls
c:\windows\system32\zvbcexvq.nls
c:\windows\system32\gbuomtxe.nls
c:\windows\system32\jhaokinc.nls
c:\windows\system32\ulhvnfqc.nls
c:\windows\system32\hsljmlaa.nls
c:\windows\system32\cxrpkdjb.nls
c:\windows\system32\wcjlwrkq.nls
c:\windows\system32\pemecjah.nls
c:\windows\system32\eokglqdx.nls
c:\windows\system32\rjtxjlxc.nls
c:\windows\system32\yuolkulq.nls
c:\windows\system32\ombujyss.nls
c:\windows\system32\cfxxrkim.nls
c:\windows\system32\xjopsnnu.nls
c:\windows\system32\kckabavo.nls
c:\windows\system32\nfrzmxjy.nls
c:\windows\system32\ypuguvkd.nls
c:\windows\system32\eocdibbs.nls
c:\windows\system32\btlekytx.nls
c:\windows\system32\rkjblzqp.nls
c:\windows\system32\opsdvwiu.nls
c:\windows\system32\ijhrntog.nls
c:\windows\system32\jigfwnjq.nls
c:\windows\system32\vlvthkly.nls
c:\windows\system32\kdwhcbkv.nls
c:\windows\system32\htriyqvw.nls
c:\windows\system32\zncbmimm.nls
c:\windows\system32\muyxdows.nls
c:\windows\system32\cewrnuga.nls
c:\windows\system32\ylskavqx.nls
c:\windows\system32\gefusrbl.nls
c:\windows\system32\slbijfkr.nls
c:\windows\system32\vdczlreo.nls
c:\windows\system32\ivhltlni.nls
c:\windows\system32\kuabufhx.nls
c:\windows\system32\aeydemrn.nls
c:\windows\system32\qcjtrjdt.nls
c:\windows\system32\ychbedxy.nls
c:\windows\system32\oufdojzg.nls
c:\windows\system32\atmlqanb.nls
c:\windows\system32\rwktjvng.nls
c:\windows\system32\tyxxvlgx.nls
c:\windows\system32\maqahowz.nls
c:\windows\system32\egvlklam.nls
c:\windows\system32\sqelohdi.nls
c:\windows\system32\uigcpbxx.nls
c:\windows\system32\iacfxvnz.nls
c:\windows\system32\aungdfeh.nls
c:\windows\system32\twqzixuq.nls
c:\windows\system32\qmlinugy.nls
c:\windows\system32\nqtrdwnm.nls
c:\windows\system32\yqaeoafy.nls
c:\windows\system32\vyvksbdy.nls
c:\windows\system32\skpsfeml.nls
c:\windows\system32\zuayftqm.nls
c:\windows\system32\ppythbdq.nls
c:\windows\system32\iknphycc.nls
c:\windows\system32\xxphadwv.nls
c:\windows\system32\vaprrvnt.nls
c:\windows\system32\lsntbcpk.nls
c:\windows\system32\njpkkwjy.nls
c:\windows\system32\xrriaqhi.nls
c:\windows\system32\dtnmuclp.nls
c:\windows\system32\fdsdqoap.nls
c:\windows\system32\wfhikvjv.nls
c:\windows\system32\uxdspvnr.nls
c:\windows\system32\egfqfpda.nls
c:\windows\system32\zzzojqsq.nls
c:\windows\system32\gfhhgjxw.nls
c:\windows\system32\fmgsxuza.nls
c:\windows\system32\vdeuhbbr.nls
c:\windows\system32\urvaqbzf.nls
c:\windows\system32\cgpijezh.nls
c:\windows\system32\klulsuuj.nls
c:\windows\system32\rynkskjx.nls
c:\windows\system32\hilmcrlo.nls
c:\windows\system32\rqnpbxno.nls
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 mmkbad

mmkbad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 30 November 2008 - 10:00 PM

That sounds bad....

Anyway, here is the ComboFix log after running through the instructions you've given:

ComboFix 08-11-29.03 - Miftahul 2008-12-01 10:33:31.11 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1508 [GMT 8:00]
Running from: c:\documents and settings\Miftahul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miftahul\Desktop\cfscript.txt
* Created a new restore point

FILE ::
c:\windows\system32\aeydemrn.nls
c:\windows\system32\ahrtmmmm.nls
c:\windows\system32\atmlqanb.nls
c:\windows\system32\aungdfeh.nls
c:\windows\system32\btlekytx.nls
c:\windows\system32\buhvkafj.nls
c:\windows\system32\cewrnuga.nls
c:\windows\system32\cfxxrkim.nls
c:\windows\system32\cgpijezh.nls
c:\windows\system32\cxrpkdjb.nls
c:\windows\system32\dnpwrwxr.nls
c:\windows\system32\dtnmuclp.nls
c:\windows\system32\egfqfpda.nls
c:\windows\system32\egvlklam.nls
c:\windows\system32\eocdibbs.nls
c:\windows\system32\eokglqdx.nls
c:\windows\system32\fdsdqoap.nls
c:\windows\system32\fmgsxuza.nls
c:\windows\system32\gbuomtxe.nls
c:\windows\system32\gefusrbl.nls
c:\windows\system32\gfhhgjxw.nls
c:\windows\system32\gjnpghqt.nls
c:\windows\system32\hilmcrlo.nls
c:\windows\system32\hsljmlaa.nls
c:\windows\system32\htriyqvw.nls
c:\windows\system32\iacfxvnz.nls
c:\windows\system32\ijhrntog.nls
c:\windows\system32\iknphycc.nls
c:\windows\system32\ivhltlni.nls
c:\windows\system32\jhaokinc.nls
c:\windows\system32\jigfwnjq.nls
c:\windows\system32\kckabavo.nls
c:\windows\system32\kdwhcbkv.nls
c:\windows\system32\klulsuuj.nls
c:\windows\system32\kuabufhx.nls
c:\windows\system32\lljtauds.nls
c:\windows\system32\lsntbcpk.nls
c:\windows\system32\maqahowz.nls
c:\windows\system32\mgfsvwqj.nls
c:\windows\system32\muyxdows.nls
c:\windows\system32\mzulsygu.nls
c:\windows\system32\nfrzmxjy.nls
c:\windows\system32\njpkkwjy.nls
c:\windows\system32\nqtrdwnm.nls
c:\windows\system32\ohgcwykg.nls
c:\windows\system32\ombujyss.nls
c:\windows\system32\opsdvwiu.nls
c:\windows\system32\oufdojzg.nls
c:\windows\system32\pemecjah.nls
c:\windows\system32\ppythbdq.nls
c:\windows\system32\qcjtrjdt.nls
c:\windows\system32\qmlinugy.nls
c:\windows\system32\rjtxjlxc.nls
c:\windows\system32\rkjblzqp.nls
c:\windows\system32\rqnpbxno.nls
c:\windows\system32\rwktjvng.nls
c:\windows\system32\rynkskjx.nls
c:\windows\system32\sfnqbcih.nls
c:\windows\system32\skpsfeml.nls
c:\windows\system32\slbijfkr.nls
c:\windows\system32\sqelohdi.nls
c:\windows\system32\twqzixuq.nls
c:\windows\system32\tyxxvlgx.nls
c:\windows\system32\uigcpbxx.nls
c:\windows\system32\ulhvnfqc.nls
c:\windows\system32\urvaqbzf.nls
c:\windows\system32\uxdspvnr.nls
c:\windows\system32\vaprrvnt.nls
c:\windows\system32\vdczlreo.nls
c:\windows\system32\vdeuhbbr.nls
c:\windows\system32\vlvthkly.nls
c:\windows\system32\vtlrqoac.nls
c:\windows\system32\vyvksbdy.nls
c:\windows\system32\wcjlwrkq.nls
c:\windows\system32\wfhikvjv.nls
c:\windows\system32\xjopsnnu.nls
c:\windows\system32\xrriaqhi.nls
c:\windows\system32\xxphadwv.nls
c:\windows\system32\ychbedxy.nls
c:\windows\system32\ylskavqx.nls
c:\windows\system32\ypuguvkd.nls
c:\windows\system32\yqaeoafy.nls
c:\windows\system32\yuolkulq.nls
c:\windows\system32\zncbmimm.nls
c:\windows\system32\zuayftqm.nls
c:\windows\system32\zvbcexvq.nls
c:\windows\system32\zzzojqsq.nls
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\aeydemrn.nls
c:\windows\system32\ahrtmmmm.nls
c:\windows\system32\atmlqanb.nls
c:\windows\system32\aungdfeh.nls
c:\windows\system32\btlekytx.nls
c:\windows\system32\buhvkafj.nls
c:\windows\system32\cewrnuga.nls
c:\windows\system32\cfxxrkim.nls
c:\windows\system32\cgpijezh.nls
c:\windows\system32\cxrpkdjb.nls
c:\windows\system32\dnpwrwxr.nls
c:\windows\system32\dtnmuclp.nls
c:\windows\system32\egfqfpda.nls
c:\windows\system32\egvlklam.nls
c:\windows\system32\eocdibbs.nls
c:\windows\system32\eokglqdx.nls
c:\windows\system32\fdsdqoap.nls
c:\windows\system32\fmgsxuza.nls
c:\windows\system32\gbuomtxe.nls
c:\windows\system32\gefusrbl.nls
c:\windows\system32\gfhhgjxw.nls
c:\windows\system32\gjnpghqt.nls
c:\windows\system32\hilmcrlo.nls
c:\windows\system32\hsljmlaa.nls
c:\windows\system32\htriyqvw.nls
c:\windows\system32\iacfxvnz.nls
c:\windows\system32\ijhrntog.nls
c:\windows\system32\iknphycc.nls
c:\windows\system32\ivhltlni.nls
c:\windows\system32\jhaokinc.nls
c:\windows\system32\jigfwnjq.nls
c:\windows\system32\kckabavo.nls
c:\windows\system32\kdwhcbkv.nls
c:\windows\system32\klulsuuj.nls
c:\windows\system32\kuabufhx.nls
c:\windows\system32\lljtauds.nls
c:\windows\system32\lsntbcpk.nls
c:\windows\system32\maqahowz.nls
c:\windows\system32\mgfsvwqj.nls
c:\windows\system32\muyxdows.nls
c:\windows\system32\mzulsygu.nls
c:\windows\system32\nfrzmxjy.nls
c:\windows\system32\njpkkwjy.nls
c:\windows\system32\nqtrdwnm.nls
c:\windows\system32\ohgcwykg.nls
c:\windows\system32\ombujyss.nls
c:\windows\system32\opsdvwiu.nls
c:\windows\system32\oufdojzg.nls
c:\windows\system32\pemecjah.nls
c:\windows\system32\ppythbdq.nls
c:\windows\system32\qcjtrjdt.nls
c:\windows\system32\qmlinugy.nls
c:\windows\system32\rjtxjlxc.nls
c:\windows\system32\rkjblzqp.nls
c:\windows\system32\rqnpbxno.nls
c:\windows\system32\rwktjvng.nls
c:\windows\system32\rynkskjx.nls
c:\windows\system32\sfnqbcih.nls
c:\windows\system32\skpsfeml.nls
c:\windows\system32\slbijfkr.nls
c:\windows\system32\sqelohdi.nls
c:\windows\system32\twqzixuq.nls
c:\windows\system32\tyxxvlgx.nls
c:\windows\system32\uigcpbxx.nls
c:\windows\system32\ulhvnfqc.nls
c:\windows\system32\urvaqbzf.nls
c:\windows\system32\uxdspvnr.nls
c:\windows\system32\vaprrvnt.nls
c:\windows\system32\vdczlreo.nls
c:\windows\system32\vdeuhbbr.nls
c:\windows\system32\vlvthkly.nls
c:\windows\system32\vtlrqoac.nls
c:\windows\system32\vyvksbdy.nls
c:\windows\system32\wcjlwrkq.nls
c:\windows\system32\wfhikvjv.nls
c:\windows\system32\xjopsnnu.nls
c:\windows\system32\xrriaqhi.nls
c:\windows\system32\xxphadwv.nls
c:\windows\system32\ychbedxy.nls
c:\windows\system32\ylskavqx.nls
c:\windows\system32\ypuguvkd.nls
c:\windows\system32\yqaeoafy.nls
c:\windows\system32\yuolkulq.nls
c:\windows\system32\zncbmimm.nls
c:\windows\system32\zuayftqm.nls
c:\windows\system32\zvbcexvq.nls
c:\windows\system32\zzzojqsq.nls

.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-30 12:41 . 2008-11-30 12:41 <DIR> d--h----- c:\windows\PIF
2008-11-28 00:13 . 2008-11-28 00:13 <DIR> d-------- c:\windows\ERUNT
2008-11-28 00:09 . 2008-11-28 00:38 <DIR> d-------- C:\SDFix
2008-11-12 17:00 . 2008-11-12 17:00 1,393 --a------ c:\windows\imsins.BAK
2008-11-11 22:42 . 2008-11-11 22:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-11-11 22:06 . 2008-11-11 22:06 <DIR> d-------- c:\program files\Electronic Arts
2008-11-11 22:06 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-11-11 22:06 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-11-11 22:06 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2008-11-11 22:06 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-11-11 22:05 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-11-11 22:05 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-11-11 22:05 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2008-11-11 22:05 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-11-11 22:05 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-11-11 22:05 . 2007-03-05 12:42 15,128 --a------ c:\windows\system32\x3daudio1_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 02:31 --------- d-----w c:\documents and settings\Miftahul\Application Data\DMCache
2008-12-01 02:26 --------- d-----w c:\documents and settings\Miftahul\Application Data\BitTorrent
2008-11-30 17:59 562,064 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-30 17:59 47,722,528 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-30 13:04 --------- d-----w c:\documents and settings\Miftahul\Application Data\dvdcss
2008-11-27 15:31 33,280,203 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-25 04:24 39,995 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_11_25_12_21_13_small.dmp.zip
2008-11-21 14:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-09 03:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-05 06:05 --------- d-----w c:\documents and settings\Ahmad Dini\Application Data\AVGTOOLBAR
2008-11-03 09:19 --------- d-----w c:\documents and settings\Khairun\Application Data\AVGTOOLBAR
2008-10-31 07:29 --------- d-----w c:\documents and settings\Guest\Application Data\AVGTOOLBAR
2008-10-29 15:42 662,528 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2008-10-29 15:42 4,654,080 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2008-10-28 13:54 --------- d-----w c:\documents and settings\Miftahul\Application Data\AVGTOOLBAR
2008-10-28 13:16 4,648,960 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-10-28 13:16 3,257,856 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-10-27 14:19 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-27 14:19 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-27 14:19 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2008-10-27 14:19 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-27 14:19 --------- d-----w c:\program files\AVG
2008-10-27 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-27 06:18 --------- d-----w c:\program files\MoSo Anti-Malware
2008-10-26 01:09 --------- d-----w c:\documents and settings\Khairun\Application Data\Malwarebytes
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-22 08:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 08:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-21 12:45 44,357 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_10_21_16_24_36_small.dmp.zip
2008-10-20 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2008-10-20 11:20 --------- d-----w c:\documents and settings\Miftahul\Application Data\Malwarebytes
2008-10-20 11:20 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-19 13:04 --------- d-----w c:\program files\Trend Micro
2008-10-19 12:50 4,574,720 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-10-19 12:50 1,706,496 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-10-19 00:30 4,573,184 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-10-19 00:30 3,652,096 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-10-18 16:47 102,400 ----a-w c:\windows\DUMP5004.tmp
2008-10-18 16:42 102,400 ----a-w c:\windows\DUMP6ea8.tmp
2008-10-18 05:18 --------- d-----w c:\program files\Panda Security
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 06:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 06:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 23:15 --------- d-----w c:\program files\Java
2008-10-14 12:29 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-10-13 11:34 3,348,480 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-10-13 11:32 --------- d-----w c:\program files\Enigma Software Group
2008-10-13 10:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-13 08:47 --------- d-----w c:\program files\Lavasoft
2008-10-13 08:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-13 08:29 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-11 15:38 4,541,952 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-10-09 15:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-09 15:32 --------- d-----w c:\program files\VUGames
2008-10-09 15:30 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-09 15:29 --------- d-----w c:\program files\FlashGet
2008-10-04 17:36 --------- d-----w c:\documents and settings\Miftahul\Application Data\mIRC
2008-10-04 16:51 --------- d-----w c:\program files\mIRC
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 08:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 22:43 4,224 ----a-w c:\windows\system32\dllcache\beep.sys
2008-09-21 08:46 4,458,496 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-09-21 08:46 3,657,728 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2007-12-14 09:05 39,440 -c--a-w c:\documents and settings\Khairun\Application Data\GDIPFONTCACHEV1.DAT
2007-10-16 12:33 39,440 -c--a-w c:\documents and settings\Miftahul\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-11-23_ 0.39.30.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-11-27 16:13:43 8,798,208 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-11-27 16:13:43 397,312 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-11-27 16:13:42 8,798,208 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-11-27 16:13:42 397,312 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 931760]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2008-04-30 587568]
"Google Update"="c:\documents and settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-05-23 100056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-11 286720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2005-09-22 425984]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-17 397312]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2005-09-30 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-27 1235736]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-23 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-10-27 12936]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-02-05 85888]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-18 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-27 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2007-07-30 219264]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\weiai.exe
\Shell\Explore\Command -
\Shell\Open\Command -

*Newly Created Service* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder

2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 20:33]

2008-11-21 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Miftahul.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 12:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 10:36:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-01 10:38:03
ComboFix-quarantined-files.txt 2008-12-01 02:37:59
ComboFix2.txt 2008-11-30 07:11:45
ComboFix3.txt 2008-11-30 03:14:08
ComboFix4.txt 2008-11-27 15:36:58
ComboFix5.txt 2008-12-01 02:32:34

Pre-Run: 44,184,842,240 bytes free
Post-Run: 44,216,455,168 bytes free

397 --- E O F --- 2008-11-12 09:03:06


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:55 AM

Posted 01 December 2008 - 04:05 PM

Once more.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
L:\weiai.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 mmkbad

mmkbad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 02 December 2008 - 09:20 AM

Appreciate all the hard work you have done for me Sam.

Here is the combofix log:

ComboFix 08-11-29.03 - Miftahul 2008-12-02 21:59:36.13 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1514 [GMT 8:00]
Running from: c:\documents and settings\Miftahul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miftahul\Desktop\cfscript.txt
* Created a new restore point

FILE ::
L:\weiai.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-11-30 12:41 . 2008-11-30 12:41 <DIR> d--h----- c:\windows\PIF
2008-11-28 00:13 . 2008-11-28 00:13 <DIR> d-------- c:\windows\ERUNT
2008-11-28 00:09 . 2008-11-28 00:38 <DIR> d-------- C:\SDFix
2008-11-12 17:00 . 2008-11-12 17:00 1,393 --a------ c:\windows\imsins.BAK
2008-11-11 22:42 . 2008-11-11 22:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-11-11 22:06 . 2008-11-11 22:06 <DIR> d-------- c:\program files\Electronic Arts
2008-11-11 22:06 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-11-11 22:06 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-11-11 22:06 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2008-11-11 22:06 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-11-11 22:05 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-11-11 22:05 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-11-11 22:05 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2008-11-11 22:05 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-11-11 22:05 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-11-11 22:05 . 2007-03-05 12:42 15,128 --a------ c:\windows\system32\x3daudio1_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 14:02 --------- d-----w c:\documents and settings\Miftahul\Application Data\DMCache
2008-12-02 14:00 --------- d-----w c:\documents and settings\Miftahul\Application Data\BitTorrent
2008-12-02 13:49 562,064 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-02 13:49 47,722,528 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-01 02:42 34,002,634 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2008-11-30 13:04 --------- d-----w c:\documents and settings\Miftahul\Application Data\dvdcss
2008-11-25 04:24 39,995 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_11_25_12_21_13_small.dmp.zip
2008-11-21 14:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-09 03:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-05 06:05 --------- d-----w c:\documents and settings\Ahmad Dini\Application Data\AVGTOOLBAR
2008-11-03 09:19 --------- d-----w c:\documents and settings\Khairun\Application Data\AVGTOOLBAR
2008-10-31 07:29 --------- d-----w c:\documents and settings\Guest\Application Data\AVGTOOLBAR
2008-10-29 15:42 662,528 ----a-w c:\windows\Internet Logs\xDB1E.tmp
2008-10-29 15:42 4,654,080 ----a-w c:\windows\Internet Logs\xDB1F.tmp
2008-10-28 13:54 --------- d-----w c:\documents and settings\Miftahul\Application Data\AVGTOOLBAR
2008-10-28 13:16 4,648,960 ----a-w c:\windows\Internet Logs\xDB1D.tmp
2008-10-28 13:16 3,257,856 ----a-w c:\windows\Internet Logs\xDB1C.tmp
2008-10-27 14:19 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-27 14:19 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-27 14:19 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2008-10-27 14:19 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-27 14:19 --------- d-----w c:\program files\AVG
2008-10-27 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-27 06:18 --------- d-----w c:\program files\MoSo Anti-Malware
2008-10-26 01:09 --------- d-----w c:\documents and settings\Khairun\Application Data\Malwarebytes
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-22 08:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 08:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-21 12:45 44,357 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_10_21_16_24_36_small.dmp.zip
2008-10-20 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI
2008-10-20 11:20 --------- d-----w c:\documents and settings\Miftahul\Application Data\Malwarebytes
2008-10-20 11:20 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-19 13:04 --------- d-----w c:\program files\Trend Micro
2008-10-19 12:50 4,574,720 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2008-10-19 12:50 1,706,496 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2008-10-19 00:30 4,573,184 ----a-w c:\windows\Internet Logs\xDB19.tmp
2008-10-19 00:30 3,652,096 ----a-w c:\windows\Internet Logs\xDB18.tmp
2008-10-18 16:47 102,400 ----a-w c:\windows\DUMP5004.tmp
2008-10-18 16:42 102,400 ----a-w c:\windows\DUMP6ea8.tmp
2008-10-18 05:18 --------- d-----w c:\program files\Panda Security
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 06:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 06:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 23:15 --------- d-----w c:\program files\Java
2008-10-14 12:29 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-10-13 11:34 3,348,480 ----a-w c:\windows\Internet Logs\xDB17.tmp
2008-10-13 11:32 --------- d-----w c:\program files\Enigma Software Group
2008-10-13 10:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-13 08:47 --------- d-----w c:\program files\Lavasoft
2008-10-13 08:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-13 08:29 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-11 15:38 4,541,952 ----a-w c:\windows\Internet Logs\xDB16.tmp
2008-10-09 15:32 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-09 15:32 --------- d-----w c:\program files\VUGames
2008-10-09 15:30 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-09 15:29 --------- d-----w c:\program files\FlashGet
2008-10-04 17:36 --------- d-----w c:\documents and settings\Miftahul\Application Data\mIRC
2008-10-04 16:51 --------- d-----w c:\program files\mIRC
2008-10-03 17:41 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 08:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 22:43 4,224 ----a-w c:\windows\system32\dllcache\beep.sys
2008-09-21 08:46 4,458,496 ----a-w c:\windows\Internet Logs\xDB15.tmp
2008-09-21 08:46 3,657,728 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
2007-12-14 09:05 39,440 -c--a-w c:\documents and settings\Khairun\Application Data\GDIPFONTCACHEV1.DAT
2007-10-16 12:33 39,440 -c--a-w c:\documents and settings\Miftahul\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-11-23_ 0.39.30.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-11-27 16:13:43 8,798,208 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-11-27 16:13:43 397,312 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-11-27 16:13:42 8,798,208 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-11-27 16:13:42 397,312 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-12-21 931760]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2008-04-30 587568]
"Google Update"="c:\documents and settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-05-23 100056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-11 286720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2005-09-22 425984]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-17 397312]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2005-09-30 114688]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-27 1235736]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 c:\windows\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-23 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-10-27 12936]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-02-05 85888]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-18 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-27 90632]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2007-07-30 219264]

*Newly Created Service* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 20:33]

2008-11-21 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Miftahul.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 12:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 22:02:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-02 22:03:31
ComboFix-quarantined-files.txt 2008-12-02 14:03:27
ComboFix2.txt 2008-12-02 13:18:39
ComboFix3.txt 2008-12-01 02:38:05
ComboFix4.txt 2008-11-30 07:11:45
ComboFix5.txt 2008-12-02 13:58:50

Pre-Run: 43,898,986,496 bytes free
Post-Run: 43,862,204,416 bytes free

217 --- E O F --- 2008-11-12 09:03:06


My computer has been behaving normally all this while. I still cant open my task manager though. From the log files that i have replied so far, is my computer still infected? How did i get infected in the first place? I'm quite cautious about the files i download/receive from the internet. I'm not the only user for this computer, its shared between my family, so i'm guessing maybe one of them might have carelessly received a malicious file.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:55 AM

Posted 03 December 2008 - 09:35 AM

The log that you just posted is looking pretty good now. Starting out you had a bunch of stuff that I can't identify, so I can't really tell where this started. For that reason and since you are still having problems with your task manager I'm not 100% convinced that we've got it all. What I'd like to do is run an online virus scan and then take a look at a more detailed log to make sure you're clean and see if we can sort out your task manager.


Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.


===================



Now for the other log.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 mmkbad

mmkbad
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 07 December 2008 - 11:06 PM

Ok, here are the logs:


F-secure:
Scanning Report
Monday, December 08, 2008 01:45:38 - 11:51:13
Computer name: LIVING_ROOM
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\ K:\


--------------------------------------------------------------------------------

Result: 29 malware found
Client-IRC.Win32.mIRC (spyware)
System
Email-Worm.Win32.Zhelatin (virus)
System
Email-Worm.Win32.Zhelatin.ahm (virus)
C:\WINDOWS\SYSTEM32\WEIAI.EXE
Exploit.JS.Agent.vp (virus)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\03F4678F.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\22AB367F.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\24E63423.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\26136447.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\29B32540.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3D9E05B8.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\47125879.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\47192C71.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\48251F4B.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4C5328A5.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4D5C338D.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5E8B7422.HTM (Renamed & Submitted)
C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7ED91171.HTM (Renamed & Submitted)
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Adbrite (spyware)
System
TrackingCookie.Adinterax (spyware)
System
TrackingCookie.Adtech (spyware)
System
TrackingCookie.Advertising (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Doubleclick (spyware)
System
TrackingCookie.Mediaplex (spyware)
System
TrackingCookie.Questionmarket (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Statcounter (spyware)
System
TrackingCookie.Webtrends (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 58817
System: 3914
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 13
Deleted: 0
None: 16
Submitted: 13
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MAILFRONTIER\REGINFO.XML

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.40.0
F-Secure Blacklight: 2.4.1093
F-Secure Hydra: 2.8.8110, 2008-12-07
F-Secure Pegasus: 1.20.0, 2008-11-03
F-Secure AVP: 7.0.171, 2008-12-07
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


OTViewIT Log:
OTViewIt logfile created on: 12/8/2008 11:55:46 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Miftahul\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.20 Gb Available Physical Memory | 9.82% Memory free
3.85 Gb Paging File | 1.95 Gb Available in Paging File | 50.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.09 Gb Total Space | 34.25 Gb Free Space | 30.02% Space Free | Partition Type: NTFS
Drive D: | 114.89 Gb Total Space | 114.82 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 259.00 Gb Free Space | 55.61% Space Free | Partition Type: NTFS

Computer Name: LIVING_ROOM
Current User Name: Miftahul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/12/05 10:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/12/05 10:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2007/01/09 17:32:04 | 00,181,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
[2007/03/28 18:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
[2004/07/22 15:24:00 | 00,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[2007/01/09 17:32:02 | 00,198,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/04/18 01:42:14 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2006/04/18 01:41:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2005/09/22 04:46:56 | 00,438,272 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2008/10/27 22:19:17 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2005/01/10 12:20:22 | 00,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
[2005/01/10 12:20:42 | 00,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
[2005/09/23 05:36:20 | 14,854,144 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/01/09 17:32:02 | 00,058,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[2005/11/17 09:00:50 | 00,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
[2004/06/16 06:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[2006/07/13 13:22:50 | 00,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2004/11/03 12:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[2005/09/22 04:48:42 | 00,425,984 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaSync.exe
[2005/09/30 07:07:10 | 00,114,688 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eMode Management\AspireService.exe
[2006/07/13 13:33:14 | 00,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2008/09/03 20:33:05 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2007/02/19 22:53:52 | 00,251,576 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
[2004/06/16 06:03:26 | 00,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/06/16 06:02:54 | 00,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2007/03/12 17:01:02 | 07,633,008 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/06/10 04:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
[2008/08/23 13:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2007/12/21 07:08:12 | 00,931,760 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
[2008/12/08 11:54:00 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miftahul\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2005/09/22 04:46:56 | 00,438,272 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe -- (Acer Media Server [Auto | Running])
[2007/03/20 09:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/12/05 10:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/12/05 14:17:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2008/10/27 22:19:17 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007/01/09 17:32:02 | 00,198,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr [Auto | Running])
[2007/01/09 17:32:04 | 00,181,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/04/18 01:42:14 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
[2005/01/10 12:20:22 | 00,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE -- (navapsvc [Auto | Running])
[2005/01/10 12:20:42 | 00,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE -- (NPFMntor [Auto | Running])
[2004/12/10 13:00:50 | 00,198,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan [On_Demand | Stopped])
[2005/01/10 12:20:48 | 00,067,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService [Auto | Stopped])
[2007/03/28 18:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])
[2004/07/22 15:24:00 | 00,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/19 11:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/09/08 13:36:42 | 00,101,376 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07 [Auto | Running])
[2005/02/24 05:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])
[2004/08/04 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2007/12/05 13:26:40 | 02,782,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/05/27 10:19:11 | 00,271,360 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2008/10/27 22:19:33 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/10/27 22:19:33 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/10/27 22:19:37 | 00,012,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
[2008/10/27 22:19:36 | 00,090,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2006/11/01 18:45:14 | 00,219,264 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\BTCamDrv.sys -- (BTCAMDRV [On_Demand | Stopped])
[2005/01/08 09:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2005/01/08 09:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2001/08/17 14:06:20 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Icam5USB.sys -- (ICAM5USB [On_Demand | Stopped])
[2005/09/24 10:56:28 | 03,966,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/08/04 13:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2007/05/27 10:19:11 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2005/02/05 15:00:12 | 00,085,888 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\system32\drivers\m5287.sys -- (m5287 [Boot | Running])
[2007/07/18 16:00:00 | 00,081,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071003.035\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2007/07/18 16:00:00 | 00,865,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071003.035\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2005/01/03 05:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2 [On_Demand | Stopped])
[2005/11/29 16:32:18 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/12/10 13:00:52 | 00,336,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Running])
[2004/12/10 13:00:54 | 00,050,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [System | Running])
[2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/06/07 01:43:04 | 00,925,192 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial [On_Demand | Stopped])
[2004/07/22 15:24:00 | 00,341,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/01/05 12:29:46 | 00,715,248 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2007/07/26 09:25:12 | 00,039,808 | R--- | M] () -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter [On_Demand | Stopped])
[2007/03/28 18:41:12 | 00,011,480 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2006/09/15 22:52:12 | 00,124,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2007/03/28 18:41:14 | 00,171,928 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2007/03/28 18:41:20 | 00,037,016 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2007/11/07 00:07:07 | 00,158,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20071220.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
[2007/03/28 18:41:18 | 00,047,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])
[2007/03/28 18:41:24 | 00,018,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2007/03/28 18:41:26 | 00,266,552 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2008/10/14 20:29:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2004/12/18 09:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [System | Running])
[2005/10/21 09:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2005/03/31 04:18:40 | 00,230,400 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])
[2005/01/14 06:46:16 | 00,069,632 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchDefaultBranded"=
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{0055C089-8582-441B-A0BF-17B458C2A3A8} (HKLM) -- C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{BDF3E430-B101-42AD-A544-FADC6B084872} (HKLM) -- C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" (HKLM) -- C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
"High Definition Audio Property Page Shortcut"=HDAShCut.exe (Windows ® Server 2003 DDK provider)
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"LaunchApp"=Alaunch (Acer Inc.)
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" (Lexmark International, Inc.)
"MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe (Acer Inc.)
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"ntiMUI"=c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" ()
"Google Update"="C:\Documents and Settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" ()
"Google Update"="C:\Documents and Settings\Miftahul\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========

[2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download all links with IDM: C:\Program Files\Internet Download Manager\IEGetAll.htm [2003/10/20 18:13:13 | 00,000,283 | ---- | M] ()
Download FLV video content with IDM: C:\Program Files\Internet Download Manager\IEGetVL.htm [2007/07/02 14:19:10 | 00,000,278 | ---- | M] ()
Download with IDM: C:\Program Files\Internet Download Manager\IEExt.htm [2004/12/03 00:31:09 | 00,000,277 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 09:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 09:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 09:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\Software\Microsoft\Internet Explorer\MenuExt\]
Download all links with IDM: C:\Program Files\Internet Download Manager\IEGetAll.htm [2003/10/20 18:13:13 | 00,000,283 | ---- | M] ()
Download FLV video content with IDM: C:\Program Files\Internet Download Manager\IEGetVL.htm [2007/07/02 14:19:10 | 00,000,278 | ---- | M] ()
Download with IDM: C:\Program Files\Internet Download Manager\IEExt.htm [2004/12/03 00:31:09 | 00,000,277 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 09:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/14 00:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/14 00:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/14 00:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/14 00:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/14 00:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/14 00:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab -- QuickTime Object
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6
{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}: http://musicmix.messenger.msn.com/Medialogic.CAB -- CMediaMix Object
{23B277A1-3E02-47BB-96F5-EA365530D66F}: http://webphone.angels.com.sg/RachWeb2P.cab -- RachWeb2P
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.systemrequirementslab.com/sysreqlab2.cab -- System Requirements Lab Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1204211633515 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{9122D757-5A4F-4768-82C5-B4171D8556A7}: http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab -- PhotoPickConvert Class
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6}: http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab -- BatchDownloader Class
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_05
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CD995117-98E5-4169-9920-6C12D4C0B548}: http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab -- Reg Error: Key does not exist or could not be opened.
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF}: http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{2A1EE6BB-93A5-49FB-9E9C-9FE37E86F8ED} (Servers: | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)
{6E07958E-6F3D-42AD-A9DD-1D995BED7C90} (Servers: | Description: Windows Mobile-based Device)
{98924086-652B-4728-B117-3A78BE8A347F} (Servers: | Description: 1394 Net Adapter)
{C7002305-F080-4C8E-8D9A-83C66F674319} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2005/11/29 16:32:40 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AutoRun.inf [[AutoRun] | Open=weiai.exe | Shell\Open=´ò¿ª(&O) | Shell\Open\Command=weiai.exe | Shell\Open\Default=1 | Shell\Explore=×ÊÔ´¹ÜÀíÆ÷(&X) | Shell\Explore\Command=weiai.exe | ]
[2008/12/07 00:30:19 | 00,000,163 | -HS- | M] () -- K:\AutoRun.inf -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\*.tmp files]
[2008/12/08 11:53:57 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Miftahul\Desktop\OTViewIt.exe
[2008/12/08 01:41:30 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2008/12/07 00:41:47 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Documents\Setup.exe
[2008/12/04 21:26:00 | 00,077,880 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\n647586835_630233_2077.jpg
[2008/12/04 00:48:21 | 16,308,830 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\83803_crazy_japanese_school.flv
[2008/12/04 00:45:08 | 12,328,219 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\86818_asian_girls_beat_man2.flv
[2008/12/03 22:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Miftahul\Desktop\jap
[2008/12/02 00:15:13 | 28,571,756 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\66985a407b22ef3b5901eca8c596b88402f6153f17901b64f1d8403e39476ab842f0d78cb4ce718f50b63c7151bebcaf46d806a849b405b2ed53afa11557dc8f2e33ade1e31fd0d2fcdb0e133d772c5dde064fc9f3ad1d528f58cbb09512f1aa59f3.flv
[2008/12/02 00:12:56 | 13,758,029 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\2f9ff3b8ec18a1cbef5fc7b8621e7d6d2b129a0606c4b9e96281aa52716fb32f7209ab609af2a809088d4a69661f3a3719defa8d9bceab3f4d77cf91b9ae57ae319e6aa9cfd2172b98e0e1d195c27266fabb4e6fc13749e55a6cb24547366980ddef.flv
[2008/12/02 00:11:23 | 42,534,319 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\258a61d880f6c68a1316bc84a4d8c77f57c2b38607d44904e58aab0a1e4918ee847e24cd1f6b8dc0387426ab438dd4e1065f2d24e29c5bb642ff4fc3d48ad99ffb287e8175d2d356f674e6f50d260898e39271f928d437ed1fb8b7a846df532e532c.flv
[2008/12/02 00:11:23 | 20,239,687 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\e027926029bebfd6662893bec205063db7639c52930904ecd522bab6c7017f69a6db50f5c5e09eee51490db3c1de178fbf64bd4e15c234cd0bcfcccb4733a259df1b2aeafaf1c9ce7009240a664acbdb553c31dd3ed5dbd045933e10dcf18452150f.flv
[2008/12/02 00:09:28 | 07,196,957 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\1043642805fb146a3543ece9adaecbb7c9f4c1dec2d57d13a1d2d8a7690478f5cdf3ade95f62ad8b96c0b09fdc27a5a9dc6c8c9ce7232c65cf9b630e44357c34eb87792820df8e89259e26d8c470c345cf279e0fa07c0d98f3c45386f5a58b76fd3a.flv
[2008/12/02 00:09:25 | 33,106,378 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\14b01f0a0fe3afd005dce5b7e593da80807d2b9ab001c7c667babf0b63567145a8fbdec13051934b61e41d1825939e5d7445677481a7d6a5c5a2ca73962542a6456b8447b7fbafcada464256225ca8e98b65553470dbe9a138fdb6ba213218914fc4.flv
[2008/11/30 12:41:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2008/11/30 11:09:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/11/30 11:09:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/11/30 11:09:32 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/11/30 11:09:32 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/11/30 11:09:32 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/11/30 11:09:32 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/11/30 11:09:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/11/30 11:09:32 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/11/30 11:09:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/11/30 11:08:25 | 03,055,983 | R--- | C] () -- C:\Documents and Settings\Miftahul\Desktop\ComboFix.exe
[2008/11/28 00:32:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Miftahul\Application Data\WinRAR
[2008/11/28 00:22:14 | 21,468,81536 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/28 00:13:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/28 00:09:24 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/23 01:46:42 | 53,789,899 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\143308_jap_1.flv
[2008/11/23 01:35:03 | 70,760,346 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\145218_cheerleaders_scene_100_1.flv
[2008/11/23 01:31:27 | 08,251,434 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\89358_hamburger_non_statutory_attempts.flv
[2008/11/23 00:20:32 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/11/22 16:15:37 | 11,610,085 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\35dc5204e674f2bcaf6ff1f3ddf5ccfa.flv
[2008/11/22 16:10:36 | 28,404,772 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\fdb7fbe54c07022acadfa734035662a5.flv
[2008/11/22 16:09:08 | 12,038,1193 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_67ddaab2c29fb4f59b9d27da6e3c2cc6.mp4
[2008/11/22 15:56:02 | 78,406,410 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_6bfc524e94780844fd7d9182216ab74f.mp4
[2008/11/22 15:55:00 | 12,017,522 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_ecc3861a3f2d2a2e4b0729ea7a7f75b2.mp4
[2008/11/22 15:54:01 | 77,369,901 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_c2527ec3775b3a0fd1d6432d8f10b8b4.mp4
[2008/11/22 15:52:57 | 05,898,372 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_f4df197f252b76939d7c51dddef78c80.mp4
[2008/11/22 10:05:38 | 26,368,373 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\6e10d7194debb1b76032eefe539f2431.flv
[2008/11/22 10:00:57 | 12,622,2289 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_4697b79c225328ea25e00bbcff518573.mp4
[2008/11/22 10:00:05 | 54,074,356 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_f409fdcef954ff38697f8f87a2792a05.mp4
[2008/11/22 09:59:42 | 50,340,048 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_528a843a0471a9fb3ad1a9bd177532c2.mp4
[2008/11/22 09:57:40 | 87,664,459 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_53219e6464c8303bc89202714dfd2481.mp4
[2008/11/21 23:14:22 | 36,812,137 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\ccc5d8f854896a33dfa3629a654b8fe2.flv
[2008/11/21 23:12:48 | 16,318,638 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_64fad4ae684d50a126a794857701f73c.mp4
[2008/11/21 22:56:29 | 11,408,177 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\09670594586df53e974635c72f181771.flv
[2008/11/21 22:56:26 | 77,633,876 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\af5806f9ba73d87fc6dc1244ca11d447.flv
[2008/11/21 22:56:23 | 77,577,125 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\fb28d9a98da008788fae0b4e460d3049.flv
[2008/11/21 22:49:24 | 11,741,106 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\166051ee9d4c1db3adc8a9a51feb18ed.flv
[2008/11/21 22:46:35 | 02,869,252 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\214028bfc0feec8dfbdbd219d58ca368.flv
[2008/11/21 22:46:17 | 99,579,133 | ---- | C] () -- C:\Documents and Settings\Miftahul\Desktop\f62eb7bb780518f419d2972bb236f9f3.flv
[2008/11/12 17:00:45 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2008/11/11 22:46:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Miftahul\My Documents\SimCity Societies
[2008/11/11 22:42:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SimCity Societies
[2008/11/11 22:21:52 | 00,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SimCity™ Societies.lnk
[2008/11/11 22:06:05 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2008/11/11 22:06:03 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2008/11/11 22:06:01 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2008/11/11 22:06:00 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2008/11/11 22:06:00 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2008/11/11 22:05:57 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2008/11/11 22:05:56 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2008/11/11 22:05:55 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2008/11/11 22:05:53 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2008/11/11 22:05:53 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2008/11/11 22:05:52 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2008/11/11 20:53:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Miftahul\Desktop\Sg map

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2008/12/08 11:54:38 | 00,103,424 | ---- | M] () -- C:\Documents and Settings\Miftahul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/08 11:54:00 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Miftahul\Desktop\OTViewIt.exe
[2008/12/07 23:46:44 | 00,000,572 | ---- | M] () -- C:\Documents and Settings\Miftahul\My Documents\My Sharing Folders.lnk
[2008/12/07 23:45:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/07 23:45:38 | 00,000,732 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2008/12/07 23:45:35 | 00,352,919 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/12/07 23:44:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/07 23:44:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/07 23:44:06 | 21,468,81536 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/07 23:10:20 | 47,722,528 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/07 23:10:20 | 00,562,064 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/05 20:00:00 | 00,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Miftahul.job
[2008/12/04 21:26:00 | 00,077,880 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\n647586835_630233_2077.jpg
[2008/12/04 00:57:24 | 16,308,830 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\83803_crazy_japanese_school.flv
[2008/12/04 00:50:49 | 12,328,219 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\86818_asian_girls_beat_man2.flv
[2008/12/03 22:30:36 | 00,857,125 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\DSC07288.JPG
[2008/12/02 22:02:26 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/02 00:21:46 | 28,571,756 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\66985a407b22ef3b5901eca8c596b88402f6153f17901b64f1d8403e39476ab842f0d78cb4ce718f50b63c7151bebcaf46d806a849b405b2ed53afa11557dc8f2e33ade1e31fd0d2fcdb0e133d772c5dde064fc9f3ad1d528f58cbb09512f1aa59f3.flv
[2008/12/02 00:21:02 | 42,534,319 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\258a61d880f6c68a1316bc84a4d8c77f57c2b38607d44904e58aab0a1e4918ee847e24cd1f6b8dc0387426ab438dd4e1065f2d24e29c5bb642ff4fc3d48ad99ffb287e8175d2d356f674e6f50d260898e39271f928d437ed1fb8b7a846df532e532c.flv
[2008/12/02 00:17:12 | 33,106,378 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\14b01f0a0fe3afd005dce5b7e593da80807d2b9ab001c7c667babf0b63567145a8fbdec13051934b61e41d1825939e5d7445677481a7d6a5c5a2ca73962542a6456b8447b7fbafcada464256225ca8e98b65553470dbe9a138fdb6ba213218914fc4.flv
[2008/12/02 00:16:19 | 20,239,687 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\e027926029bebfd6662893bec205063db7639c52930904ecd522bab6c7017f69a6db50f5c5e09eee51490db3c1de178fbf64bd4e15c234cd0bcfcccb4733a259df1b2aeafaf1c9ce7009240a664acbdb553c31dd3ed5dbd045933e10dcf18452150f.flv
[2008/12/02 00:16:19 | 13,758,029 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\2f9ff3b8ec18a1cbef5fc7b8621e7d6d2b129a0606c4b9e96281aa52716fb32f7209ab609af2a809088d4a69661f3a3719defa8d9bceab3f4d77cf91b9ae57ae319e6aa9cfd2172b98e0e1d195c27266fabb4e6fc13749e55a6cb24547366980ddef.flv
[2008/12/02 00:11:16 | 07,196,957 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\1043642805fb146a3543ece9adaecbb7c9f4c1dec2d57d13a1d2d8a7690478f5cdf3ade95f62ad8b96c0b09fdc27a5a9dc6c8c9ce7232c65cf9b630e44357c34eb87792820df8e89259e26d8c470c345cf279e0fa07c0d98f3c45386f5a58b76fd3a.flv
[2008/11/30 11:08:31 | 03,055,983 | R--- | M] () -- C:\Documents and Settings\Miftahul\Desktop\ComboFix.exe
[2008/11/28 00:16:13 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/11/23 02:23:28 | 70,760,346 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\145218_cheerleaders_scene_100_1.flv
[2008/11/23 02:21:22 | 53,789,899 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\143308_jap_1.flv
[2008/11/23 01:39:08 | 08,251,434 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\89358_hamburger_non_statutory_attempts.flv
[2008/11/22 16:43:48 | 12,038,1193 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_67ddaab2c29fb4f59b9d27da6e3c2cc6.mp4
[2008/11/22 16:18:42 | 11,610,085 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\35dc5204e674f2bcaf6ff1f3ddf5ccfa.flv
[2008/11/22 16:18:38 | 78,406,410 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_6bfc524e94780844fd7d9182216ab74f.mp4
[2008/11/22 16:18:36 | 28,404,772 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\fdb7fbe54c07022acadfa734035662a5.flv
[2008/11/22 16:14:48 | 77,369,901 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_c2527ec3775b3a0fd1d6432d8f10b8b4.mp4
[2008/11/22 15:58:17 | 12,017,522 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_ecc3861a3f2d2a2e4b0729ea7a7f75b2.mp4
[2008/11/22 15:54:30 | 05,898,372 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_f4df197f252b76939d7c51dddef78c80.mp4
[2008/11/22 10:22:02 | 12,622,2289 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_4697b79c225328ea25e00bbcff518573.mp4
[2008/11/22 10:11:51 | 87,664,459 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_53219e6464c8303bc89202714dfd2481.mp4
[2008/11/22 10:09:37 | 26,368,373 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\6e10d7194debb1b76032eefe539f2431.flv
[2008/11/22 10:08:43 | 54,074,356 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_f409fdcef954ff38697f8f87a2792a05.mp4
[2008/11/22 10:08:01 | 50,340,048 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_528a843a0471a9fb3ad1a9bd177532c2.mp4
[2008/11/21 23:26:06 | 36,812,137 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\ccc5d8f854896a33dfa3629a654b8fe2.flv
[2008/11/21 23:21:01 | 77,577,125 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\fb28d9a98da008788fae0b4e460d3049.flv
[2008/11/21 23:20:57 | 77,633,876 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\af5806f9ba73d87fc6dc1244ca11d447.flv
[2008/11/21 23:19:47 | 99,579,133 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\f62eb7bb780518f419d2972bb236f9f3.flv
[2008/11/21 23:18:05 | 16,318,638 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\xvideos.com_64fad4ae684d50a126a794857701f73c.mp4
[2008/11/21 23:00:15 | 11,408,177 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\09670594586df53e974635c72f181771.flv
[2008/11/21 22:54:16 | 11,741,106 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\166051ee9d4c1db3adc8a9a51feb18ed.flv
[2008/11/21 22:47:32 | 02,869,252 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\214028bfc0feec8dfbdbd219d58ca368.flv
[2008/11/21 21:28:43 | 30,250,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/21 21:28:43 | 00,042,274 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/12 17:02:52 | 00,000,217 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/12 17:00:48 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/11 22:21:52 | 00,001,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SimCity™ Societies.lnk
[2008/11/11 03:28:52 | 00,074,752 | ---- | M] () -- C:\Documents and Settings\Miftahul\Desktop\Financial month of April.xls
< End of report >

Extra.txt log


OTViewIt Extras logfile created on: 12/8/2008 11:55:46 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Miftahul\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.20 Gb Available Physical Memory | 9.82% Memory free
3.85 Gb Paging File | 1.95 Gb Available in Paging File | 50.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.09 Gb Total Space | 34.25 Gb Free Space | 30.02% Space Free | Partition Type: NTFS
Drive D: | 114.89 Gb Total Space | 114.82 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 259.00 Gb Free Space | 55.61% Space Free | Partition Type: NTFS

Computer Name: LIVING_ROOM
Current User Name: Miftahul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/08/31 00:23:17 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/04/30 01:51:26 | 00,587,568 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/10/27 22:19:17 | 00,638,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe
[2008/10/27 22:19:17 | 00,643,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/10/27 22:19:19 | 00,408,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 22:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/27 22:19:24 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 22:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 22:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/24 15:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0305052F-141B-FCEC-62B2-FB5668E7933E}"=Catalyst Control Center Graphics Full New
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}"=SimCity™ Societies
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}"=NTI CD & DVD-Maker
"{19754346-BF3D-F1FC-9AF3-B84C216E93D7}"=Catalyst Control Center Graphics Full Existing
"{1AD473D7-7A47-5AEC-B45D-3B87414ED975}"=FLV VideoConstructor v2.4.0.43 FREE
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{228F6876-A313-40A3-91C0-C3CBE6997D09}"=Symantec
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}"=Internet Worm Protection
"{296554E6-A322-EEC8-2185-DF6E624CA990}"=Skins
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0150050}"=J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}"=Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}"=NTI Backup NOW! 4
"{39F55A85-B356-64D7-F2BC-1E6C70A73FB8}"=CCC Help English
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}"=Microsoft Windows Journal Viewer
"{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{534C6D59-D6E3-48A6-AD0B-747799019960}"=XVID Codec Installation
"{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}"=Acer eMode Management
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{771221C5-FD0B-1197-355C-B2AFAA860483}"=ccc-core-preinstall
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC
"{882EE1CB-C2FB-657F-AA98-7DC91FC72447}"=Catalyst Control Center Core Implementation
"{89D2879E-F327-3B5F-F7C6-6E107C816671}"=ccc-utility
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{911A0409-6000-11D3-8CFE-0050048383C9}"=Microsoft Outlook 2002
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B8A6F713-D72D-47AD-A92D-B5C0E13F98C1}"=NTI HomeVideo-Maker
"{C4B7FD4E-6AFD-AE07-FB7E-B9AB9B39232E}"=ccc-core-static
"{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus 2005
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}"=Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D13D0C87-46BA-E646-BC40-C7B0D305A75F}"=Catalyst Control Center Graphics Previews Common
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}"=ABBYY FineReader 5.0 Sprint
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}"=Symantec Script Blocking Installer
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}"=PSP ISO Compressor
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}"=ccCommon
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton AntiVirus Parent MSI
"{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}"=Acer eConsole
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}"=Microsoft .NET Compact Framework 2.0 SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F40F05BE-47BB-72E2-4064-078B69F39BDA}"=Catalyst Control Center Graphics Light
"{F64306A5-4C32-41bb-B153-53986527FAB4}"=Norton WMI Update
"7-Zip"=7-Zip 4.55 beta
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG 8.0
"CCleaner"=CCleaner (remove only)
"Easy Video Joiner_is1"=Easy Video Joiner 5.21
"Freez FLV to MP3 Converter V1.2_is1"=Freez FLV to MP3 Converter
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}"=NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}"=NTI Backup NOW! 4
"Internet Download Manager"=Internet Download Manager
"Lexmark 1200 Series"=Lexmark 1200 Series
"LiveReg"=LiveReg (Symantec Corporation)
"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"mIRC"=mIRC
"Mozilla Firefox (2.0.0.3)"=Mozilla Firefox (2.0.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PSP Video 9"=PSP Video 9 2.25
"RealPlayer 6.0"=RealPlayer
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus 2005 (Symantec Corporation)
"SystemRequirementsLab"=System Requirements Lab
"VLC media player"=VideoLAN VLC media player 0.8.6c
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01005"=Microsoft User-Mode Driver Framework Feature Pack 1.5
"xvid"=XviD MPEG-4 Video Codec
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar
"ZoneAlarm"=ZoneAlarm
"ZoneAlarmSB Uninstall"=ZoneAlarm Spy Blocker

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA
"Google Chrome"=Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3382023974-2213852735-3336490468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA
"Google Chrome"=Google Chrome

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 12/7/2008 11:51:30 PM | Computer Name = LIVING_ROOM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 12/7/2008 11:52:01 PM | Computer Name = LIVING_ROOM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 12/7/2008 11:52:33 PM | Computer Name = LIVING_ROOM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 12/7/2008 11:53:13 PM | Computer Name = LIVING_ROOM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 12/7/2008 11:53:53 PM | Computer Name = LIVING_ROOM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 12/7/2008 11:53:53 PM | Computer Name = LIVING_ROOM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 12/7/2008 11:54:24 PM | Computer Name = LIVING_ROOM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 12/7/2008 11:55:04 PM | Computer Name = LIVING_ROOM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 12/7/2008 11:55:35 PM | Computer Name = LIVING_ROOM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126

Error - 12/7/2008 11:56:15 PM | Computer Name = LIVING_ROOM | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%126


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users