Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BHO Blackbo.dll removal


  • This topic is locked This topic is locked
24 replies to this topic

#1 grinofadrunkwoman

grinofadrunkwoman

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 20 December 2008 - 02:38 PM

Hi,
i seem to have a 'blackbo.dll' which my antivirus (Symantec) detects every other minute.
ive tried several ways to delete the file but it seems impossible.
i found a few threads on bleeping computer where other members were helped to remove it
so pls help :thumbsup: (thanks)

heres my rsit log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Kaushik at 2008-12-21 03:27:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (32%) free of 20 GB
Total RAM: 1014 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:29 AM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kaushik\Desktop\RSIT.exe
C:\Program Files\trend micro\Kaushik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pc-ap.fujitsu.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 137.99.11.86:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A5F740BC-D1AE-4A51-85D0-F05E08F58D8A} - C:\WINDOWS\system32\blackbo.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223184219359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10603 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{B1616078-3513-4D7D-BAA0-1E1CC3CAFBBE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5F740BC-D1AE-4A51-85D0-F05E08F58D8A}]
C:\WINDOWS\system32\blackbo.dll [2008-11-13 104704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2008-12-15 204248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2008-04-14 16384]
"TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2008-04-14 271872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-19 136600]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-31 761946]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-16 88365]
"ATSwpNav"=C:\Program Files\Fingerprint Sensor\ATSwpNav -run []
"OmniPass"=C:\Program Files\Softex\OmniPass\scureapp.exe [2005-11-21 1847296]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-03 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-03 118784]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2006-01-27 73728]
"FjStrtAp"=C:\Program Files\Fujitsu\Utils\FjStrtAp.exe [2006-05-05 20480]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2006-03-09 90112]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-11-04 61440]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-09-27 125168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"LClock"=C:\Program Files\LClock\lclock.exe [2004-09-20 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-10-09 289088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJUPDNV_Chitose]
C:\Program Files\Fujitsu\updnavi\updnavi.exe [2006-02-21 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe [2005-02-26 68296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AgereModemAudio"=2
"WMPNetworkSvc"=3
"S24EventMonitor"=2
"RegSrvc"=2
"EvtEng"=2
"WLSetupSvc"=3
"usnjsvc"=3
"gusvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-03 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2008-04-14 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2005-11-21 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2008-04-14 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

======List of files/folders created in the last 1 months======

2008-12-21 03:27:23 ----D---- C:\Program Files\trend micro
2008-12-21 03:27:22 ----D---- C:\rsit
2008-12-21 03:15:57 ----A---- C:\ComboFix.txt
2008-12-21 03:10:01 ----A---- C:\Boot.bak
2008-12-21 03:09:54 ----RASHD---- C:\cmdcons
2008-12-21 03:09:04 ----A---- C:\WINDOWS\zip.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\SWREG.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\sed.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\grep.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\fdsv.exe
2008-12-21 03:09:03 ----A---- C:\WINDOWS\VFIND.exe
2008-12-21 03:09:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-21 03:09:03 ----A---- C:\WINDOWS\SWSC.exe
2008-12-21 03:08:57 ----D---- C:\WINDOWS\ERDNT
2008-12-21 03:08:57 ----D---- C:\Qoobox
2008-12-21 03:08:57 ----D---- C:\ComboFix
2008-12-21 02:41:53 ----D---- C:\Program Files\Sophos
2008-12-21 02:16:40 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-20 17:36:08 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-12-20 17:20:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-20 17:20:23 ----D---- C:\Program Files\Spyware Doctor
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\java.exe
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-19 01:54:26 ----D---- C:\WINDOWS\ie8updates
2008-12-12 21:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 21:41:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 21:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 21:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 18:58:07 ----HD---- C:\WINDOWS\PIF
2008-12-11 11:32:07 ----D---- C:\Documents and Settings\Kaushik\Application Data\Flickr
2008-12-11 11:31:45 ----D---- C:\Program Files\Flickr Uploadr
2008-11-29 03:31:52 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-11-29 03:31:51 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-11-29 01:51:30 ----A---- C:\WINDOWS\uninst.exe

======List of files/folders modified in the last 1 months======

2008-12-21 03:27:23 ----RD---- C:\Program Files
2008-12-21 03:26:25 ----D---- C:\WINDOWS\Temp
2008-12-21 03:16:01 ----D---- C:\WINDOWS\system32
2008-12-21 03:15:59 ----D---- C:\WINDOWS
2008-12-21 03:15:07 ----A---- C:\WINDOWS\system.ini
2008-12-21 03:14:04 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 03:14:04 ----D---- C:\WINDOWS\AppPatch
2008-12-21 03:14:04 ----D---- C:\Program Files\Common Files
2008-12-21 03:13:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-21 03:10:01 ----RASH---- C:\boot.ini
2008-12-21 03:09:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 03:09:02 ----SHD---- C:\System Volume Information
2008-12-21 03:09:02 ----D---- C:\WINDOWS\system32\Restore
2008-12-21 03:08:49 ----D---- C:\WINDOWS\Prefetch
2008-12-20 17:36:42 ----D---- C:\Documents and Settings\Kaushik\Application Data\BitTorrent
2008-12-20 17:22:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 03:44:10 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-19 04:12:02 ----SHD---- C:\WINDOWS\Installer
2008-12-19 04:11:30 ----D---- C:\Program Files\Java
2008-12-19 01:54:36 ----HD---- C:\WINDOWS\inf
2008-12-19 01:54:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 01:54:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 12:44:03 ----D---- C:\Program Files\Hotspot Shield
2008-12-15 17:13:22 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 21:59:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 21:41:50 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 11:31:51 ----D---- C:\WINDOWS\WinSxS
2008-12-11 04:22:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 03:23:14 ----D---- C:\Documents and Settings\Kaushik\Application Data\Adobe
2008-12-10 10:39:41 ----SD---- C:\Documents and Settings\Kaushik\Application Data\Microsoft
2008-12-10 09:04:12 ----D---- C:\WINDOWS\Help
2008-12-10 07:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-29 01:54:48 ----D---- C:\Documents and Settings\Kaushik\Application Data\Macromedia
2008-11-23 18:56:58 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 FlashDrv;FlashDrv; \??\C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-11-19 117874]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 Fjbtndrv;Fujitsu Button Driver; C:\WINDOWS\system32\DRIVERS\FjBtnDrv.sys [2006-03-29 17920]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidpen;Wacom Serial Pen HID MiniDriver; C:\WINDOWS\system32\DRIVERS\hidpen.sys [2004-08-02 31104]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-03 1353820]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\navex15.sys []
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2006-03-07 92550]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-21 1106952]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-08-07 12992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-08-07 110784]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-08-07 31936]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081214.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-08-07 28352]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-30 193056]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-27 1429632]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-12-08 243712]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-25 465952]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2001-09-07 6000]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\5A.tmp []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2008-04-14 14208]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-07-19 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 Digitizer;Digitizer Service; C:\WINDOWS\System32\digtizer.exe [2006-03-27 61440]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-11-26 88024]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-09-27 87728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-19 152984]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-09-13 57344]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2005-11-21 32768]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-09-27 173744]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Edited by grinofadrunkwoman, 20 December 2008 - 02:48 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:56 AM

Posted 26 December 2008 - 11:29 AM

Hi grinofadrunkwoman,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • Please attach the following files one by one to your reply. To do that when you press the ADDREPLY, under the reply window press Browse... show the path to the file on your computer:

    c:\combofix.txt
    c:\rsit\info.txt

    Highlight the file and click Open then press the green UPLOAD button.

  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).



You might want to save this page on your favorites, so you can find it again when you return.

#3 grinofadrunkwoman

grinofadrunkwoman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 26 December 2008 - 02:04 PM

Hi,
attached are the combofix.txt and info.txt
after my first post, i reran rsit so the info.txt attached here is not a direct pair of the previous post. however i did not make any major changes.
i did install 2 softwares over the past few days. they were simple free games. (PRE-Flight AirShow and RealFlight G4 Demo)
condition of my computer has not changed. my antivirus constantly detects 'trojan horse' activity by blackbo.dll.
i get a popup almost every 2 minutes saying that blackbo.dll was prevented from being accessed.
unfortunately it is not able to repair the virus / trojan horse :thumbsup:
my internet speeds have greatly reduced and my internet explorer has become very unstable from the day blackbo.dll was detected by my antivirus (21st dec)

thanks for the help



Logfile of random's system information tool 1.05 (written by random/random)
Run by Kaushik at 2008-12-27 02:54:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (14%) free of 20 GB
Total RAM: 1014 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:37 AM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Kaushik\Desktop\RSIT.exe
C:\Program Files\trend micro\Kaushik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pc-ap.fujitsu.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 137.99.11.86:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A5F740BC-D1AE-4A51-85D0-F05E08F58D8A} - C:\WINDOWS\system32\blackbo.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223184219359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10685 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{B1616078-3513-4D7D-BAA0-1E1CC3CAFBBE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5F740BC-D1AE-4A51-85D0-F05E08F58D8A}]
C:\WINDOWS\system32\blackbo.dll [2008-11-13 104704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2008-12-15 204248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2008-04-14 16384]
"TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2008-04-14 271872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-19 136600]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-31 761946]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-16 88365]
"ATSwpNav"=C:\Program Files\Fingerprint Sensor\ATSwpNav -run []
"OmniPass"=C:\Program Files\Softex\OmniPass\scureapp.exe [2005-11-21 1847296]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-03 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-03 118784]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2006-01-27 73728]
"FjStrtAp"=C:\Program Files\Fujitsu\Utils\FjStrtAp.exe [2006-05-05 20480]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2006-03-09 90112]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-11-04 61440]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-09-27 125168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"LClock"=C:\Program Files\LClock\lclock.exe [2004-09-20 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-10-09 289088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJUPDNV_Chitose]
C:\Program Files\Fujitsu\updnavi\updnavi.exe [2006-02-21 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe [2005-02-26 68296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AgereModemAudio"=2
"WMPNetworkSvc"=3
"S24EventMonitor"=2
"RegSrvc"=2
"EvtEng"=2
"WLSetupSvc"=3
"usnjsvc"=3
"gusvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-03 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2008-04-14 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2005-11-21 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2008-04-14 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

======List of files/folders created in the last 2 months======

2008-12-24 21:22:33 ----D---- C:\WINDOWS\Minidump
2008-12-24 00:02:44 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-24 00:02:44 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-24 00:02:43 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-24 00:02:43 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-24 00:02:42 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-24 00:02:42 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-24 00:02:41 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-24 00:02:41 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-24 00:02:39 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-24 00:02:37 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-24 00:02:35 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-24 00:02:12 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-24 00:02:12 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-24 00:02:11 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-24 00:02:09 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-24 00:02:08 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-24 00:02:07 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-24 00:02:05 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-24 00:02:04 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-24 00:01:59 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-24 00:01:11 ----D---- C:\Program Files\RealFlight G4 Demo
2008-12-24 00:01:11 ----D---- C:\Program Files\Common Files\KnifeEdge
2008-12-23 23:44:21 ----D---- C:\Program Files\Transcendental Technologies
2008-12-23 23:44:00 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-21 20:38:21 ----D---- C:\Program Files\ERUNT
2008-12-21 03:27:23 ----D---- C:\Program Files\trend micro
2008-12-21 03:27:22 ----D---- C:\rsit
2008-12-21 03:15:57 ----A---- C:\ComboFix.txt
2008-12-21 03:10:01 ----A---- C:\Boot.bak
2008-12-21 03:09:54 ----RASHD---- C:\cmdcons
2008-12-21 03:09:04 ----A---- C:\WINDOWS\zip.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\SWREG.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\sed.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\grep.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\fdsv.exe
2008-12-21 03:09:03 ----A---- C:\WINDOWS\VFIND.exe
2008-12-21 03:09:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-21 03:09:03 ----A---- C:\WINDOWS\SWSC.exe
2008-12-21 03:08:57 ----D---- C:\WINDOWS\ERDNT
2008-12-21 03:08:57 ----D---- C:\Qoobox
2008-12-21 03:08:57 ----D---- C:\ComboFix
2008-12-21 02:41:53 ----D---- C:\Program Files\Sophos
2008-12-21 02:16:40 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-20 17:36:08 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-12-20 17:20:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-20 17:20:23 ----D---- C:\Program Files\Spyware Doctor
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\java.exe
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-19 01:54:26 ----D---- C:\WINDOWS\ie8updates
2008-12-12 21:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 21:41:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 21:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 21:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 18:58:07 ----HD---- C:\WINDOWS\PIF
2008-12-11 11:32:07 ----D---- C:\Documents and Settings\Kaushik\Application Data\Flickr
2008-12-11 11:31:45 ----D---- C:\Program Files\Flickr Uploadr
2008-11-29 03:31:52 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-11-29 03:31:51 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-11-29 01:51:30 ----A---- C:\WINDOWS\uninst.exe
2008-11-18 23:12:56 ----D---- C:\Documents and Settings\Kaushik\Application Data\Move Networks
2008-11-12 20:57:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 20:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 20:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-10 23:56:12 ----D---- C:\Documents and Settings\Kaushik\Application Data\Bullzip
2008-11-10 23:42:52 ----A---- C:\WINDOWS\system32\bzpdfc.dll
2008-11-10 23:42:52 ----A---- C:\WINDOWS\system32\bzFlRdr.dll
2008-11-10 23:42:52 ----A---- C:\WINDOWS\system32\bzDCT.dll
2008-11-10 23:42:49 ----A---- C:\WINDOWS\system32\bzpdf.dll
2008-11-10 23:42:44 ----D---- C:\Program Files\Bullzip
2008-11-08 08:48:06 ----D---- C:\Program Files\Common Files\xing shared
2008-11-08 08:48:00 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-08 08:47:56 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-11-08 08:47:56 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-11-08 08:47:54 ----D---- C:\Program Files\Real
2008-11-08 08:47:54 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-08 08:47:51 ----D---- C:\Program Files\Common Files\Real
2008-11-08 08:47:50 ----D---- C:\Documents and Settings\Kaushik\Application Data\Real
2008-11-02 21:51:04 ----D---- C:\Program Files\Hotspot Shield
2008-11-02 13:27:06 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-01 23:20:00 ----D---- C:\Program Files\Tudou
2008-10-29 06:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-29 06:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-29 06:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-29 06:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-29 06:35:56 ----A---- C:\WINDOWS\system32\DivX.dll

======List of files/folders modified in the last 2 months======

2008-12-27 02:53:09 ----D---- C:\WINDOWS\Temp
2008-12-27 02:49:27 ----D---- C:\WINDOWS
2008-12-26 23:04:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-26 20:01:24 ----D---- C:\WINDOWS\Prefetch
2008-12-24 21:22:35 ----SHD---- C:\WINDOWS\CSC
2008-12-24 00:02:46 ----SHD---- C:\WINDOWS\Installer
2008-12-24 00:02:46 ----D---- C:\WINDOWS\system32\DirectX
2008-12-24 00:02:45 ----HD---- C:\WINDOWS\inf
2008-12-24 00:02:45 ----D---- C:\WINDOWS\system32
2008-12-24 00:02:35 ----RSD---- C:\WINDOWS\assembly
2008-12-24 00:02:21 ----D---- C:\WINDOWS\Microsoft.Net
2008-12-24 00:01:11 ----RD---- C:\Program Files
2008-12-24 00:01:11 ----D---- C:\Program Files\Common Files
2008-12-23 23:39:22 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-21 03:15:07 ----A---- C:\WINDOWS\system.ini
2008-12-21 03:14:04 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 03:14:04 ----D---- C:\WINDOWS\AppPatch
2008-12-21 03:10:01 ----RASH---- C:\boot.ini
2008-12-21 03:09:02 ----SHD---- C:\System Volume Information
2008-12-21 03:09:02 ----D---- C:\WINDOWS\system32\Restore
2008-12-20 17:36:42 ----D---- C:\Documents and Settings\Kaushik\Application Data\BitTorrent
2008-12-20 17:22:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 03:44:10 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-19 04:11:30 ----D---- C:\Program Files\Java
2008-12-19 01:54:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 01:54:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 17:13:22 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 21:59:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 21:41:50 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 11:31:51 ----D---- C:\WINDOWS\WinSxS
2008-12-11 04:22:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 03:23:14 ----D---- C:\Documents and Settings\Kaushik\Application Data\Adobe
2008-12-10 10:39:41 ----SD---- C:\Documents and Settings\Kaushik\Application Data\Microsoft
2008-12-10 09:04:12 ----D---- C:\WINDOWS\Help
2008-12-10 07:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-29 01:54:48 ----D---- C:\Documents and Settings\Kaushik\Application Data\Macromedia
2008-11-23 18:56:58 ----D---- C:\WINDOWS\network diagnostic
2008-11-19 01:33:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-18 15:22:35 ----D---- C:\Program Files\DivX
2008-11-13 11:46:23 ----D---- C:\WINDOWS\system32\Macromed
2008-11-13 01:16:21 ----A---- C:\WINDOWS\system32\blackbo.dll
2008-11-10 13:42:08 ----D---- C:\Documents and Settings\Kaushik\Application Data\Skype
2008-11-10 13:33:53 ----D---- C:\Documents and Settings\Kaushik\Application Data\skypePM
2008-11-10 13:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-11-06 16:45:53 ----D---- C:\Program Files\EditPlus 2
2008-11-04 22:12:18 ----D---- C:\Documents and Settings\Kaushik\Application Data\Nokia

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 FlashDrv;FlashDrv; \??\C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-11-19 117874]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 Fjbtndrv;Fujitsu Button Driver; C:\WINDOWS\system32\DRIVERS\FjBtnDrv.sys [2006-03-29 17920]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidpen;Wacom Serial Pen HID MiniDriver; C:\WINDOWS\system32\DRIVERS\hidpen.sys [2004-08-02 31104]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-03 1353820]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081225.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081225.002\navex15.sys []
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2006-03-07 92550]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-21 1106952]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-08-07 12992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-08-07 110784]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-08-07 31936]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081214.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-08-07 28352]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-30 193056]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-27 1429632]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-12-08 243712]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-25 465952]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2001-09-07 6000]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\5A.tmp []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2008-04-14 14208]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-07-19 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 Digitizer;Digitizer Service; C:\WINDOWS\System32\digtizer.exe [2006-03-27 61440]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-11-26 88024]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-09-27 87728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-19 152984]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-09-13 57344]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2005-11-21 32768]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-09-27 173744]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Attached Files



#4 grinofadrunkwoman

grinofadrunkwoman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 26 December 2008 - 02:08 PM

hi,
the attached info.txt and my first posts' log seem to have same timestamp. so i guess they are a pair.
thanks for the help.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:56 AM

Posted 26 December 2008 - 03:28 PM

Hi again,

Thanks for the detailed feedback.
  • You have attached log.txt instead of info.txt, please attach info.txt.

  • Before removing the file I would like you to do this:

    If you can not find the following files make sure that you can view all hidden and system files. Instructions on how to do this can be found here: How to see hidden files in Windows

    Please click this link--> virustotal
  • Click the browse button and navigate to the files listed below in bold, then click Send File. You will only be able to have one file scanned at a time.

    C:\WINDOWS\system32\blackbo.dll
    c:\windows\system32\drivers\sjudqdei.sys

  • If the file is analyzed before click Reanalyse file now button.
  • Wait until the file is analyzed. Please post back the results of the scan in your next post.


#6 grinofadrunkwoman

grinofadrunkwoman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 26 December 2008 - 03:41 PM

Hi,
sorry for that.. ive attached info.txt now..

following are the virustotal results:

blackbo.dll:
Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.26 Rootkit.Win32.Podnuha!IK
AhnLab-V3 2008.12.25.0 2008.12.26 -
AntiVir 7.9.0.45 2008.12.26 RKit/Podnuha.bhs.1
Authentium 5.1.0.4 2008.12.26 -
Avast 4.8.1281.0 2008.12.26 Win32:Rootkit-gen
AVG 8.0.0.199 2008.12.26 Agent.4.O
BitDefender 7.2 2008.12.26 Rootkit.9359
CAT-QuickHeal 10.00 2008.12.26 Rootkit.Podnuha.bhg
ClamAV 0.94.1 2008.12.26 -
Comodo 819 2008.12.26 -
DrWeb 4.44.0.09170 2008.12.26 Trojan.Siggen.644
eSafe 7.0.17.0 2008.12.24 Suspicious File
eTrust-Vet 31.6.6276 2008.12.24 Win32/Kvol!generic
Ewido 4.0 2008.12.26 -
F-Prot 4.4.4.56 2008.12.24 -
F-Secure 8.0.14332.0 2008.12.26 -
Fortinet 3.117.0.0 2008.12.26 PossibleThreat
GData 19 2008.12.26 Rootkit.9359
Ikarus T3.1.1.45.0 2008.12.26 Rootkit.Win32.Podnuha
K7AntiVirus 7.10.567 2008.12.26 Rootkit.Win32.Podnuha.bhs
Kaspersky 7.0.0.125 2008.12.26 Heur.Trojan.Generic
McAfee 5475 2008.12.26 Generic.dx
McAfee+Artemis 5474 2008.12.24 Generic.dx
Microsoft 1.4205 2008.12.26 Trojan:Win32/Boaxxe.H
NOD32 3718 2008.12.26 a variant of Win32/Rootkit.Podnuha
Norman 5.80.02 2008.12.26 -
Panda 9.0.0.4 2008.12.26 Generic Trojan
PCTools 4.4.2.0 2008.12.26 -
Prevx1 V2 2008.12.26 Malicious Software
Rising 21.09.42.00 2008.12.26 Trojan.Clicker.Win32.Delf.bes
SecureWeb-Gateway 6.7.6 2008.12.26 Rootkit.Podnuha.bhs.1
Sophos 4.37.0 2008.12.26 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.26 Trojan Horse
TheHacker 6.3.1.4.200 2008.12.26 -
TrendMicro 8.700.0.1004 2008.12.26 -
VBA32 3.12.8.10 2008.12.26 Rootkit.Win32.Podnuha.bhs
ViRobot 2008.12.26.1536 2008.12.26 Trojan.Win32.RT-Podnuha.94720.D
VirusBuster 4.5.11.0 2008.12.26 -
Additional information
File size: 104704 bytes
MD5...: ba68a221b0bc8d430e370f1f67ff947c
SHA1..: e307cc95b294cb6549a13a3578a6a8580422ffba
SHA256: e59581f7951df915a6a49d623aae07f38d3d0baadf5e3ee491c42e02b05f88f3
SHA512: 387ece97a7203d79fe27cb544ba83d2ab10d74281fcf5c4f35c58497bc163e23
87ef84f689ddf75ef0dfba36467ae8329167863bd7afa3aed1028202ac89e1f0

ssdeep: 3072:lK4DYvZYcn53YIF72q5GDvyXn++RXjLoqM5DxKPm:lKiYvOcn5osyq5D++R
XXWxIm

PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (42.6%)
Win32 EXE Yoda's Crypter (37.0%)
Win32 Executable Generic (11.8%)
Win16/32 Executable Delphi generic (2.8%)
Generic Win/DOS Executable (2.7%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43ec70
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x28000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x29000 0x16000 0x16000 7.90 9bbef88aa82ff3ec65216cff1f6de24f
.rsrc 0x3f000 0x1000 0xe00 3.69 e3887ff0ef214203c7e1f18b0ce9e0ef

( 6 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> advapi32.dll: RegCloseKey
> ole32.dll: IsEqualGUID
> oleaut32.dll: LoadTypeLib
> shell32.dll: SHGetMalloc
> user32.dll: SetTimer

( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, InitEntry0

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=98B922A100F59CAD996901A740C423000174975D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=98B922A100F59CAD996901A740C423000174975D</a>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ba68a221b0bc8d430e370f1f67ff947c' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=ba68a221b0bc8d430e370f1f67ff947c</a>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX


sjudqdei.sys:
Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.26 -
AhnLab-V3 2008.12.25.0 2008.12.26 -
AntiVir 7.9.0.45 2008.12.26 -
Authentium 5.1.0.4 2008.12.26 -
Avast 4.8.1281.0 2008.12.26 -
AVG 8.0.0.199 2008.12.26 -
BitDefender 7.2 2008.12.26 -
CAT-QuickHeal 10.00 2008.12.26 -
ClamAV 0.94.1 2008.12.26 -
Comodo 819 2008.12.26 -
DrWeb 4.44.0.09170 2008.12.26 -
eSafe 7.0.17.0 2008.12.24 -
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.26 -
F-Prot 4.4.4.56 2008.12.24 -
F-Secure 8.0.14332.0 2008.12.26 -
Fortinet 3.117.0.0 2008.12.26 -
GData 19 2008.12.26 -
Ikarus T3.1.1.45.0 2008.12.26 -
K7AntiVirus 7.10.567 2008.12.26 -
Kaspersky 7.0.0.125 2008.12.26 -
McAfee 5475 2008.12.26 -
McAfee+Artemis 5474 2008.12.24 -
Microsoft 1.4205 2008.12.26 -
NOD32 3718 2008.12.26 -
Norman 5.80.02 2008.12.26 -
Panda 9.0.0.4 2008.12.26 -
PCTools 4.4.2.0 2008.12.26 -
Prevx1 V2 2008.12.26 -
Rising 21.09.42.00 2008.12.26 -
SecureWeb-Gateway 6.7.6 2008.12.26 -
Sophos 4.37.0 2008.12.26 -
Sunbelt 3.2.1809.2 2008.12.22 VIPRE.Suspicious
Symantec 10 2008.12.26 -
TheHacker 6.3.1.4.200 2008.12.26 -
TrendMicro 8.700.0.1004 2008.12.26 -
VBA32 3.12.8.10 2008.12.26 -
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.26 -
Additional information
File size: 23424 bytes
MD5...: f89792b08a14f3931e53780819f6f4bf
SHA1..: c805fa68e156e7fe33e0f146d60c2c1973a3bdc3
SHA256: aad0125b99c358e5b9eeaf8209de76c63c581fcaf63fac654e596ff93d9750a3
SHA512: 05482a1bf09113239d12d62f9e2414c76fc40a503d17a1231e3cab6a0f6565f2
b33b28dd93b506e6afe2b18f1e0755319306c604a6039f2ec02fb9f30c639689

ssdeep: 384:uRQXBfGKoy9XpKxarzzU05g5c/Wmr2AhZ3lHwJMNZnggok4T68POmNaQWTVL
fVo0:ouk8zz75KEH1wIZnSk4G8P5afLfV64

PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10fea
timedatestamp.....: 0x3a311d2a (Fri Dec 08 17:40:58 2000)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2c0 0x3d6b 0x3d80 7.06 fb019b271cce88ef4d42479a955e0441
.rdata 0x4040 0x156 0x160 4.65 e52f23ddcda79d6e79fae75ac58769c8
.data 0x41a0 0x73 0x80 4.56 0c9173ce2b80133afbfe0db6b1bf4e7f
INIT 0x4220 0x292 0x2a0 4.62 46e689ac7ea4a6562b84f3489b87fab6
.wkjb 0x44c0 0x1100 0x1100 7.18 a7bf7ea9b9585ba567bce1303415dc27
.rsrc 0x55c0 0x3f8 0x400 3.42 ee85c188f87613417d49c4289202e467
.reloc 0xf6ef1 0xa4d01a6 0x1c0 5.05 f9978620060ece12e77dad3745153856

( 1 imports )
> SCSIPORT.SYS: ScsiPortNotification, ScsiPortLogError, ScsiPortReadRegisterBufferUchar, ScsiPortFreeDeviceBase, ScsiPortConvertUlongToPhysicalAddress, ScsiPortGetDeviceBase, ScsiPortInitialize, ScsiPortReadPortBufferUchar, ScsiPortReadPortUchar, ScsiPortWritePortUchar, ScsiPortWritePortBufferUchar, ScsiPortStallExecution, ScsiPortFlushDma, ScsiPortIoMapTransfer, ScsiPortGetLogicalUnit, ScsiPortWritePortBufferUshort, ScsiPortWritePortBufferUlong, ScsiPortReadPortBufferUshort, ScsiPortReadPortBufferUlong

( 0 exports )

packers (Kaspersky): PE_Patch

Attached Files

  • Attached File  info.txt   18.78KB   26 downloads


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:56 AM

Posted 26 December 2008 - 04:06 PM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • We are going to repair broken file associations.
    • Download Deckard's Association File Tool daft.exe and save it to your desktop.
    • Double click on it and click Run.
    • Click on the Scan button.
    • The faulty file associations will appear in red beside a checkbox. Just place a checkmark (tick) in the boxes in question.
    • Click the Fix button.
  • You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    All Java versions except Java 6 update 11

    Additional instructions can be found here if needed.


  • Open notepad and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/t/188024/bho-blackbodll-removal/?p=1061808
    
    Collect::[4]
    C:\WINDOWS\system32\blackbo.dll
    c:\windows\system32\drivers\sjudqdei.sys
    
    Driver::
    sjudqdei
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5F740BC-D1AE-4A51-85D0-F05E08F58D8A}]

    Save this as CFScript.txt


    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
    • A browser will open.
    • Simply follow the instructions to copy/paste/send the requested file.
  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please copy and paste a fresh Hijackthis log to your reply.
Please copy/paste in your next reply:
  • The Combofix log.
  • The log of MBAM.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#8 grinofadrunkwoman

grinofadrunkwoman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 26 December 2008 - 04:12 PM

Hi,
Would u recommend that i disable symantec's auto protect during the above procedure?
auto-protect prevents access to all suspicious files. in fact i had to disable it temporarily to allow uploading of blackbo.dll to virustotal
thanks

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:56 AM

Posted 26 December 2008 - 04:20 PM

Yes of course. I assumed you new it as you have already run Combofix but disable the auto-protect just temporarily to allow Combofix to the job. Usually upon restart Norton should start auto-protect by itself, but check it to make sure you are protected after the computer rebooted.

#10 grinofadrunkwoman

grinofadrunkwoman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 26 December 2008 - 04:55 PM

Hi,
ive completed all the steps

1. broken file associations - 2 fixed. both were related to notepad.exe
2. java 6 update 7 removed, also i removed bittorrent p2p software.
3. combofix - once it finished rebooting and writing log it did not ask me to allow connection to internet / open browser / send files
4. atf cleaner - done
5. malwarebytes - no malware found through quick scan

the file blackbo.dll seems to have been deleted. symantec no longer shows any popup alerts.

thanks for the help

following are the logs

ComboFix:
ComboFix 08-12-18.03 - Kaushik 2008-12-27 5:22:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.388 [GMT 8:00]
Running from: c:\documents and settings\Kaushik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kaushik\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\blackbo.dll
c:\windows\system32\drivers\sjudqdei.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SJUDQDEI
-------\Service_sjudqdei


((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 )))))))))))))))))))))))))))))))
.

2008-12-24 00:01 . 2008-12-24 00:02 <DIR> d-------- c:\program files\RealFlight G4 Demo
2008-12-24 00:01 . 2008-12-24 00:01 <DIR> d-------- c:\program files\Common Files\KnifeEdge
2008-12-23 23:44 . 2008-12-23 23:44 <DIR> d-------- c:\program files\Transcendental Technologies
2008-12-23 23:44 . 1997-11-19 15:49 303,616 --a------ c:\windows\IsUninst.exe
2008-12-21 20:38 . 2008-12-21 20:38 <DIR> d-------- c:\program files\ERUNT
2008-12-21 03:27 . 2008-12-21 03:27 <DIR> d-------- C:\rsit
2008-12-21 03:27 . 2008-12-27 02:54 <DIR> d-------- c:\program files\trend micro
2008-12-21 02:41 . 2008-12-21 02:41 <DIR> d-------- c:\program files\Sophos
2008-12-20 17:36 . 2008-12-20 17:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-12-20 17:20 . 2008-12-21 02:51 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-20 17:20 . 2008-12-21 02:47 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 16:11 . 2008-12-20 16:11 <DIR> d--hs---- c:\documents and settings\LocalService\UserData
2008-12-20 16:05 . 2008-12-20 16:05 <DIR> d--hs---- c:\documents and settings\LocalService\PrivacIE
2008-12-19 04:11 . 2008-12-19 04:11 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-19 01:54 . 2008-12-19 01:54 <DIR> d-------- c:\windows\ie8updates
2008-12-12 18:58 . 2008-12-12 18:58 <DIR> d--h----- c:\windows\PIF
2008-12-11 11:32 . 2008-12-11 11:32 <DIR> d-------- c:\documents and settings\Kaushik\Application Data\Flickr
2008-12-11 11:31 . 2008-12-11 11:32 <DIR> d-------- c:\program files\Flickr Uploadr
2008-11-29 03:31 . 2008-04-14 05:42 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-29 03:31 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-29 03:31 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-29 03:31 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-29 01:51 . 1998-10-01 16:22 299,520 --a------ c:\windows\uninst.exe
2008-11-29 01:50 . 2008-11-29 01:50 <DIR> d-------- c:\documents and settings\Kaushik\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 21:16 --------- d-----w c:\program files\Java
2008-12-19 19:44 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-16 04:44 --------- d-----w c:\program files\Hotspot Shield
2008-11-20 19:38 --------- d-----w c:\documents and settings\Kaushik\Application Data\Move Networks
2008-11-18 07:22 --------- d-----w c:\program files\DivX
2008-11-10 15:56 --------- d-----w c:\documents and settings\Kaushik\Application Data\Bullzip
2008-11-10 15:42 --------- d-----w c:\program files\Bullzip
2008-11-10 05:42 --------- d-----w c:\documents and settings\Kaushik\Application Data\Skype
2008-11-10 05:33 --------- d-----w c:\documents and settings\Kaushik\Application Data\skypePM
2008-11-10 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-08 00:48 --------- d-----w c:\program files\Common Files\xing shared
2008-11-08 00:48 --------- d-----w c:\program files\Common Files\Real
2008-11-08 00:47 --------- d-----w c:\program files\Real
2008-11-06 08:45 --------- d-----w c:\program files\EditPlus 2
2008-11-04 14:12 --------- d-----w c:\documents and settings\Kaushik\Application Data\Nokia
2008-11-01 15:36 --------- d-----w c:\program files\Tudou
2008-10-05 10:44 387 ----a-w c:\program files\SPS.log
2008-10-05 10:44 366 ----a-w c:\program files\SPU.log
2008-10-05 10:44 183 ----a-w c:\program files\SetupSPU.log
2008-10-05 10:43 351 ----a-w c:\program files\HotkeyUtility.log
2008-10-05 10:43 345 ----a-w c:\program files\RadioControl.log
2008-10-05 10:43 324 ----a-w c:\program files\FlashAid.log
2008-10-05 10:43 187 ----a-w c:\program files\SetupRC.log
2008-10-05 10:43 183 ----a-w c:\program files\SetupSPS.log
2008-10-05 10:43 179 ----a-w c:\program files\SetupHK.log
2008-10-05 10:43 165 ----a-w c:\program files\SetupFA.log
2008-10-05 10:42 376 ----a-w c:\program files\SEU.log
2008-10-05 10:42 195 ----a-w c:\program files\DisplayManager.log
2008-10-05 10:42 164 ----a-w c:\program files\SetupSEU.log
2008-10-05 10:41 171 ----a-w c:\program files\wacom.log
2008-10-05 10:41 157 ----a-w c:\program files\NaviSetup.log
2008-10-05 10:40 264 ----a-w c:\program files\Video.log
2008-10-05 10:40 161 ----a-w c:\program files\Omnipass.log
2008-10-05 10:38 191 ----a-w c:\program files\Mouse.log
2008-10-05 10:38 172 ----a-w c:\program files\Audio.log
2006-01-07 18:09 13 ----a-w c:\program files\IMAGE1.DAT
2008-07-04 02:33 24,576 ----a-w c:\program files\mozilla firefox\components\CheckTudouVa.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-21_ 3.15.31.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-23 16:02:30 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-12-23 16:02:30 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-12-23 16:02:30 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-12-23 16:02:20 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-23 16:02:23 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-23 16:02:24 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-23 16:02:24 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-23 16:02:25 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-23 16:02:26 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-23 16:02:26 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-23 16:02:27 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-23 16:02:28 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-23 16:02:34 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-12-23 16:02:34 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-12-23 16:02:35 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-12-23 16:02:35 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-12-23 16:02:35 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-12-23 16:02:30 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2005-10-20 04:02:28 163,328 ----a-w c:\windows\ERDNT\12-21-2008\ERDNT.EXE
+ 2008-12-21 12:39:13 237,568 ----a-w c:\windows\ERDNT\12-21-2008\Users\00000001\NTUSER.DAT
+ 2008-12-21 12:39:13 8,192 ----a-w c:\windows\ERDNT\12-21-2008\Users\00000002\UsrClass.dat
+ 2008-12-21 12:39:13 237,568 ----a-w c:\windows\ERDNT\12-21-2008\Users\00000003\NTUSER.DAT
+ 2008-12-21 12:39:13 8,192 ----a-w c:\windows\ERDNT\12-21-2008\Users\00000004\UsrClass.dat
+ 2008-12-21 12:39:13 4,689,920 ----a-w c:\windows\ERDNT\12-21-2008\Users\00000005\NTUSER.DAT
+ 2008-12-21 12:39:13 389,120 ----a-w c:\windows\ERDNT\12-21-2008\Users\00000006\UsrClass.dat
+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-03-18 08:23:10 53,248 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 08:23:10 12,800 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 08:23:14 473,600 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 04:38:58 2,676,224 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 08:23:10 145,920 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 08:23:10 159,232 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 08:23:14 364,544 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 08:23:12 178,176 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 08:23:14 223,232 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 07:53:06 2,846,720 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-05 11:32:54 563,712 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-18 09:23:14 567,296 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 07:15:56 576,000 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-22 09:21:34 577,024 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 06:11:52 577,536 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-05 09:20:50 577,536 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-02 23:40:48 578,560 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 03:27:50 578,560 ----a-w c:\windows\Microsoft.Net\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2008-12-20 18:52:05 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-26 21:26:30 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-20 18:52:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-26 21:26:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-20 18:52:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-26 21:26:30 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-02-05 11:45:26 2,222,800 ----a-w c:\windows\system32\d3dx9_24.dll
+ 2005-03-18 09:19:58 2,337,488 ----a-w c:\windows\system32\d3dx9_25.dll
+ 2005-05-26 07:34:52 2,297,552 ----a-w c:\windows\system32\d3dx9_26.dll
+ 2005-07-22 11:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
+ 2005-12-05 10:09:18 2,323,664 ----a-w c:\windows\system32\d3dx9_28.dll
+ 2006-02-03 00:43:16 2,332,368 ----a-w c:\windows\system32\d3dx9_29.dll
+ 2006-09-28 08:05:20 2,414,360 ----a-w c:\windows\system32\d3dx9_31.dll
+ 2006-11-29 05:06:18 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll
+ 2006-02-03 00:41:26 14,032 ----a-w c:\windows\system32\x3daudio1_0.dll
+ 2006-11-15 03:38:22 15,128 ----a-w c:\windows\system32\x3daudio1_1.dll
+ 2006-02-03 00:42:06 230,096 ----a-w c:\windows\system32\xactengine2_0.dll
+ 2006-03-31 04:39:48 229,584 ----a-w c:\windows\system32\xactengine2_1.dll
+ 2006-05-30 23:24:16 230,168 ----a-w c:\windows\system32\xactengine2_2.dll
+ 2006-07-28 01:30:32 236,824 ----a-w c:\windows\system32\xactengine2_3.dll
+ 2006-09-28 08:05:56 237,848 ----a-w c:\windows\system32\xactengine2_4.dll
+ 2006-12-08 04:02:00 251,672 ----a-w c:\windows\system32\xactengine2_5.dll
+ 2006-03-31 04:39:24 62,672 ----a-w c:\windows\system32\xinput1_1.dll
+ 2006-07-28 01:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll
+ 2006-09-28 08:04:02 68,888 ----a-w c:\windows\system32\xinput1_3.dll
+ 2005-12-05 10:07:30 61,136 ----a-w c:\windows\system32\xinput9_1_0.dll
+ 2008-12-26 21:26:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_690.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-12-15 14:41 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-20 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2005-11-21 1847296]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-27 73728]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-05-05 20480]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-03-09 90112]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-11-04 61440]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-09-27 125168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-19 136600]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-16 c:\windows\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 05:41 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2005-11-21 11:51 49152 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 18:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 05:42 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-10-09 21:54 289088 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJUPDNV_Chitose]
--a------ 2006-02-21 15:00 331776 c:\program files\Fujitsu\updnavi\updnavi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 05:22 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
--a------ 2005-02-26 04:20 68296 c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AgereModemAudio"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"EvtEng"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-02-21 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2005-09-23 28544]
R2 FlashDrv;FlashDrv;\??\c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [2008-10-05 7196]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-05 99376]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2008-10-05 17920]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2008-10-05 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\DRIVERS\hidpen.sys [2008-10-05 31104]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\DRIVERS\ozscr.sys [2006-03-07 92550]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\Drivers\FUJ02E1.sys [2006-05-12 6000]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5A.tmp []
S3 SavRoam;SAVRoam;"c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe" [2006-09-27 116464]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2006-05-11 14208]

*Newly Created Service* - SJUDQDEI
.
Contents of the 'Scheduled Tasks' folder

2008-12-26 c:\windows\Tasks\User_Feed_Synchronization-{B1616078-3513-4D7D-BAA0-1E1CC3CAFBBE}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 03:05]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Connection Wizard,ShellNext = hxxp://www.pc-ap.fujitsu.com/
uInternet Settings,ProxyServer = 137.99.11.86:3128
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kaushik\Application Data\Mozilla\Firefox\Profiles\40xan8tm.default\
FF - component: c:\documents and settings\Kaushik\Application Data\Mozilla\Firefox\Profiles\40xan8tm.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\program files\Mozilla Firefox\components\CheckTudouVa.dll
FF - plugin: c:\documents and settings\Kaushik\Application Data\Mozilla\Firefox\Profiles\40xan8tm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-27 05:26:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\program files\Softex\OmniPass\opxpgina.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\scardsvr.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\digtizer.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\o2flash.exe
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\tabbtnu.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\program files\Fingerprint Sensor\ATSwpNav.exe
c:\program files\Fujitsu\Utils\FjDspMon.exe
c:\program files\Fujitsu\Utils\FjEvents.exe
c:\program files\Fujitsu\Utils\FjMnuIco.exe
c:\windows\system32\igfxext.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-12-27 5:29:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-26 21:29:23
ComboFix2.txt 2008-12-20 19:15:57

Pre-Run: 3,090,038,784 bytes free
Post-Run: 3,298,852,864 bytes free

320 --- E O F --- 2008-12-18 17:54:37





MBAM:
Malwarebytes' Anti-Malware 1.31
Database version: 1551
Windows 5.1.2600 Service Pack 3

12/27/2008 5:43:52 AM
mbam-log-2008-12-27 (05-43-52).txt

Scan type: Quick Scan
Objects scanned: 56972
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





HijackThis:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Kaushik at 2008-12-27 05:45:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (16%) free of 20 GB
Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:07 AM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Kaushik\Desktop\RSIT.exe
C:\Program Files\trend micro\Kaushik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pc-ap.fujitsu.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 137.99.11.86:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223184219359
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10771 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{B1616078-3513-4D7D-BAA0-1E1CC3CAFBBE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2008-12-15 204248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2008-04-14 16384]
"TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2008-04-14 271872]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-31 761946]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-01-16 88365]
"ATSwpNav"=C:\Program Files\Fingerprint Sensor\ATSwpNav -run []
"OmniPass"=C:\Program Files\Softex\OmniPass\scureapp.exe [2005-11-21 1847296]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-03 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-03 118784]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2006-01-27 73728]
"FjStrtAp"=C:\Program Files\Fujitsu\Utils\FjStrtAp.exe [2006-05-05 20480]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2006-03-09 90112]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2005-11-04 61440]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-09-27 125168]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-19 136600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"LClock"=C:\Program Files\LClock\lclock.exe [2004-09-20 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-10-09 289088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FJUPDNV_Chitose]
C:\Program Files\Fujitsu\updnavi\updnavi.exe [2006-02-21 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe [2005-02-26 68296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AgereModemAudio"=2
"WMPNetworkSvc"=3
"S24EventMonitor"=2
"RegSrvc"=2
"EvtEng"=2
"WLSetupSvc"=3
"usnjsvc"=3
"gusvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-03 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2008-04-14 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2005-11-21 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2008-04-14 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2008-12-27 05:37:17 ----D---- C:\Documents and Settings\Kaushik\Application Data\Malwarebytes
2008-12-27 05:37:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-27 05:37:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-27 05:33:42 ----SHD---- C:\RECYCLER
2008-12-27 05:29:28 ----A---- C:\ComboFix.txt
2008-12-24 21:22:33 ----D---- C:\WINDOWS\Minidump
2008-12-24 00:02:44 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-24 00:02:44 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-24 00:02:43 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-24 00:02:43 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-24 00:02:42 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-24 00:02:42 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-24 00:02:41 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-24 00:02:41 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-24 00:02:39 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-24 00:02:37 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-24 00:02:35 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-24 00:02:12 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-24 00:02:12 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-24 00:02:11 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-24 00:02:09 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-24 00:02:08 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-24 00:02:07 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-24 00:02:05 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-24 00:02:04 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-24 00:01:59 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-24 00:01:11 ----D---- C:\Program Files\RealFlight G4 Demo
2008-12-24 00:01:11 ----D---- C:\Program Files\Common Files\KnifeEdge
2008-12-23 23:44:21 ----D---- C:\Program Files\Transcendental Technologies
2008-12-23 23:44:00 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-21 20:38:21 ----D---- C:\Program Files\ERUNT
2008-12-21 03:27:23 ----D---- C:\Program Files\trend micro
2008-12-21 03:27:22 ----D---- C:\rsit
2008-12-21 03:10:01 ----A---- C:\Boot.bak
2008-12-21 03:09:54 ----RASHD---- C:\cmdcons
2008-12-21 03:09:04 ----A---- C:\WINDOWS\zip.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\SWREG.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\sed.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\grep.exe
2008-12-21 03:09:04 ----A---- C:\WINDOWS\fdsv.exe
2008-12-21 03:09:03 ----A---- C:\WINDOWS\VFIND.exe
2008-12-21 03:09:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-21 03:09:03 ----A---- C:\WINDOWS\SWSC.exe
2008-12-21 03:08:57 ----D---- C:\WINDOWS\ERDNT
2008-12-21 03:08:57 ----D---- C:\Qoobox
2008-12-21 02:41:53 ----D---- C:\Program Files\Sophos
2008-12-21 02:16:40 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-20 17:36:08 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-12-20 17:20:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-20 17:20:23 ----D---- C:\Program Files\Spyware Doctor
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\java.exe
2008-12-19 04:11:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-19 01:54:26 ----D---- C:\WINDOWS\ie8updates
2008-12-12 21:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 21:41:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 21:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 21:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 18:58:07 ----HD---- C:\WINDOWS\PIF
2008-12-11 11:32:07 ----D---- C:\Documents and Settings\Kaushik\Application Data\Flickr
2008-12-11 11:31:45 ----D---- C:\Program Files\Flickr Uploadr
2008-11-29 03:31:52 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-11-29 03:31:51 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-11-29 01:51:30 ----A---- C:\WINDOWS\uninst.exe
2008-11-18 23:12:56 ----D---- C:\Documents and Settings\Kaushik\Application Data\Move Networks
2008-11-12 20:57:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 20:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 20:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-10 23:56:12 ----D---- C:\Documents and Settings\Kaushik\Application Data\Bullzip
2008-11-10 23:42:52 ----A---- C:\WINDOWS\system32\bzpdfc.dll
2008-11-10 23:42:52 ----A---- C:\WINDOWS\system32\bzFlRdr.dll
2008-11-10 23:42:52 ----A---- C:\WINDOWS\system32\bzDCT.dll
2008-11-10 23:42:49 ----A---- C:\WINDOWS\system32\bzpdf.dll
2008-11-10 23:42:44 ----D---- C:\Program Files\Bullzip
2008-11-08 08:48:06 ----D---- C:\Program Files\Common Files\xing shared
2008-11-08 08:48:00 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-08 08:47:56 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-11-08 08:47:56 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-11-08 08:47:54 ----D---- C:\Program Files\Real
2008-11-08 08:47:54 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-08 08:47:51 ----D---- C:\Program Files\Common Files\Real
2008-11-08 08:47:50 ----D---- C:\Documents and Settings\Kaushik\Application Data\Real
2008-11-02 21:51:04 ----D---- C:\Program Files\Hotspot Shield
2008-11-02 13:27:06 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-01 23:20:00 ----D---- C:\Program Files\Tudou
2008-10-29 06:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-29 06:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-29 06:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-29 06:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-29 06:35:56 ----A---- C:\WINDOWS\system32\DivX.dll

======List of files/folders modified in the last 2 months======

2008-12-27 05:37:16 ----D---- C:\WINDOWS\system32\drivers
2008-12-27 05:37:12 ----RD---- C:\Program Files
2008-12-27 05:34:25 ----D---- C:\WINDOWS\Temp
2008-12-27 05:33:42 ----D---- C:\WINDOWS\Prefetch
2008-12-27 05:29:30 ----D---- C:\WINDOWS\system32
2008-12-27 05:29:29 ----D---- C:\WINDOWS
2008-12-27 05:28:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-27 05:26:57 ----A---- C:\WINDOWS\system.ini
2008-12-27 05:24:41 ----D---- C:\WINDOWS\system32\config
2008-12-27 05:23:49 ----D---- C:\WINDOWS\AppPatch
2008-12-27 05:23:49 ----D---- C:\Program Files\Common Files
2008-12-27 05:21:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-27 05:16:24 ----SHD---- C:\WINDOWS\Installer
2008-12-27 05:16:21 ----D---- C:\Program Files\Java
2008-12-24 21:22:35 ----SHD---- C:\WINDOWS\CSC
2008-12-24 00:02:46 ----D---- C:\WINDOWS\system32\DirectX
2008-12-24 00:02:45 ----HD---- C:\WINDOWS\inf
2008-12-24 00:02:35 ----RSD---- C:\WINDOWS\assembly
2008-12-24 00:02:21 ----D---- C:\WINDOWS\Microsoft.Net
2008-12-21 03:10:01 ----RASH---- C:\boot.ini
2008-12-21 03:09:02 ----SHD---- C:\System Volume Information
2008-12-21 03:09:02 ----D---- C:\WINDOWS\system32\Restore
2008-12-20 17:22:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 03:44:10 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-19 01:54:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 01:54:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 17:13:22 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 21:59:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 21:41:50 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 11:31:51 ----D---- C:\WINDOWS\WinSxS
2008-12-11 04:22:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-11 03:23:14 ----D---- C:\Documents and Settings\Kaushik\Application Data\Adobe
2008-12-10 10:39:41 ----SD---- C:\Documents and Settings\Kaushik\Application Data\Microsoft
2008-12-10 09:04:12 ----D---- C:\WINDOWS\Help
2008-12-10 07:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-29 01:54:48 ----D---- C:\Documents and Settings\Kaushik\Application Data\Macromedia
2008-11-23 18:56:58 ----D---- C:\WINDOWS\network diagnostic
2008-11-19 01:33:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-18 15:22:35 ----D---- C:\Program Files\DivX
2008-11-13 11:46:23 ----D---- C:\WINDOWS\system32\Macromed
2008-11-10 13:42:08 ----D---- C:\Documents and Settings\Kaushik\Application Data\Skype
2008-11-10 13:33:53 ----D---- C:\Documents and Settings\Kaushik\Application Data\skypePM
2008-11-10 13:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-11-06 16:45:53 ----D---- C:\Program Files\EditPlus 2
2008-11-04 22:12:18 ----D---- C:\Documents and Settings\Kaushik\Application Data\Nokia

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 FlashDrv;FlashDrv; \??\C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-11-19 117874]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 Fjbtndrv;Fujitsu Button Driver; C:\WINDOWS\system32\DRIVERS\FjBtnDrv.sys [2006-03-29 17920]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidpen;Wacom Serial Pen HID MiniDriver; C:\WINDOWS\system32\DRIVERS\hidpen.sys [2004-08-02 31104]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-03 1353820]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081225.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081225.002\navex15.sys []
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2006-03-07 92550]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-21 1106952]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-08-07 12992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-08-07 110784]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-08-07 31936]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081214.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-08-07 28352]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-30 193056]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-27 1429632]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-12-08 243712]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-25 465952]
S3 FUJ02E1;%FUJ02E1.DeviceDesc%; C:\WINDOWS\System32\Drivers\FUJ02E1.sys [2001-09-07 6000]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\5A.tmp []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-14 22016]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2008-04-14 14208]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-07-19 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 Digitizer;Digitizer Service; C:\WINDOWS\System32\digtizer.exe [2006-03-27 61440]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-11-26 88024]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-09-27 87728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-19 152984]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-09-13 57344]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2005-11-21 32768]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-09-27 173744]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S4 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:56 AM

Posted 26 December 2008 - 05:25 PM

Good job. :thumbsup:

It looks good.
  • Also uninstall this Java:

    J2SE Runtime Environment 5.0 Update 6

  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

  • Remove RSIT and its folder (C:\rsit). Delete also any tool or fix we have used from your desktop. You may keep ATF-Cleaner and MBAM.

  • Tell me if you have any question before closing the topic.


#12 grinofadrunkwoman

grinofadrunkwoman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 26 December 2008 - 05:46 PM

Hi,
Thanks a lot for all the help.
Ive removed combofix, rsit etc as instructed

one final doubt:
there seems to be some application called Tudou. evident from my logs
FF - component: c:\program files\Mozilla Firefox\components\CheckTudouVa.dll
2008-11-01 15:36 --------- d-----w c:\program files\Tudou

the c:\program files\tudou folder was empty

tudou is a website i visited around a month back. i didnt install any software from them. however it shows that firefox has a component from them. is this an issue?

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:56 AM

Posted 26 December 2008 - 05:57 PM

Looks it is a video sharing site. Are you sure you have not watched any video there?

Anyway if you don't need it open Firefox, under Tools menu select Add-ons. Under Plugins tab see if Tudou or the dll is listed. Check also under Extensions tab to make sure. If present select it and click Disable. Then remove c:\program files\Mozilla Firefox\components\CheckTudouVa.dll

Please let me know how it went.

#14 grinofadrunkwoman

grinofadrunkwoman
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 26 December 2008 - 06:08 PM

i did visit the site around a month back to watch a video. but i didnt install any addon/extension
i also found no such extension/plugin listed in firefox
so i guess its a stray dll
as long as its not harmful im fine with it.. i rarely use firefox
thanks for all the help

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:56 AM

Posted 26 December 2008 - 06:25 PM

BTW this is the date that bad file (the one we removed) got to your computer:

2008-11-12 17:16

Norton didn't detected it until recently.

The CheckTudouVa.dll file was already on your computer more than 4 mounts before that: 2008-07-04
And I could not find anything bad about that site and the dll.

Do you have any question?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users