Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pls help me - no task manager/regeditor/safemode


  • This topic is locked This topic is locked
18 replies to this topic

#1 iamgood1986

iamgood1986

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 19 January 2009 - 07:56 PM

greetings!!

i have a problem with my PC. the symptoms are

1.cannot install any antivirus or firewall.
2.cannot boot in safe-mode. (PC restarts in middle of the loading process)
3.cannot open task manager. a message 'task manager has been disbled by your administrator' is displayed whenever i press ctrl+alt+del.

my pc has been showing these symptoms ever since a friend of mine plugged his flash drive into my PC. i tried formatting the PC but no use.
please help.

i made my first post in the 'Am I infected? What do I do?' forum. they did the max to help me but no use!! :thumbup2:

i was asked to use the following tools

1. Flash disinfector
2. Malwarebytes Anti-Malware
3. SD Fix
4. and finally DDS


below posted is the DDS log


DDS (Ver_09-01-18.01) - NTFSx86
Run by kiran at 6:13:11.42 on Tue 01/20/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.88 [GMT 5.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kiran\Desktop\dds.scr

============== Pseudo HJT Report ===============

uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RRT-Auto] c:\docume~1\kiran\locals~1\temp\rar$ex00.750\RRT ver3.0.exe auto
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
TCP: {8D8FA92C-ADC1-46CB-90F6-62C61A8C5F60} = 218.248.255.139 218.248.255.146

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kiran\applic~1\mozilla\firefox\profiles\g5r0jckx.default\
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

============= SERVICES / DRIVERS ===============

R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [2005-4-19 20352]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\jksvm.sys --> c:\windows\system32\drivers\jksvm.sys [?]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-8-4 18560]
S4 winser;winser;c:\windows\system32\winsersec.exe [2005-4-14 53248]

=============== Created Last 30 ================

2009-01-18 10:27 16,244 a------- c:\windows\system32\rrt_is.wav
2009-01-18 10:27 7,148 a------- c:\windows\system32\rrt_tv.wav
2009-01-18 10:27 6,282 a------- c:\windows\system32\rrt_tn.wav
2009-01-18 10:27 7,302 a------- c:\windows\system32\rrt_vf.wav
2009-01-18 09:41 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-17 22:11 <DIR> --d----- c:\windows\ERUNT
2009-01-16 22:37 <DIR> --d----- C:\SDFix
2009-01-14 14:13 <DIR> --d----- C:\AigoVideo
2009-01-14 14:12 749,568 a------- c:\windows\system32\SkinCrafterDll.dll
2009-01-14 14:12 719,872 a------- c:\windows\system32\devil.dll
2009-01-14 14:12 313,344 a------- c:\windows\system32\avisynth.dll
2009-01-14 14:12 <DIR> --d----- c:\program files\Aigo Video to MP4 Converter
2009-01-14 13:58 5,632 a------- c:\windows\system32\ptpusb.dll
2009-01-14 13:58 159,232 a------- c:\windows\system32\ptpusd.dll
2009-01-14 13:58 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-01-14 13:58 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-14 11:54 <DIR> a-dshr-- C:\autorun.inf
2009-01-12 13:26 <DIR> --d----- c:\program files\Trend Micro
2009-01-12 13:06 161,792 a------- c:\windows\SWREG.exe
2009-01-12 13:06 98,816 a------- c:\windows\sed.exe
2009-01-12 13:06 <DIR> --d----- C:\ComboFix
2009-01-12 10:43 <DIR> --d----- c:\docume~1\kiran\applic~1\Malwarebytes
2009-01-12 10:43 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-12 10:43 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 10:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 10:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-12 09:56 250 a------- c:\windows\gmer.ini
2009-01-12 09:49 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-01-12 09:36 <DIR> --d----- c:\program files\common files\xing shared
2009-01-12 09:35 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-12 09:35 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-12 09:35 <DIR> --d----- c:\program files\common files\Real
2009-01-11 19:51 121 a------- c:\windows\system32\REMOTEDEVICE.INI
2009-01-11 19:50 4,333 a------- c:\windows\system32\LOCALSERVICE.INI
2009-01-11 19:50 107 a------- c:\windows\system32\LOCALDEVICE.INI
2009-01-11 19:46 0 a------- c:\windows\system32\BSPRINT.INI
2009-01-11 19:46 <DIR> --d----- c:\program files\IVT Corporation
2009-01-11 19:46 32 a------- c:\windows\0
2009-01-11 19:46 0 a------- c:\windows\system32\0
2009-01-09 19:24 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-08 14:33 <DIR> --dshr-- C:\cmdcons
2009-01-08 14:33 <DIR> --d----- c:\windows\setup.pss
2009-01-07 23:56 1,172 a------- c:\windows\mozver.dat
2009-01-07 23:34 <DIR> --d----- c:\windows\pss
2009-01-07 23:08 267,862,016 a------- c:\windows\MEMORY.DMP
2009-01-07 21:11 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-01-07 21:11 13,753 a----r-- c:\windows\SET2C.tmp
2009-01-07 21:11 1,086,058 a----r-- c:\windows\SET20.tmp
2009-01-07 21:11 1,042,903 a----r-- c:\windows\SET1D.tmp
2009-01-07 21:07 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-01-07 21:06 57,472 a------- c:\windows\system32\drivers\redbook.sys
2009-01-07 21:06 4,274,816 a------- c:\windows\system32\nv4_disp.dll
2009-01-07 21:06 1,897,408 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-01-07 21:06 46,464 a------- c:\windows\system32\drivers\GAGP30KX.SYS
2009-01-07 21:05 <DIR> --d----- c:\program files\common files\ODBC
2009-01-07 21:05 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-07 21:04 <DIR> --d----- C:\Documents and Settings
2009-01-07 21:03 413 a------- c:\windows\system32\$winnt$.inf
2009-01-07 20:07 <DIR> --d----- c:\program files\VideoLAN
2009-01-07 19:54 <DIR> --d----- c:\program files\Yahoo!
2009-01-07 16:12 <DIR> --d----- c:\program files\ESET
2009-01-07 16:09 <DIR> --d----- c:\program files\security
2009-01-07 16:04 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-07 15:47 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-07 15:47 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-07 15:46 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-07 15:45 <DIR> --d----- c:\program files\Online Services
2009-01-07 15:45 <DIR> --d----- c:\program files\Messenger
2009-01-07 15:45 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-07 15:44 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-01-11 19:47 34,312 a------- c:\windows\system32\drivers\blueletaudio.sys
2009-01-07 17:53 22,720 a------- c:\windows\system32\emptyregdb.dat
2009-01-07 15:47 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 6:13:23.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 29 January 2009 - 05:27 PM

Hello Iamgood1986 and welcome to Bleeping Computer,

Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 iamgood1986

iamgood1986
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 30 January 2009 - 12:00 PM

i get the message tat the combofix has expired. and tat it can run only in reduced functionality mode. wat do i do?

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 31 January 2009 - 06:49 PM

Hello Iamgood1986,

That should be fixed by now.
The new version (you can download it to replace the old one) should run normally. :thumbup2:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 iamgood1986

iamgood1986
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 01 February 2009 - 03:04 AM

heres the combo fix log

ComboFix 09-01-31.01 - kiran 2009-02-01 13:27:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.86 [GMT 5.5:30]
Running from: c:\documents and settings\kiran\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-01-31 19:55 . 2009-01-31 19:55 <DIR> d-------- c:\program files\TRELLIAN
2009-01-26 11:55 . 2009-01-26 11:55 <DIR> d-------- C:\EmergencyUtils
2009-01-22 17:14 . 2009-01-31 12:16 129 --a------ c:\windows\iridium.ini
2009-01-22 17:08 . 2009-01-22 17:08 <DIR> d-------- c:\program files\VVSN
2009-01-22 17:08 . 2009-01-22 17:08 <DIR> d-------- c:\program files\DAEMON Tools
2009-01-22 17:08 . 2009-01-22 17:08 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-01-22 17:06 . 2009-01-22 17:06 664,064 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 17:06 . 2009-01-22 17:06 96,256 --a------ c:\windows\system32\drivers\sptd3213.sys
2009-01-22 16:44 . 2009-01-22 16:44 <DIR> d-------- c:\program files\PowerISO
2009-01-22 07:50 . 2009-01-22 07:50 624 --a------ c:\windows\system32\SHORTCUT.INI
2009-01-22 07:50 . 2009-01-26 22:27 121 --a------ c:\windows\system32\REMOTEDEVICE.INI
2009-01-22 07:47 . 2009-02-01 13:29 4,555 --a------ c:\windows\system32\LOCALSERVICE.INI
2009-01-22 07:47 . 2009-02-01 13:29 107 --a------ c:\windows\system32\LOCALDEVICE.INI
2009-01-22 07:47 . 2009-01-22 07:47 0 --a------ c:\windows\system32\BSPRINT.INI
2009-01-22 07:23 . 2009-01-22 07:23 <DIR> d-------- c:\program files\uTorrent
2009-01-22 07:23 . 2009-01-22 07:34 <DIR> d-------- c:\documents and settings\kiran\Application Data\uTorrent
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\program files\River Past
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\program files\Common Files\River Past
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\documents and settings\kiran\Application Data\River Past G5
2009-01-20 19:59 . 2009-01-20 20:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\River Past G5
2009-01-20 19:59 . 2009-01-20 19:59 162,567 --a------ c:\windows\Screen Recorder Pro Uninstaller.exe
2009-01-18 10:27 . 2009-01-18 10:27 16,244 --a------ c:\windows\system32\rrt_is.wav
2009-01-18 10:27 . 2009-01-18 10:27 7,302 --a------ c:\windows\system32\rrt_vf.wav
2009-01-18 10:27 . 2009-01-18 10:27 7,148 --a------ c:\windows\system32\rrt_tv.wav
2009-01-18 10:27 . 2009-01-18 10:27 6,282 --a------ c:\windows\system32\rrt_tn.wav
2009-01-18 09:41 . 2009-01-18 09:45 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-18 09:08 . 2009-01-18 09:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-17 22:11 . 2009-01-17 22:11 <DIR> d-------- c:\windows\ERUNT
2009-01-17 19:02 . 2009-01-17 19:02 <DIR> d-------- c:\documents and settings\kiran\Application Data\dvdcss
2009-01-16 23:14 . 2009-01-16 23:14 <DIR> d-------- c:\documents and settings\Administrator
2009-01-16 22:37 . 2009-01-31 11:12 <DIR> d-------- C:\SDFix
2009-01-14 14:13 . 2009-01-14 14:13 <DIR> d-------- C:\AigoVideo
2009-01-14 14:12 . 2009-01-14 14:12 <DIR> d-------- c:\program files\Aigo Video to MP4 Converter
2009-01-14 14:12 . 2007-05-03 00:36 749,568 --a------ c:\windows\system32\SkinCrafterDll.dll
2009-01-14 14:12 . 2006-11-07 11:22 719,872 --a------ c:\windows\system32\devil.dll
2009-01-14 14:12 . 2006-04-22 15:32 313,344 --a------ c:\windows\system32\avisynth.dll
2009-01-14 13:58 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-14 13:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-14 13:58 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-14 13:58 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-12 13:48 . 2009-01-12 13:48 <DIR> d-------- C:\rsit
2009-01-12 13:26 . 2009-01-12 13:26 <DIR> d-------- c:\program files\Trend Micro
2009-01-12 10:43 . 2009-01-28 14:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 10:43 . 2009-01-12 10:43 <DIR> d-------- c:\documents and settings\kiran\Application Data\Malwarebytes
2009-01-12 10:43 . 2009-01-12 10:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-12 10:43 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 10:43 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-12 09:56 . 2009-01-31 15:39 250 --a------ c:\windows\gmer.ini
2009-01-12 09:49 . 2009-01-12 09:49 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-12 09:36 . 2009-01-12 09:36 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-12 09:35 . 2009-01-12 09:35 <DIR> d-------- c:\program files\Real
2009-01-12 09:35 . 2009-01-12 09:35 <DIR> d-------- c:\program files\Common Files\Real
2009-01-12 09:35 . 2009-01-12 09:35 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-01-12 09:35 . 2009-01-12 09:35 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-01-11 19:46 . 2009-01-11 19:47 <DIR> d-------- c:\program files\IVT Corporation
2009-01-11 19:46 . 2009-01-22 07:47 32 --a------ c:\windows\0
2009-01-11 19:46 . 2009-01-11 19:46 0 --a------ c:\windows\system32\0
2009-01-09 19:24 . 2009-01-09 19:24 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-07 23:56 . 2009-01-07 23:56 1,172 --a------ c:\windows\mozver.dat
2009-01-07 23:08 . 2009-01-26 11:56 267,837,440 --a------ c:\windows\MEMORY.DMP
2009-01-07 21:11 . 2009-01-12 13:09 <DIR> d--h----- c:\documents and settings\Default User
2009-01-07 21:11 . 2009-01-07 15:45 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-07 21:11 . 2009-01-07 15:47 <DIR> d-------- c:\documents and settings\All Users
2009-01-07 21:11 . 2004-08-04 17:30 1,086,058 -ra------ c:\windows\SET20.tmp
2009-01-07 21:11 . 2004-08-04 17:30 1,042,903 -ra------ c:\windows\SET1D.tmp
2009-01-07 21:11 . 2004-08-04 17:30 13,753 -ra------ c:\windows\SET2C.tmp
2009-01-07 21:07 . 2001-08-17 19:29 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-07 21:06 . 2004-08-04 06:26 4,274,816 --a------ c:\windows\system32\nv4_disp.dll
2009-01-07 21:06 . 2004-08-04 03:59 1,897,408 --a------ c:\windows\system32\drivers\nv4_mini.sys
2009-01-07 21:06 . 2004-08-04 04:29 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-07 21:06 . 2004-08-04 04:37 46,464 --a------ c:\windows\system32\drivers\GAGP30KX.SYS
2009-01-07 21:04 . 2009-01-16 23:14 <DIR> d-------- C:\Documents and Settings
2009-01-07 21:03 . 2009-01-07 17:57 413 --a------ c:\windows\system32\$winnt$.inf
2009-01-07 19:55 . 2009-01-07 19:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 05:17 --------- d-----w c:\program files\security
2009-01-22 02:17 34,312 ----a-w c:\windows\system32\drivers\blueletaudio.sys
2009-01-18 03:24 --------- d-----w c:\program files\ESET
2009-01-09 17:46 --------- d-----w c:\program files\Common Files\Adobe
2009-01-07 14:39 --------- d-----w c:\documents and settings\kiran\Application Data\vlc
2009-01-07 14:37 --------- d-----w c:\program files\VideoLAN
2009-01-07 14:24 --------- d-----w c:\program files\Yahoo!
2009-01-07 10:34 --------- d-----w c:\program files\MSXML 4.0
2009-01-07 10:28 --------- d-----w c:\documents and settings\kiran\Application Data\InterTrust
2009-01-07 10:18 --------- d-----w c:\program files\microsoft frontpage
2009-01-09 17:35 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-09 17:35 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-09 17:35 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-09 17:35 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-09 17:35 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2009-01-18 3883008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-18 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2009-01-22 07:47 335958 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-09 03:30 128920 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 05:35 282624 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
--a------ 2005-10-25 09:56 185344 c:\program files\VVSN\VVSN.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\sdaemon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ymsgr_tray.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BtTray.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\SDFix\\apps\\isadmin.exe"=
"c:\\SDFix\\apps\\zip.exe"=
"c:\\SDFix\\apps\\Process.exe"=
"c:\\SDFix\\apps\\sc.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE"=
"c:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=

R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [2005-04-19 20352]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\jksvm.sys --> c:\windows\system32\drivers\jksvm.sys [?]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-04 18560]
S4 winser;winser;c:\windows\system32\winsersec.exe [2005-04-14 122880]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12f465ed-dcc6-11dd-85c3-0011d8b0c44d}]
\Shell\AutopLAy\commAnd - H:\xfual.pif
\Shell\AutoRun\command - H:\xfual.pif
\Shell\Explore\CoMMANd - H:\xfual.pif
\Shell\opEN\COMmAND - H:\xfual.pif
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-IridiumTimeWizard - c:\documents and settings\kiran\Desktop\iridium.exe
MSConfigStartUp-IridiumTimeWizard - i:\\iridium.exe
MSConfigStartUp-RRT-Auto - c:\docume~1\kiran\LOCALS~1\Temp\Rar$EX00.750\RRT ver3.0.exe


.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\kiran\Application Data\Mozilla\Firefox\Profiles\g5r0jckx.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 13:29:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-01 13:30:39 - machine was rebooted [kiran]
ComboFix-quarantined-files.txt 2009-02-01 08:00:36

Pre-Run: 17,140,256,768 bytes free
Post-Run: 17,150,001,152 bytes free

218

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 02 February 2009 - 05:20 AM

Hello Iamgood1986,

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
c:\windows\system32\drivers\jksvm.sys
H:\xfual.pif
Driver::
asc3360pr
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12f465ed-dcc6-11dd-85c3-0011d8b0c44d}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 iamgood1986

iamgood1986
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 02 February 2009 - 09:55 AM

I still cannot open task manager and regedit :thumbup2:

Combo Fix Log

ComboFix 09-01-31.01 - kiran 2009-02-02 20:03:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.110 [GMT 5.5:30]
Running from: c:\documents and settings\kiran\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kiran\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\drivers\jksvm.sys
H:\xfual.pif
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))))
.

2009-01-31 19:55 . 2009-01-31 19:55 <DIR> d-------- c:\program files\TRELLIAN
2009-01-26 11:55 . 2009-01-26 11:55 <DIR> d-------- C:\EmergencyUtils
2009-01-22 17:14 . 2009-01-31 12:16 129 --a------ c:\windows\iridium.ini
2009-01-22 17:08 . 2009-01-22 17:08 <DIR> d-------- c:\program files\VVSN
2009-01-22 17:08 . 2009-01-22 17:08 <DIR> d-------- c:\program files\DAEMON Tools
2009-01-22 17:08 . 2009-01-22 17:08 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-01-22 17:06 . 2009-01-22 17:06 664,064 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 17:06 . 2009-01-22 17:06 96,256 --a------ c:\windows\system32\drivers\sptd3213.sys
2009-01-22 16:44 . 2009-01-22 16:44 <DIR> d-------- c:\program files\PowerISO
2009-01-22 07:50 . 2009-01-22 07:50 624 --a------ c:\windows\system32\SHORTCUT.INI
2009-01-22 07:50 . 2009-01-26 22:27 121 --a------ c:\windows\system32\REMOTEDEVICE.INI
2009-01-22 07:47 . 2009-02-02 20:06 4,550 --a------ c:\windows\system32\LOCALSERVICE.INI
2009-01-22 07:47 . 2009-02-02 20:06 107 --a------ c:\windows\system32\LOCALDEVICE.INI
2009-01-22 07:47 . 2009-01-22 07:47 0 --a------ c:\windows\system32\BSPRINT.INI
2009-01-22 07:23 . 2009-01-22 07:23 <DIR> d-------- c:\program files\uTorrent
2009-01-22 07:23 . 2009-01-22 07:34 <DIR> d-------- c:\documents and settings\kiran\Application Data\uTorrent
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\program files\River Past
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\program files\Common Files\River Past
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\documents and settings\kiran\Application Data\River Past G5
2009-01-20 19:59 . 2009-01-20 20:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\River Past G5
2009-01-20 19:59 . 2009-01-20 19:59 162,567 --a------ c:\windows\Screen Recorder Pro Uninstaller.exe
2009-01-18 10:27 . 2009-01-18 10:27 16,244 --a------ c:\windows\system32\rrt_is.wav
2009-01-18 10:27 . 2009-01-18 10:27 7,302 --a------ c:\windows\system32\rrt_vf.wav
2009-01-18 10:27 . 2009-01-18 10:27 7,148 --a------ c:\windows\system32\rrt_tv.wav
2009-01-18 10:27 . 2009-01-18 10:27 6,282 --a------ c:\windows\system32\rrt_tn.wav
2009-01-18 09:41 . 2009-01-18 09:45 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-18 09:08 . 2009-01-18 09:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-17 22:11 . 2009-01-17 22:11 <DIR> d-------- c:\windows\ERUNT
2009-01-17 19:02 . 2009-01-17 19:02 <DIR> d-------- c:\documents and settings\kiran\Application Data\dvdcss
2009-01-16 23:14 . 2009-01-16 23:14 <DIR> d-------- c:\documents and settings\Administrator
2009-01-16 22:37 . 2009-01-31 11:12 <DIR> d-------- C:\SDFix
2009-01-14 14:13 . 2009-01-14 14:13 <DIR> d-------- C:\AigoVideo
2009-01-14 14:12 . 2009-01-14 14:12 <DIR> d-------- c:\program files\Aigo Video to MP4 Converter
2009-01-14 14:12 . 2007-05-03 00:36 749,568 --a------ c:\windows\system32\SkinCrafterDll.dll
2009-01-14 14:12 . 2006-11-07 11:22 719,872 --a------ c:\windows\system32\devil.dll
2009-01-14 14:12 . 2006-04-22 15:32 313,344 --a------ c:\windows\system32\avisynth.dll
2009-01-14 13:58 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-14 13:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-14 13:58 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-14 13:58 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-12 13:48 . 2009-01-12 13:48 <DIR> d-------- C:\rsit
2009-01-12 13:26 . 2009-01-12 13:26 <DIR> d-------- c:\program files\Trend Micro
2009-01-12 10:43 . 2009-01-28 14:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 10:43 . 2009-01-12 10:43 <DIR> d-------- c:\documents and settings\kiran\Application Data\Malwarebytes
2009-01-12 10:43 . 2009-01-12 10:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-12 10:43 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 10:43 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-12 09:56 . 2009-01-31 15:39 250 --a------ c:\windows\gmer.ini
2009-01-12 09:49 . 2009-01-12 09:49 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-12 09:36 . 2009-01-12 09:36 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-12 09:35 . 2009-01-12 09:35 <DIR> d-------- c:\program files\Real
2009-01-12 09:35 . 2009-01-12 09:35 <DIR> d-------- c:\program files\Common Files\Real
2009-01-12 09:35 . 2009-01-12 09:35 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-01-12 09:35 . 2009-01-12 09:35 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-01-11 19:46 . 2009-01-11 19:47 <DIR> d-------- c:\program files\IVT Corporation
2009-01-11 19:46 . 2009-01-22 07:47 32 --a------ c:\windows\0
2009-01-11 19:46 . 2009-01-11 19:46 0 --a------ c:\windows\system32\0
2009-01-09 19:24 . 2009-01-09 19:24 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-07 23:56 . 2009-01-07 23:56 1,172 --a------ c:\windows\mozver.dat
2009-01-07 23:08 . 2009-01-26 11:56 267,837,440 --a------ c:\windows\MEMORY.DMP
2009-01-07 21:11 . 2009-01-12 13:09 <DIR> d--h----- c:\documents and settings\Default User
2009-01-07 21:11 . 2009-01-07 15:45 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-07 21:11 . 2009-01-07 15:47 <DIR> d-------- c:\documents and settings\All Users
2009-01-07 21:11 . 2004-08-04 17:30 1,086,058 -ra------ c:\windows\SET20.tmp
2009-01-07 21:11 . 2004-08-04 17:30 1,042,903 -ra------ c:\windows\SET1D.tmp
2009-01-07 21:11 . 2004-08-04 17:30 13,753 -ra------ c:\windows\SET2C.tmp
2009-01-07 21:07 . 2001-08-17 19:29 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-07 21:06 . 2004-08-04 06:26 4,274,816 --a------ c:\windows\system32\nv4_disp.dll
2009-01-07 21:06 . 2004-08-04 03:59 1,897,408 --a------ c:\windows\system32\drivers\nv4_mini.sys
2009-01-07 21:06 . 2004-08-04 04:29 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-07 21:06 . 2004-08-04 04:37 46,464 --a------ c:\windows\system32\drivers\GAGP30KX.SYS
2009-01-07 21:04 . 2009-01-16 23:14 <DIR> d-------- C:\Documents and Settings
2009-01-07 21:03 . 2009-01-07 17:57 413 --a------ c:\windows\system32\$winnt$.inf
2009-01-07 19:55 . 2009-01-07 19:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 05:17 --------- d-----w c:\program files\security
2009-01-22 02:17 34,312 ----a-w c:\windows\system32\drivers\blueletaudio.sys
2009-01-18 03:24 --------- d-----w c:\program files\ESET
2009-01-09 17:46 --------- d-----w c:\program files\Common Files\Adobe
2009-01-07 14:39 --------- d-----w c:\documents and settings\kiran\Application Data\vlc
2009-01-07 14:37 --------- d-----w c:\program files\VideoLAN
2009-01-07 14:24 --------- d-----w c:\program files\Yahoo!
2009-01-07 10:34 --------- d-----w c:\program files\MSXML 4.0
2009-01-07 10:28 --------- d-----w c:\documents and settings\kiran\Application Data\InterTrust
2009-01-07 10:18 --------- d-----w c:\program files\microsoft frontpage
2009-01-09 17:35 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-09 17:35 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-09 17:35 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-09 17:35 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-09 17:35 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2009-02-01_13.30.11.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-02 14:36:33 16,384 ----atw c:\windows\temp\Perflib_Perfdata_90c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-18 3883008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-18 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2009-01-22 07:47 335958 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-09 03:30 128920 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 05:35 282624 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
--a------ 2005-10-25 09:56 185344 c:\program files\VVSN\VVSN.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\sdaemon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ymsgr_tray.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BtTray.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\SDFix\\apps\\isadmin.exe"=
"c:\\SDFix\\apps\\zip.exe"=
"c:\\SDFix\\apps\\Process.exe"=
"c:\\SDFix\\apps\\sc.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE"=
"c:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=

R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [2005-04-19 20352]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\jksvm.sys --> c:\windows\system32\drivers\jksvm.sys [?]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-04 18560]
S4 winser;winser;c:\windows\system32\winsersec.exe [2005-04-14 122880]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\kiran\Application Data\Mozilla\Firefox\Profiles\g5r0jckx.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 20:06:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\kiran\LOCALS~1\Temp\winsdjotf.exe 171520 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-02 20:07:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-02 14:37:22
ComboFix2.txt 2009-02-01 08:00:40

Pre-Run: 17,111,752,704 bytes free
Post-Run: 17,132,445,696 bytes free

220

---------------------------------------------------------------------------

DDS log


DDS (Ver_09-01-18.01) - NTFSx86
Run by kiran at 20:09:28.62 on Mon 02/02/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.91 [GMT 5.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kiran\Desktop\dds.scr

============== Pseudo HJT Report ===============

uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kiran\applic~1\mozilla\firefox\profiles\g5r0jckx.default\
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

============= SERVICES / DRIVERS ===============

R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [2005-4-19 20352]
R4 asc3360pr;asc3360pr; [x]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-8-4 18560]
S4 winser;winser;c:\windows\system32\winsersec.exe [2005-4-14 122880]

=============== Created Last 30 ================

2009-02-02 20:03 <DIR> --d----- C:\ComboFix
2009-02-01 13:05 286,720 a------- c:\windows\SWREG.exe
2009-02-01 13:05 98,816 a------- c:\windows\sed.exe
2009-01-31 19:55 <DIR> --d----- c:\program files\TRELLIAN
2009-01-26 11:55 <DIR> --d----- C:\EmergencyUtils
2009-01-22 17:14 129 a------- c:\windows\iridium.ini
2009-01-22 17:08 <DIR> --d----- c:\program files\VVSN
2009-01-22 17:08 223,128 a------- c:\windows\system32\drivers\dtscsi.sys
2009-01-22 17:08 <DIR> --d----- c:\program files\DAEMON Tools
2009-01-22 17:06 664,064 a------- c:\windows\system32\drivers\sptd.sys
2009-01-22 17:06 96,256 a------- c:\windows\system32\drivers\sptd3213.sys
2009-01-22 16:44 <DIR> --d----- c:\program files\PowerISO
2009-01-22 07:50 624 a------- c:\windows\system32\SHORTCUT.INI
2009-01-22 07:50 121 a------- c:\windows\system32\REMOTEDEVICE.INI
2009-01-22 07:47 4,550 a------- c:\windows\system32\LOCALSERVICE.INI
2009-01-22 07:47 107 a------- c:\windows\system32\LOCALDEVICE.INI
2009-01-22 07:47 0 a------- c:\windows\system32\BSPRINT.INI
2009-01-22 07:23 <DIR> --d----- c:\program files\uTorrent
2009-01-22 07:23 <DIR> --d----- c:\docume~1\kiran\applic~1\uTorrent
2009-01-20 19:59 162,567 a------- c:\windows\Screen Recorder Pro Uninstaller.exe
2009-01-20 19:59 <DIR> --d----- c:\program files\River Past
2009-01-20 19:59 <DIR> --d----- c:\program files\common files\River Past
2009-01-20 19:59 <DIR> --d----- c:\docume~1\kiran\applic~1\River Past G5
2009-01-20 19:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\River Past G5
2009-01-18 10:27 16,244 a------- c:\windows\system32\rrt_is.wav
2009-01-18 10:27 7,148 a------- c:\windows\system32\rrt_tv.wav
2009-01-18 10:27 6,282 a------- c:\windows\system32\rrt_tn.wav
2009-01-18 10:27 7,302 a------- c:\windows\system32\rrt_vf.wav
2009-01-18 09:41 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-17 22:11 <DIR> --d----- c:\windows\ERUNT
2009-01-16 22:37 <DIR> --d----- C:\SDFix
2009-01-14 14:13 <DIR> --d----- C:\AigoVideo
2009-01-14 14:12 749,568 a------- c:\windows\system32\SkinCrafterDll.dll
2009-01-14 14:12 719,872 a------- c:\windows\system32\devil.dll
2009-01-14 14:12 313,344 a------- c:\windows\system32\avisynth.dll
2009-01-14 14:12 <DIR> --d----- c:\program files\Aigo Video to MP4 Converter
2009-01-14 13:58 5,632 a------- c:\windows\system32\ptpusb.dll
2009-01-14 13:58 159,232 a------- c:\windows\system32\ptpusd.dll
2009-01-14 13:58 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-01-14 13:58 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-14 11:54 <DIR> a-dshr-- C:\autorun.inf
2009-01-12 13:26 <DIR> --d----- c:\program files\Trend Micro
2009-01-12 10:43 <DIR> --d----- c:\docume~1\kiran\applic~1\Malwarebytes
2009-01-12 10:43 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-12 10:43 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 10:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 10:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-12 09:56 250 a------- c:\windows\gmer.ini
2009-01-12 09:49 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-01-12 09:36 <DIR> --d----- c:\program files\common files\xing shared
2009-01-12 09:35 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-12 09:35 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-12 09:35 <DIR> --d----- c:\program files\common files\Real
2009-01-11 19:46 <DIR> --d----- c:\program files\IVT Corporation
2009-01-11 19:46 32 a------- c:\windows\0
2009-01-11 19:46 0 a------- c:\windows\system32\0
2009-01-09 19:24 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-08 14:33 <DIR> --dshr-- C:\cmdcons
2009-01-08 14:33 <DIR> --d----- c:\windows\setup.pss
2009-01-07 23:56 1,172 a------- c:\windows\mozver.dat
2009-01-07 23:34 <DIR> --d----- c:\windows\pss
2009-01-07 23:08 267,837,440 a------- c:\windows\MEMORY.DMP
2009-01-07 21:11 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-01-07 21:11 13,753 a----r-- c:\windows\SET2C.tmp
2009-01-07 21:11 1,086,058 a----r-- c:\windows\SET20.tmp
2009-01-07 21:11 1,042,903 a----r-- c:\windows\SET1D.tmp
2009-01-07 21:07 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-01-07 21:06 57,472 a------- c:\windows\system32\drivers\redbook.sys
2009-01-07 21:06 4,274,816 a------- c:\windows\system32\nv4_disp.dll
2009-01-07 21:06 1,897,408 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-01-07 21:06 46,464 a------- c:\windows\system32\drivers\GAGP30KX.SYS
2009-01-07 21:05 <DIR> --d----- c:\program files\common files\ODBC
2009-01-07 21:05 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-07 21:04 <DIR> --d----- C:\Documents and Settings
2009-01-07 21:03 413 a------- c:\windows\system32\$winnt$.inf
2009-01-07 20:07 <DIR> --d----- c:\program files\VideoLAN
2009-01-07 19:54 <DIR> --d----- c:\program files\Yahoo!
2009-01-07 16:12 <DIR> --d----- c:\program files\ESET
2009-01-07 16:09 <DIR> --d----- c:\program files\security
2009-01-07 16:04 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-07 15:47 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-07 15:47 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-07 15:46 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-07 15:45 <DIR> --d----- c:\program files\Online Services
2009-01-07 15:45 <DIR> --d----- c:\program files\Messenger
2009-01-07 15:45 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-07 15:44 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-01-22 07:47 34,312 a------- c:\windows\system32\drivers\blueletaudio.sys
2009-01-07 17:53 22,720 a------- c:\windows\system32\emptyregdb.dat
2009-01-07 15:47 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 20:09:34.29 ===============

Attached Files



#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 02 February 2009 - 11:07 AM

Hello Iamgood1986,

Looks like we'll need another run :

Download SafeBootKeyRepair.exe by sUBs and save it to your Desktop.

Double-click SafeBootKeyRepair.exe to run it.
Follow any prompts that may appear then post the log it produces.
Reboot your system.

Then, open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
c:\windows\system32\drivers\jksvm.sys
c:\docume~1\kiran\LOCALS~1\Temp\winsdjotf.exe
Driver::
asc3360pr
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)
"DisableRegistryTools"= 0 (0x0)

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 iamgood1986

iamgood1986
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 04 February 2009 - 01:24 PM

Still the same

safe boot log

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC
------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix Log

ComboFix 09-01-31.01 - kiran 2009-02-03 13:28:28.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.86 [GMT 5.5:30]
Running from: c:\documents and settings\kiran\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kiran\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\kiran\LOCALS~1\Temp\winsdjotf.exe
c:\windows\system32\drivers\jksvm.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-03 12:00 . 2008-12-25 10:58 953,767,122 --a------ C:\MVI_8032.AVI
2009-01-31 19:55 . 2009-01-31 19:55 <DIR> d-------- c:\program files\TRELLIAN
2009-01-26 11:55 . 2009-01-26 11:55 <DIR> d-------- C:\EmergencyUtils
2009-01-22 17:14 . 2009-01-31 12:16 129 --a------ c:\windows\iridium.ini
2009-01-22 17:08 . 2009-01-22 17:08 <DIR> d-------- c:\program files\VVSN
2009-01-22 17:08 . 2009-01-22 17:08 <DIR> d-------- c:\program files\DAEMON Tools
2009-01-22 17:08 . 2009-01-22 17:08 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-01-22 17:06 . 2009-01-22 17:06 664,064 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 17:06 . 2009-01-22 17:06 96,256 --a------ c:\windows\system32\drivers\sptd3213.sys
2009-01-22 16:44 . 2009-01-22 16:44 <DIR> d-------- c:\program files\PowerISO
2009-01-22 07:50 . 2009-01-22 07:50 624 --a------ c:\windows\system32\SHORTCUT.INI
2009-01-22 07:50 . 2009-01-26 22:27 121 --a------ c:\windows\system32\REMOTEDEVICE.INI
2009-01-22 07:47 . 2009-02-03 13:30 4,549 --a------ c:\windows\system32\LOCALSERVICE.INI
2009-01-22 07:47 . 2009-02-03 13:30 107 --a------ c:\windows\system32\LOCALDEVICE.INI
2009-01-22 07:47 . 2009-01-22 07:47 0 --a------ c:\windows\system32\BSPRINT.INI
2009-01-22 07:23 . 2009-01-22 07:23 <DIR> d-------- c:\program files\uTorrent
2009-01-22 07:23 . 2009-01-22 07:34 <DIR> d-------- c:\documents and settings\kiran\Application Data\uTorrent
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\program files\River Past
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\program files\Common Files\River Past
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\documents and settings\kiran\Application Data\River Past G5
2009-01-20 19:59 . 2009-01-20 20:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\River Past G5
2009-01-20 19:59 . 2009-01-20 19:59 162,567 --a------ c:\windows\Screen Recorder Pro Uninstaller.exe
2009-01-18 10:27 . 2009-01-18 10:27 16,244 --a------ c:\windows\system32\rrt_is.wav
2009-01-18 10:27 . 2009-01-18 10:27 7,302 --a------ c:\windows\system32\rrt_vf.wav
2009-01-18 10:27 . 2009-01-18 10:27 7,148 --a------ c:\windows\system32\rrt_tv.wav
2009-01-18 10:27 . 2009-01-18 10:27 6,282 --a------ c:\windows\system32\rrt_tn.wav
2009-01-18 09:41 . 2009-01-18 09:45 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-18 09:08 . 2009-01-18 09:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-17 22:11 . 2009-01-17 22:11 <DIR> d-------- c:\windows\ERUNT
2009-01-17 19:02 . 2009-01-17 19:02 <DIR> d-------- c:\documents and settings\kiran\Application Data\dvdcss
2009-01-16 23:14 . 2009-01-16 23:14 <DIR> d-------- c:\documents and settings\Administrator
2009-01-16 22:37 . 2009-01-31 11:12 <DIR> d-------- C:\SDFix
2009-01-14 14:13 . 2009-01-14 14:13 <DIR> d-------- C:\AigoVideo
2009-01-14 14:12 . 2009-01-14 14:12 <DIR> d-------- c:\program files\Aigo Video to MP4 Converter
2009-01-14 14:12 . 2007-05-03 00:36 749,568 --a------ c:\windows\system32\SkinCrafterDll.dll
2009-01-14 14:12 . 2006-11-07 11:22 719,872 --a------ c:\windows\system32\devil.dll
2009-01-14 14:12 . 2006-04-22 15:32 313,344 --a------ c:\windows\system32\avisynth.dll
2009-01-14 13:58 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-14 13:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-14 13:58 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-14 13:58 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-12 13:48 . 2009-01-12 13:48 <DIR> d-------- C:\rsit
2009-01-12 13:26 . 2009-01-12 13:26 <DIR> d-------- c:\program files\Trend Micro
2009-01-12 10:43 . 2009-01-28 14:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 10:43 . 2009-01-12 10:43 <DIR> d-------- c:\documents and settings\kiran\Application Data\Malwarebytes
2009-01-12 10:43 . 2009-01-12 10:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-12 10:43 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 10:43 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-12 09:56 . 2009-02-03 00:19 250 --a------ c:\windows\gmer.ini
2009-01-12 09:49 . 2009-01-12 09:49 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-12 09:36 . 2009-01-12 09:36 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-12 09:35 . 2009-01-12 09:35 <DIR> d-------- c:\program files\Real
2009-01-12 09:35 . 2009-01-12 09:35 <DIR> d-------- c:\program files\Common Files\Real
2009-01-12 09:35 . 2009-01-12 09:35 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-01-12 09:35 . 2009-01-12 09:35 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-01-11 19:46 . 2009-01-11 19:47 <DIR> d-------- c:\program files\IVT Corporation
2009-01-11 19:46 . 2009-01-22 07:47 32 --a------ c:\windows\0
2009-01-11 19:46 . 2009-01-11 19:46 0 --a------ c:\windows\system32\0
2009-01-09 19:24 . 2009-01-09 19:24 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-07 23:56 . 2009-01-07 23:56 1,172 --a------ c:\windows\mozver.dat
2009-01-07 23:08 . 2009-01-26 11:56 267,837,440 --a------ c:\windows\MEMORY.DMP
2009-01-07 21:11 . 2009-01-12 13:09 <DIR> d--h----- c:\documents and settings\Default User
2009-01-07 21:11 . 2009-01-07 15:45 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-07 21:11 . 2009-01-07 15:47 <DIR> d-------- c:\documents and settings\All Users
2009-01-07 21:11 . 2004-08-04 17:30 1,086,058 -ra------ c:\windows\SET20.tmp
2009-01-07 21:11 . 2004-08-04 17:30 1,042,903 -ra------ c:\windows\SET1D.tmp
2009-01-07 21:11 . 2004-08-04 17:30 13,753 -ra------ c:\windows\SET2C.tmp
2009-01-07 21:07 . 2001-08-17 19:29 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-07 21:06 . 2004-08-04 06:26 4,274,816 --a------ c:\windows\system32\nv4_disp.dll
2009-01-07 21:06 . 2004-08-04 03:59 1,897,408 --a------ c:\windows\system32\drivers\nv4_mini.sys
2009-01-07 21:06 . 2004-08-04 04:29 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-07 21:06 . 2004-08-04 04:37 46,464 --a------ c:\windows\system32\drivers\GAGP30KX.SYS
2009-01-07 21:04 . 2009-01-16 23:14 <DIR> d-------- C:\Documents and Settings
2009-01-07 21:03 . 2009-01-07 17:57 413 --a------ c:\windows\system32\$winnt$.inf
2009-01-07 19:55 . 2009-01-07 19:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 05:17 --------- d-----w c:\program files\security
2009-01-22 02:17 34,312 ----a-w c:\windows\system32\drivers\blueletaudio.sys
2009-01-18 03:24 --------- d-----w c:\program files\ESET
2009-01-09 17:46 --------- d-----w c:\program files\Common Files\Adobe
2009-01-07 14:39 --------- d-----w c:\documents and settings\kiran\Application Data\vlc
2009-01-07 14:37 --------- d-----w c:\program files\VideoLAN
2009-01-07 14:24 --------- d-----w c:\program files\Yahoo!
2009-01-07 10:34 --------- d-----w c:\program files\MSXML 4.0
2009-01-07 10:28 --------- d-----w c:\documents and settings\kiran\Application Data\InterTrust
2009-01-07 10:18 --------- d-----w c:\program files\microsoft frontpage
2009-01-09 17:35 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-09 17:35 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-09 17:35 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-09 17:35 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-09 17:35 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2009-02-01_13.30.11.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-03 08:00:40 16,384 ----atw c:\windows\temp\Perflib_Perfdata_468.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-18 3883008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-18 262144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2009-01-22 07:47 335958 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-09 03:30 128920 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 05:35 282624 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
--a------ 2005-10-25 09:56 185344 c:\program files\VVSN\VVSN.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\sdaemon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ymsgr_tray.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BtTray.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\SDFix\\apps\\isadmin.exe"=
"c:\\SDFix\\apps\\zip.exe"=
"c:\\SDFix\\apps\\Process.exe"=
"c:\\SDFix\\apps\\sc.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE"=
"c:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=

R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [2005-04-19 20352]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\jksvm.sys --> c:\windows\system32\drivers\jksvm.sys [?]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-04 18560]
S4 winser;winser;c:\windows\system32\winsersec.exe [2005-04-14 122880]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12f465ed-dcc6-11dd-85c3-0011d8b0c44d}]
\Shell\AutopLAy\commAnd - H:\xfual.pif
\Shell\AutoRun\command - H:\xfual.pif
\Shell\Explore\CoMMANd - H:\xfual.pif
\Shell\opEN\COMmAND - H:\xfual.pif
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\kiran\Application Data\Mozilla\Firefox\Profiles\g5r0jckx.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 13:30:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-03 13:31:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-03 08:01:29
ComboFix2.txt 2009-02-02 14:37:26
ComboFix3.txt 2009-02-01 08:00:40

Pre-Run: 16,166,096,896 bytes free
Post-Run: 16,173,244,416 bytes free

226

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 04 February 2009 - 05:20 PM

Hello Iamgood1986,

Stubborn buggers, aren't they :thumbup2:

What's your H:-drive, and is it connected while running ComboFix ?

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
c:\windows\system32\drivers\jksvm.sys
c:\windows\SET20.tmp
c:\windows\SET1D.tmp
c:\windows\SET2C.tmp
H:\xfual.pif
Driver::
asc3360pr
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)
"DisableRegistryTools"= 0 (0x0)
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12f465ed-dcc6-11dd-85c3-0011d8b0c44d}]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 iamgood1986

iamgood1986
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 05 February 2009 - 04:16 AM

H drive wasnt connected while running it. my flsh drive becomes the H wen i connect it. the task manager still refuses to open and the same with the registry and safe mode.

here is the log

ComboFix 09-01-31.01 - kiran 2009-02-05 14:37:56.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.121 [GMT 5.5:30]
Running from: c:\documents and settings\kiran\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kiran\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\SET1D.tmp
c:\windows\SET20.tmp
c:\windows\SET2C.tmp
c:\windows\system32\drivers\jksvm.sys
H:\xfual.pif
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SET1D.tmp
c:\windows\SET20.tmp
c:\windows\SET2C.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-05 00:45 . 2009-02-05 00:45 <DIR> d-------- c:\program files\DivX
2009-02-04 18:30 . 2009-02-04 18:35 <DIR> d-------- c:\documents and settings\kiran\DoctorWeb
2009-02-04 18:12 . 2009-02-04 18:12 108 --a------ c:\windows\system32\REMOTEDEVICE.INI
2009-02-04 18:08 . 2009-02-04 18:38 4,333 --a------ c:\windows\system32\LOCALSERVICE.INI
2009-02-04 18:08 . 2009-02-04 18:11 107 --a------ c:\windows\system32\LOCALDEVICE.INI
2009-02-04 18:07 . 2009-02-04 18:07 0 --a------ c:\windows\system32\BSPRINT.INI
2009-02-04 18:05 . 2009-02-04 18:27 <DIR> d-------- c:\program files\Winamp
2009-02-04 18:05 . 2009-02-04 18:27 <DIR> d-------- c:\documents and settings\kiran\Application Data\Winamp
2009-02-04 17:55 . 2009-02-04 17:57 <DIR> d-------- c:\program files\Mobiola Web Camera for S60
2009-02-04 17:55 . 2007-09-20 13:04 114,688 --a------ c:\windows\system32\BTCamVideoSource.dll
2009-02-03 12:00 . 2008-12-25 10:58 953,767,122 --a------ C:\MVI_8032.AVI
2009-01-31 19:55 . 2009-01-31 19:55 <DIR> d-------- c:\program files\TRELLIAN
2009-01-26 11:55 . 2009-01-26 11:55 <DIR> d-------- C:\EmergencyUtils
2009-01-22 17:14 . 2009-01-31 12:16 129 --a------ c:\windows\iridium.ini
2009-01-22 17:08 . 2009-01-22 17:08 <DIR> d-------- c:\program files\VVSN
2009-01-22 17:08 . 2009-01-22 17:08 <DIR> d-------- c:\program files\DAEMON Tools
2009-01-22 17:08 . 2009-01-22 17:08 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-01-22 17:06 . 2009-01-22 17:06 664,064 --a------ c:\windows\system32\drivers\sptd.sys
2009-01-22 17:06 . 2009-01-22 17:06 96,256 --a------ c:\windows\system32\drivers\sptd3213.sys
2009-01-22 16:44 . 2009-01-22 16:44 <DIR> d-------- c:\program files\PowerISO
2009-01-22 07:23 . 2009-01-22 07:23 <DIR> d-------- c:\program files\uTorrent
2009-01-22 07:23 . 2009-01-22 07:34 <DIR> d-------- c:\documents and settings\kiran\Application Data\uTorrent
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\program files\River Past
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\program files\Common Files\River Past
2009-01-20 19:59 . 2009-01-20 19:59 <DIR> d-------- c:\documents and settings\kiran\Application Data\River Past G5
2009-01-20 19:59 . 2009-01-20 20:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\River Past G5
2009-01-20 19:59 . 2009-01-20 19:59 162,567 --a------ c:\windows\Screen Recorder Pro Uninstaller.exe
2009-01-18 10:27 . 2009-01-18 10:27 16,244 --a------ c:\windows\system32\rrt_is.wav
2009-01-18 10:27 . 2009-01-18 10:27 7,302 --a------ c:\windows\system32\rrt_vf.wav
2009-01-18 10:27 . 2009-01-18 10:27 7,148 --a------ c:\windows\system32\rrt_tv.wav
2009-01-18 10:27 . 2009-01-18 10:27 6,282 --a------ c:\windows\system32\rrt_tn.wav
2009-01-18 09:41 . 2009-01-18 09:45 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-18 09:08 . 2009-01-18 09:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-17 22:11 . 2009-01-17 22:11 <DIR> d-------- c:\windows\ERUNT
2009-01-17 19:02 . 2009-01-17 19:02 <DIR> d-------- c:\documents and settings\kiran\Application Data\dvdcss
2009-01-16 23:14 . 2009-02-03 16:37 <DIR> d-------- c:\documents and settings\Administrator
2009-01-16 22:37 . 2009-01-31 11:12 <DIR> d-------- C:\SDFix
2009-01-14 14:13 . 2009-01-14 14:13 <DIR> d-------- C:\AigoVideo
2009-01-14 14:12 . 2009-01-14 14:12 <DIR> d-------- c:\program files\Aigo Video to MP4 Converter
2009-01-14 14:12 . 2007-05-03 00:36 749,568 --a------ c:\windows\system32\SkinCrafterDll.dll
2009-01-14 14:12 . 2006-11-07 11:22 719,872 --a------ c:\windows\system32\devil.dll
2009-01-14 14:12 . 2006-04-22 15:32 313,344 --a------ c:\windows\system32\avisynth.dll
2009-01-14 13:58 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-14 13:58 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-14 13:58 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-14 13:58 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-12 13:48 . 2009-01-12 13:48 <DIR> d-------- C:\rsit
2009-01-12 13:26 . 2009-01-12 13:26 <DIR> d-------- c:\program files\Trend Micro
2009-01-12 10:43 . 2009-01-28 14:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 10:43 . 2009-01-12 10:43 <DIR> d-------- c:\documents and settings\kiran\Application Data\Malwarebytes
2009-01-12 10:43 . 2009-01-12 10:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-12 10:43 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 10:43 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-12 09:56 . 2009-02-04 20:11 250 --a------ c:\windows\gmer.ini
2009-01-12 09:49 . 2009-01-12 09:49 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-12 09:36 . 2009-01-12 09:36 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-12 09:35 . 2009-01-12 09:35 <DIR> d-------- c:\program files\Real
2009-01-12 09:35 . 2009-01-12 09:35 <DIR> d-------- c:\program files\Common Files\Real
2009-01-12 09:35 . 2009-01-12 09:35 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-01-12 09:35 . 2009-01-12 09:35 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-01-11 19:46 . 2009-01-11 19:47 <DIR> d-------- c:\program files\IVT Corporation
2009-01-11 19:46 . 2009-02-04 18:07 32 --a------ c:\windows\0
2009-01-11 19:46 . 2009-01-11 19:46 0 --a------ c:\windows\system32\0
2009-01-09 19:24 . 2009-01-09 19:24 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-07 23:56 . 2009-01-07 23:56 1,172 --a------ c:\windows\mozver.dat
2009-01-07 23:08 . 2009-01-26 11:56 267,837,440 --a------ c:\windows\MEMORY.DMP
2009-01-07 21:11 . 2009-01-12 13:09 <DIR> d--h----- c:\documents and settings\Default User
2009-01-07 21:11 . 2009-01-07 15:45 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-07 21:11 . 2009-01-07 15:47 <DIR> d-------- c:\documents and settings\All Users
2009-01-07 21:07 . 2001-08-17 19:29 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-07 21:06 . 2004-08-04 06:26 4,274,816 --a------ c:\windows\system32\nv4_disp.dll
2009-01-07 21:06 . 2004-08-04 03:59 1,897,408 --a------ c:\windows\system32\drivers\nv4_mini.sys
2009-01-07 21:06 . 2004-08-04 04:29 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-07 21:06 . 2004-08-04 04:37 46,464 --a------ c:\windows\system32\drivers\GAGP30KX.SYS
2009-01-07 21:04 . 2009-01-16 23:14 <DIR> d-------- C:\Documents and Settings
2009-01-07 21:03 . 2009-01-07 17:57 413 --a------ c:\windows\system32\$winnt$.inf
2009-01-07 19:55 . 2009-01-07 19:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 12:38 34,312 ----a-w c:\windows\system32\drivers\blueletaudio.sys
2009-01-31 05:17 --------- d-----w c:\program files\security
2009-01-18 03:24 --------- d-----w c:\program files\ESET
2009-01-09 17:46 --------- d-----w c:\program files\Common Files\Adobe
2009-01-07 14:39 --------- d-----w c:\documents and settings\kiran\Application Data\vlc
2009-01-07 14:37 --------- d-----w c:\program files\VideoLAN
2009-01-07 14:24 --------- d-----w c:\program files\Yahoo!
2009-01-07 10:34 --------- d-----w c:\program files\MSXML 4.0
2009-01-07 10:28 --------- d-----w c:\documents and settings\kiran\Application Data\InterTrust
2009-01-07 10:18 --------- d-----w c:\program files\microsoft frontpage
2008-11-06 16:35 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2009-01-09 17:35 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-09 17:35 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-09 17:35 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-09 17:35 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-09 17:35 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2009-02-01_13.30.11.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 15:43:02 811,008 ----a-w c:\windows\gmer.exe
+ 2008-04-17 15:43:02 884,736 ----a-w c:\windows\gmer.exe
- 2009-01-22 02:17:11 3,638 ----a-r c:\windows\Installer\{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}\ARPPRODUCTICON.exe
+ 2009-02-04 12:37:34 3,638 ----a-r c:\windows\Installer\{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}\ARPPRODUCTICON.exe
+ 2007-03-07 23:51:00 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
+ 2007-03-07 23:51:00 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
+ 2007-03-07 23:51:00 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
+ 2007-03-07 23:51:00 547,576 ------w c:\windows\system32\px.dll
+ 2007-03-07 23:51:00 129,784 ------w c:\windows\system32\pxafs.dll
+ 2007-03-07 23:51:00 64,760 ------w c:\windows\system32\pxcpya64.exe
+ 2007-03-07 23:51:00 510,712 ------w c:\windows\system32\pxdrv.dll
+ 2007-03-07 23:51:00 72,440 ------w c:\windows\system32\pxhpinst.exe
+ 2007-03-07 23:51:00 64,760 ------w c:\windows\system32\pxinsa64.exe
+ 2007-03-07 23:51:00 187,128 ------w c:\windows\system32\pxmas.dll
+ 2007-03-07 23:51:00 1,628,920 ------w c:\windows\system32\pxsfs.dll
+ 2007-03-07 23:51:00 379,640 ------w c:\windows\system32\pxwave.dll
+ 2007-03-07 23:51:00 39,672 ------w c:\windows\system32\vxblock.dll
+ 2009-02-05 09:10:27 16,384 ----atw c:\windows\temp\Perflib_Perfdata_a04.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-18 3883008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-04 258134]

c:\documents and settings\kiran\Start Menu\Programs\Startup\
Mobiola Web Camera for S60.lnk - c:\program files\Mobiola Web Camera for S60\webcam.exe [2009-02-04 1077626]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2009-02-04 18:08 258134 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-09 03:30 128920 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 05:35 282624 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
--a------ 2005-10-25 09:56 185344 c:\program files\VVSN\VVSN.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\sdaemon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ymsgr_tray.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BtTray.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\SDFix\\apps\\isadmin.exe"=
"c:\\SDFix\\apps\\zip.exe"=
"c:\\SDFix\\apps\\Process.exe"=
"c:\\SDFix\\apps\\sc.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE"=
"c:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\WINDOWS\\gmer.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Mobiola Web Camera for S60\\webcam.exe"=
"c:\\WINDOWS\\system32\\CF32230.exe"=

R0 WINSEC;WINSEC;c:\windows\system32\drivers\winsec.sys [2005-04-19 20352]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\jksvm.sys --> c:\windows\system32\drivers\jksvm.sys [?]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2004-08-04 18560]
S4 winser;winser;c:\windows\system32\winsersec.exe [2005-04-14 122880]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\kiran\Application Data\Mozilla\Firefox\Profiles\g5r0jckx.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 14:40:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-05 14:41:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-05 09:11:12
ComboFix2.txt 2009-02-03 08:01:34
ComboFix3.txt 2009-02-02 14:37:26
ComboFix4.txt 2009-02-01 08:00:40

Pre-Run: 15,977,885,696 bytes free
Post-Run: 16,084,324,352 bytes free

257

#12 iamgood1986

iamgood1986
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 11 February 2009 - 02:04 AM

No help???

#13 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 11 February 2009 - 01:58 PM

Hello Iamgood1986,

I missed your previous reply.

Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • Close all other running programs.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
Upon reboot, run Gmer again and click on the Rootkit tab.
  • On the right (under Files) uncheck all drives with the exception of your C: drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop button turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
Important!:Please do not select the Show all checkbox during the scan..

Just in case : if it doesn't run properly, create this batch & place it next to Gmer.exe on your desktop :

Open Notepad and copy and paste the bold, blue text below in it:@echo off
Copy /y gmer.exe ark.exe
Start ark.exe

Save this as ark.bat
Choose to save as "all files" and place it on your Desktop.
It should look like this: Posted Image
Double click it and see if that manages to run Gmer properly.
If it does, please post the log in your next reply.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#14 iamgood1986

iamgood1986
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 12 February 2009 - 12:52 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-12 23:19:41
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF9798AC8]
SSDT sptd.sys ZwEnumerateKey [0xF9798C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF9798F9A]
SSDT sptd.sys ZwOpenKey [0xF979898E]
SSDT sptd.sys ZwQueryKey [0xF9799064]
SSDT sptd.sys ZwQueryValueKey [0xF9798EFC]
SSDT sptd.sys ZwSetValueKey [0xF97990EC]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3213.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F84B94F0 16 Bytes [ 55, FD, 1C, B0, 8D, D5, 53, ... ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F84B9501 31 Bytes CALL 20F62A9D
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\system32\drivers\jksvm.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9794AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F9794C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F9794B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F979576C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F9795642] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F97B7056] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10029465] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10029397] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10028D55] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [100293D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10029465] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10029397] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10028D55] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [100293D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [1002833D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [1002833D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [1002837B] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [100282B5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [1002896C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [100282F3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [1002896C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [10028343] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [10028277] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10029397] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [100293D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10028D55] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10029465] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10029417] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [1002833D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10029417] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10029465] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [100293D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10029397] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10028D55] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [1002896C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [1002896C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [100282F3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [10028277] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [100282B5] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 81BD34D0
Device \Driver\NetBT \Device\NetBT_Tcpip_{CD964041-504D-4C17-9C8E-0B3CE78A2C06} 81966980
Device \Driver\dmio \Device\DmControl\DmIoDaemon 81BD30E8
Device \Driver\dmio \Device\DmControl\DmConfig 81BD30E8
Device \Driver\dmio \Device\DmControl\DmPnP 81BD30E8
Device \Driver\dmio \Device\DmControl\DmInfo 81BD30E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8D8FA92C-ADC1-46CB-90F6-62C61A8C5F60} 81966980
Device \Driver\Ftdisk \Device\HarddiskVolume1 81BD6A58
Device \Driver\Ftdisk \Device\HarddiskVolume2 81BD6A58
Device \Driver\Cdrom \Device\CdRom0 818CC268
Device \FileSystem\Rdbss \Device\FsWrap 8196CEB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 81BD6A58
Device \Driver\Cdrom \Device\CdRom1 818CC268
Device \Driver\Ftdisk \Device\HarddiskVolume4 81BD6A58
Device \Driver\Cdrom \Device\CdRom2 818CC268
Device \Driver\NetBT \Device\NetBt_Wins_Export 81966980
Device \Driver\NetBT \Device\NetbiosSmb 81966980
Device \Driver\00000043 \Device\0000004c sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{7C1E98DE-0970-45EF-B0D5-59207C5073C4} 81966980
Device \Driver\Disk \Device\Harddisk0\DR0 81BD3708
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 818F5EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 818F5EB0
Device \FileSystem\Npfs \Device\NamedPipe 8199DE20
Device \Driver\Ftdisk \Device\FtControl 81BD6A58
Device \FileSystem\Msfs \Device\Mailslot 818EF650
Device \Driver\SiSRaid2 \Device\Scsi\SiSRaid21 81BD3C78
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 817F80E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 81BD39C0
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port3Path0Target0Lun0 81BD39C0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 817F80E8
Device \Driver\SiSRaid2 \Device\Scsi\SiSRaid21Port2Path0Target2Lun0 81BD3C78
Device \FileSystem\Cdfs \Cdfs 818F5548

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0xB0 0x34 0x5A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0x94 0x73 0xDC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC2 0x11 0xE9 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -462030798
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1000685033
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -266818196
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCE 0xB0 0x34 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCB 0x94 0x73 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC2 0x11 0xE9 0xFD ...

---- EOF - GMER 1.0.14 ----

#15 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:47 AM

Posted 13 February 2009 - 12:52 PM

Hello Iamgood1986,

Can you please make a fresh HijackThis log and post it in your next reply ?

If you have no shortcut to the tool on your desktop,
you can find HijackThis.exe in the C:\Program Files\Trend Micro\HijackThis folder
  • Double-click on HijackThis.exe to run the program.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save log to save the log file and then the log will open in Notepad.
  • Click on Edit -> Select All then click on Edit -> Copy to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users