Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Double click on hard disk drives not working [hijackthis.log posted]


  • This topic is locked This topic is locked
27 replies to this topic

#1 udayippu

udayippu

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 21 January 2009 - 01:39 AM

hii....i am a newbie here...this is my first post in this section...ive used this forum b4 to get one prob solved...

coming to the point...
the double click on hard disk drive is not working now 4me....when using right click, its showing autoplay,search n explore...i can enter into the drives through the address path/explore....
when i checked in the task manager, i found that whenever i am double clicking on the drives, the process 'spoolsv.exe' is starting there...n its taking high cpu load...dont know wats the problem....plzz help...

attaching the hijackthis log here...
----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:04 AM, on 1/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\wgp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Universal Shield 4.1\US30Service.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\wgp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Buildfork] C:\DOCUME~1\Rakesh\APPLIC~1\DRVMEA~1\wipe mapi window.exe
O4 - HKCU\..\Run: [AutoPowerOn] "C:\Program Files\AutoPowerOn\AutoPowerOn.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EABE7DC1-2562-496F-98C8-11038049B6FF}: NameServer = 85.255.116.126,85.255.112.119
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.126,85.255.112.119
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.118,85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.126,85.255.112.119
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Auto Power-on & Shut-down Service (PCAutoPowerOnService) - Unknown owner - C:\Program Files\AutoPowerOn\PCAutoPowerOnService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.1\US30Service.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10792 bytes

BC AdBot (Login to Remove)

 


#2 udayippu

udayippu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 21 January 2009 - 01:46 PM

still no reply???...plzz help....wats d soln???....

---------
didnt notice this....plz excuse...

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
---------

Edited by udayippu, 21 January 2009 - 01:52 PM.


#3 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:45 PM

Posted 22 January 2009 - 10:16 AM

Hello udayippu,

I'm DocSatan and I will be helping you with your computer problem. :thumbup2:

Please give me some time to research your log and I will get back to you.

Doc.

#4 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:45 PM

Posted 24 January 2009 - 11:09 AM

udayippo,

I see that you have also asked for help on this matter at GeeksToGo: http://www.geekstogo.com/forum/Double-clic...ed-t226060.html

Please reply to this topic informing me if you wish to have BC or GTG handle this problem for you.

When you have made your decision, you should also inform any other Help Forum(s), that you have requested help from for this matter, that you will no longer need their assistance.

I will wait for your decision before posting any Fixes here.

Doc.

#5 udayippu

udayippu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 26 January 2009 - 09:50 PM

sorry for being late to put the feedback to ur rep...

as u said, i fixed it using combofix...but when i am shutting down the system, it takes too much time...dont kno wats d reason...

posting the combofix.txt file...

n plz let me know wats this spoolsv.exe....i heard dat its 4 d printer...but i hav no printer attached to my system..but still spoolsv.exe working...

---------

ComboFix 09-01-21.04 - Rakesh 2009-01-25 8:55:16.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.298 [GMT 5.5:30]
Running from: c:\documents and settings\Rakesh\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Rakesh\Application Data\FunWebProducts
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\ntldr.com
c:\windows\config.ini
c:\windows\IE4 Error Log.txt
c:\windows\mywallpaper.bmp
c:\windows\sysobjwertb.dll
c:\windows\system32\drivers\gaopdxmrscpupx.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gaopdxgiltqwwc.dll
c:\windows\system32\mdm.exe
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wanpacket.dll
c:\windows\system32\win32.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf
D:\resycled
d:\resycled\ntldr.com
E:\Autorun.inf
E:\resycled
e:\resycled\ntldr.com
F:\Autorun.inf
F:\resycled
f:\resycled\ntldr.com
H:\Autorun.inf
H:\resycled
h:\resycled\ntldr.com
I:\Autorun.inf
I:\resycled
i:\resycled\ntldr.com
J:\Autorun.inf
J:\resycled
j:\resycled\ntldr.com
K:\Autorun.inf
K:\resycled
k:\resycled\ntldr.com
M:\Autorun.inf
M:\resycled
m:\resycled\ntldr.com
S:\Autorun.inf
S:\resycled
s:\resycled\ntldr.com
T:\Autorun.inf
T:\resycled
t:\resycled\ntldr.com
W:\Autorun.inf
W:\resycled
w:\resycled\ntldr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.

2009-01-24 09:32 . 2009-01-24 09:32 71,168 --a------ c:\windows\system32\drivers\gaopdxlqijrkdy.sys
2009-01-21 12:15 . 2009-01-21 12:15 <DIR> d--hs---- C:\FOUND.045
2009-01-21 11:54 . 2009-01-21 11:54 <DIR> d-------- c:\program files\Trend Micro
2009-01-21 11:25 . 2009-01-21 11:25 <DIR> d-------- C:\HJT
2009-01-21 10:45 . 2009-01-22 10:45 71,680 --a------ c:\windows\system32\drivers\gaopdxsrfqxeut.sys
2009-01-21 09:01 . 2009-01-21 09:01 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2009-01-21 08:48 . 2009-01-21 08:48 71,680 --a------ c:\windows\system32\drivers\gaopdxyqmepxuf.sys
2009-01-21 07:28 . 2009-01-21 07:28 71,680 --a------ c:\windows\system32\drivers\gaopdxwwuplhbq.sys
2009-01-21 00:41 . 2009-01-21 00:41 71,168 --a------ c:\windows\system32\drivers\gaopdxjoyxvkon.sys
2009-01-20 15:22 . 2009-01-20 15:22 242,319,360 --a------ c:\windows\is-7FQQS.msg
2009-01-20 15:22 . 2009-01-20 15:22 242,302,976 --a------ c:\windows\is-7FQQS.lst
2009-01-20 15:22 . 2009-01-20 15:22 676,864 --a------ c:\windows\is-7FQQS.exe
2009-01-20 12:59 . 2009-01-20 12:59 <DIR> d-------- c:\program files\bitsoft.net
2009-01-16 20:10 . 2009-01-16 20:10 <DIR> d-------- c:\program files\AVI MPEG ASF WMV Splitter
2009-01-16 20:10 . 2009-01-16 20:10 <DIR> d-------- c:\documents and settings\Rakesh\Application Data\Bitsoft
2009-01-16 08:36 . 2009-01-16 08:36 <DIR> d--hs---- C:\FOUND.044
2009-01-14 02:40 . 2009-01-14 02:40 <DIR> d--hs---- C:\FOUND.043
2009-01-12 19:04 . 2009-01-12 19:04 <DIR> d-------- c:\documents and settings\Rakesh\LocalLow
2009-01-12 19:04 . 2009-01-12 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks
2009-01-11 00:37 . 2009-01-11 00:37 <DIR> d--hs---- C:\FOUND.042

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 17:33 3,060,224 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 05:16 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2007-10-03 14:14 21,280 ----a-w c:\documents and settings\Rakesh\Application Data\GDIPFONTCACHEV1.DAT
2009-01-17 04:26 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-17 04:26 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-15 15:48 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-01-17 04:26 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-17 04:26 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-17 04:26 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2007-08-07 61440]
"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\program files\speed-bit\tbspe1.dll" [2007-09-25 1453080]

[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2007-09-25 02:17 1453080 --a------ c:\program files\speed-bit\tbspe1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\program files\speed-bit\tbspe1.dll" [2007-09-25 1453080]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "c:\program files\speed-bit\tbspe1.dll" [2007-09-25 1453080]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"AutoPowerOn"="c:\program files\AutoPowerOn\AutoPowerOn.exe" [2006-02-10 718848]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-20 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-06 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinGuard Pro"="c:\windows\system32\wgp.exe" [2006-10-18 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"PV92TRAY"="PV92Tray.exe" [2005-04-29 c:\windows\system32\PV92Tray.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-14 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"l3codecp.acm"= Fraunhofer IIS MPEG Layer-3 Codec
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-15 23:27 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
--a------ 2004-06-11 16:04 1226752 c:\program files\Intel\IDU\iptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 18:29 303104 c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 12:05 212992 c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 13:03 53248 c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2005-08-11 22:02 53248 c:\program files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-04 06:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--a------ 2005-08-10 12:49 163840 c:\program files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 18:18 151552 c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-21 00:11 33792 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-04 07:13 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
-ra------ 2005-04-29 10:54 180224 c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-05-05 05:58 14396416 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"OracleWebAssistant0"=2 (0x2)
"OracleServiceAB"=2 (0x2)
"OracleOraHome81TNSListener"=2 (0x2)
"OracleOraHome81DataGatherer"=3 (0x3)
"OracleOraHome81ClientCache"=3 (0x3)
"OracleOraHome81Agent"=3 (0x3)
"iHCService"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"Diskeeper"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\JavaSoft\\JRE\\1.3\\bin\\rmid.exe"=
"c:\\Program Files\\JavaSoft\\JRE\\1.3\\bin\\rmiregistry.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R3 US30Kbd;US30Kbd;c:\windows\system32\drivers\US30Kbd2K.sys [2005-03-31 10464]
R4 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2004-06-01 10386]
R4 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [2007-08-07 35200]
S3 wip0203;Wippien Network Adapter 2.3;c:\windows\system32\drivers\wip0203.sys [2007-09-02 23096]
S4 OracleOraHome81Agent;OracleOraHome81Agent;e:\oracle\Ora81\bin\dbsnmp.exe --> e:\oracle\Ora81\bin\dbsnmp.exe [?]
S4 OracleOraHome81ClientCache;OracleOraHome81ClientCache;e:\oracle\Ora81\BIN\ONRSD.EXE --> e:\oracle\Ora81\BIN\ONRSD.EXE [?]
S4 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer;e:\oracle\Ora81\bin\vppdc.exe --> e:\oracle\Ora81\bin\vppdc.exe [?]
S4 OracleOraHome81TNSListener;OracleOraHome81TNSListener;e:\oracle\Ora81\BIN\TNSLSNR --> e:\oracle\Ora81\BIN\TNSLSNR [?]
S4 OracleServiceAB;OracleServiceAB;e:\oracle\ora81\bin\ORACLE.EXE AB --> e:\oracle\ora81\bin\ORACLE.EXE AB [?]
S4 OracleWebAssistant0;OracleWebAssistant0;e:\oracle\Ora81\BIN\OWASTSVR.EXE --> e:\oracle\Ora81\BIN\OWASTSVR.EXE [?]
S4 PCAutoPowerOnService;Auto Power-on & Shut-down Service;c:\program files\AutoPowerOn\PCAutoPowerOnService.exe [2007-11-20 484864]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ca3ba40-d5f6-11dc-8b31-001320cadede}]
\Shell\AutoRun\command - L:\xn1i9x.com
\Shell\explore\Command - L:\xn1i9x.com
\Shell\open\Command - L:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89523ea2-8e53-11dd-8d50-001320cadede}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2007-11-19 c:\windows\Tasks\Calculator.job
- c:\windows\system32\calc.exe [2001-08-23 17:30]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKCU-Run-Buildfork - c:\docume~1\Rakesh\APPLIC~1\DRVMEA~1\wipe mapi window.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
uInternet Settings,ProxyServer = 0.0.0.0:80
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rakesh\Application Data\Mozilla\Firefox\Profiles\4hjxnzs7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Rakesh\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\Rakesh\Application Data\Mozilla\Firefox\Profiles\4hjxnzs7.default\extensions\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}\components\FFAlert.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 09:05:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome81TNSListener]
"ImagePath"="e:\oracle\Ora81\BIN\TNSLSNR "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxeyoynkrd.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-879983540-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gaopdxeyoynkrd.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\progra~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
c:\windows\system32\WRLogonNTF.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\mcafee.com\agent\mcdetect.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Universal Shield 4.1\US30Service.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-01-25 9:07:34 - machine was rebooted [Rakesh]
ComboFix-quarantined-files.txt 2009-01-25 03:37:30

Pre-Run: 999,841,792 bytes free
Post-Run: 1,041,719,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

339 --- E O F --- 2009-01-13 21:32:05

#6 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:45 PM

Posted 27 January 2009 - 02:00 PM

Hi udayippu,

Give me some time to research your CF Log and I will get back to you ASAP. :thumbup2:

Doc.

#7 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:45 PM

Posted 27 January 2009 - 04:40 PM

udayippu,

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.


#8 udayippu

udayippu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 30 January 2009 - 06:59 AM

At the beginning, when i double-clicked on Gmer.exe,it prompted for
fully scanning the system, due to ROOTKIT activity.

At the end of scanning i got this msg...
GMER
------
Warning!!!

GMER has found system modification caused by ROOTKIT activity.

----------

posting the Gmer.log here...


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-30 17:22:18
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

Device \FileSystem\Fastfat \FatCdrom LF30XP.sys
Device \FileSystem\Mup \Dfs LF30XP.sys
Device \Driver\Tcpip \Device\Ip sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 US30Kbd2K.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 US30Kbd2K.sys

Device \Driver\Serial \Device\Serial0 LF30XP.sys
Device \FileSystem\RAW \Device\RawTape LF30XP.sys
Device \Driver\rdpdr \Device\RdpDrPort LF30XP.sys
Device \FileSystem\MRxDAV \Device\WebDavRedirector US30XP.sys
Device \FileSystem\MRxDAV \Device\WebDavRedirector LF30XP.sys
Device \Driver\Tcpip \Device\Tcp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
Device \Driver\Parport \Device\ParallelPort0 LF30XP.sys
Device \Driver\ParVdm \Device\ParallelVdm0 US30XP.sys
Device \Driver\rdpdr \Device\RdpDr LF30XP.sys
Device \FileSystem\Rdbss \Device\FsWrap LF30XP.sys
Device \Driver\Parport \Device\Parallel0 LF30XP.sys
Device \Driver\Ptserial \Device\PTSerial0 LF30XP.sys
Device \FileSystem\Mup \Device\Mup LF30XP.sys
Device \Driver\Tcpip \Device\Udp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
Device \Driver\Tcpip \Device\RawIp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
Device \FileSystem\RAW \Device\RawDisk LF30XP.sys
Device \Driver\Ptilink \Device\ParTechInc0 LF30XP.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver LF30XP.sys
Device \Driver\Tcpip \Device\IPMULTICAST sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector LF30XP.sys
Device \FileSystem\Npfs \Device\NamedPipe LF30XP.sys
Device \FileSystem\Msfs \Device\Mailslot LF30XP.sys
Device \Driver\AFD \Device\Afd LF30XP.sys
Device \FileSystem\RAW \Device\RawCdRom LF30XP.sys
Device \FileSystem\Mup \Device\WinDfs\Root LF30XP.sys
Device \FileSystem\Fastfat \Fat LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\NtfsRecognizer LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer LF30XP.sys
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer LF30XP.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer LF30XP.sys
Device \FileSystem\Cdfs \Cdfs LF30XP.sys

---- Services - GMER 1.0.14 ----

Service system32\drivers\gaopdxeyoynkrd.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxeyoynkrd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxeyoynkrd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxqjnqhnlp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxeyoynkrd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxeyoynkrd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxqjnqhnlp.dll

---- Files - GMER 1.0.14 ----


---- EOF - GMER 1.0.14 ----

#9 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:45 PM

Posted 31 January 2009 - 01:05 PM

udayippo,

First let me answer your question about spoolsv.exe. :thumbup2:

From this link: http://www.liutilities.com/products/wintas...ibrary/spoolsv/

The spoolsv.exe file is described as the Spooler SubSystem App or Windows Print Spooler Service and is the main component of the printing interfaces. The spoolsv.exe file is initialized when the computer starts, and it runs in the background until the computer is turned off.


I think that the reason for spoolsv.exe using excessive CPU had to do with the USB Infection that was keeping you from double-clicking on your HD. Combofix deleted the files associated with that infection. Are you able to double-click on your HD now? Also, is spoolsv.exe still taking up CPU?

On to the Fix:

1. Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)


2. CFScript Fix
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    File::
    C:\Windows\System32\Drivers\gaopdxeyoynkrd.sys
    C:\Windows\System32\Drivers\gaopdxqjnqhnlp.dll
    c:\windows\system32\drivers\gaopdxlqijrkdy.sys
    c:\windows\system32\drivers\gaopdxsrfqxeut.sys
    c:\windows\system32\drivers\gaopdxyqmepxuf.sys
    c:\windows\system32\drivers\gaopdxwwuplhbq.sys
    c:\windows\system32\drivers\gaopdxjoyxvkon.sys
    c:\windows\is-7FQQS.msg
    c:\windows\is-7FQQS.lst
    c:\windows\is-7FQQS.exe

    Driver::
    gaopdxserv

    DirLook::
    c:\documents and settings\Rakesh\LocalLow

  • Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
3. What I Need In Your Next Reply
  • lopR.txt
  • ComboFix.txt
  • Answer to these questions:
  • Are you able to open your HD by double-clicking now?
  • Is spoolsv.exe still taking up excessive CPU?
  • How is your computer running now?


#10 udayippu

udayippu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 02 February 2009 - 03:58 AM

Now i can enter into the hard disk drives by double-clicking...n spoolsv is not taking much cpu load now..
but it takes too long to shut down my system [especially for 'saving your settings']


posting the lopR n combofix log...
---------------------------------------



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )
BIOS : BIOS Date: 04/29/05 21:08:57 Ver: 08.00.10
USER : Rakesh ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:15 Go (Free:0 Go)
D:\ (Local Disk) - FAT32 - Total:19 Go (Free:0 Go)
E:\ (Local Disk) - FAT32 - Total:19 Go (Free:0 Go)
F:\ (Local Disk) - FAT32 - Total:9 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (Local Disk) - FAT32 - Total:1 Go (Free:0 Go)
I:\ (Local Disk) - FAT32 - Total:9 Go (Free:0 Go)
J:\ (Local Disk) - FAT32 - Total:29 Go (Free:0 Go)
K:\ (Local Disk) - FAT32 - Total:29 Go (Free:0 Go)
M:\ (Local Disk) - FAT32 - Total:26 Go (Free:1 Go)
S:\ (Local Disk) - FAT32 - Total:9 Go (Free:0 Go)
T:\ (Local Disk) - FAT32 - Total:29 Go (Free:0 Go)
W:\ (Local Disk) - FAT32 - Total:14 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 02/02/2009|14:03 )

--------------------\\ Listing folders in APPLIC~1

[01/14/2006|05:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/14/2006|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/13/2006|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[12/12/2008|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Bluetooth
[01/14/2006|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[11/02/2008|01:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EmailNotifier
[07/31/2007|02:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[09/14/2008|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Installations
[09/12/2006|09:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[02/25/2008|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[01/14/2006|03:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[01/14/2006|05:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[09/14/2008|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Suite
[08/07/2007|02:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[01/12/2009|07:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TVU Networks
[08/23/2007|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[08/04/2007|06:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[03/25/2006|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[01/14/2006|05:22] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[12/06/2007|02:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> BitTorrent
[08/09/2007|01:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[01/14/2006|05:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[11/19/2007|11:34] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> .ABC
[01/14/2006|03:26] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Adobe
[03/12/2006|01:30] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Ahead
[08/10/2008|03:49] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Audacity
[11/20/2007|01:08] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> AutoPowerOn
[01/16/2009|08:10] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Bitsoft
[10/03/2007|01:27] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> BitTorrent
[10/03/2007|01:27] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> BitTorrent DNA
[01/14/2006|07:54] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> CyberLink
[09/01/2007|02:39] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> DivX
[01/16/2008|11:38] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> DMCache
[03/13/2008|08:06] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> DNA
[08/05/2007|08:43] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> DRV MEAL CAMP
[06/06/2007|11:35] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> dvdcss
[04/24/2008|11:44] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Flock
[01/25/2006|11:32] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> gen_ff v1.07
[07/31/2007|03:02] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Google
[01/16/2006|12:32] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Help
[01/14/2006|03:15] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Identities
[01/16/2008|11:38] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> IDM
[08/10/2007|03:49] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> InstallShield
[01/14/2006|03:26] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> InterTrust
[09/12/2006|09:02] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Intervideo
[03/09/2006|11:26] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Macromedia
[02/25/2008|01:29] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Malwarebytes
[02/22/2007|07:15] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Media Player Classic
[08/10/2007|03:51] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Megaupload
[08/10/2007|02:59] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> MegauploadToolbar
[01/14/2006|05:22] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Microsoft
[08/04/2007|06:55] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Mozilla
[08/26/2007|07:19] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Musicmatch
[09/29/2006|12:39] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Nero
[10/27/2007|07:52] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Netscape
[09/14/2008|10:30] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Nokia
[09/14/2008|10:30] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> PC Suite
[03/11/2008|07:54] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Sun
[08/04/2007|06:55] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Talkback
[08/04/2007|07:24] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> uTorrent
[06/03/2007|02:52] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> vlc
[01/27/2008|07:39] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Vso
[09/02/2007|01:45] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Wippien
[08/04/2007|11:56] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Yahoo!

[01/14/2006|05:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[09/15/2007|11:04] C:\DOCUME~1\ADMINI~1.RAK\APPLIC~1\<DIR> DivX
[01/14/2006|05:22] C:\DOCUME~1\ADMINI~1.RAK\APPLIC~1\<DIR> Microsoft
[09/15/2007|03:05] C:\DOCUME~1\ADMINI~1.RAK\APPLIC~1\<DIR> Mozilla
[09/15/2007|03:06] C:\DOCUME~1\ADMINI~1.RAK\APPLIC~1\<DIR> Talkback



--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/20/2007 12:25 AM][--a------] C:\WINDOWS\tasks\Calculator.job
[07/08/2007 10:35 PM][--a------] C:\WINDOWS\tasks\UPS System Shutdown Program.job
[02/02/2009 02:01 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 05:30 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[06/12/2008|08:07] C:\Program Files\<DIR> 3D Live Snooker
[11/19/2007|11:34] C:\Program Files\<DIR> ABC
[08/04/2007|10:21] C:\Program Files\<DIR> Absolutist.com
[01/14/2006|03:26] C:\Program Files\<DIR> Adobe
[01/14/2006|03:42] C:\Program Files\<DIR> Ahead
[08/07/2007|02:23] C:\Program Files\<DIR> AskPBar
[08/10/2008|03:49] C:\Program Files\<DIR> Audacity 1.3 Beta (Unicode)
[08/10/2008|03:56] C:\Program Files\<DIR> AudacityPortable
[11/20/2007|01:08] C:\Program Files\<DIR> AutoPowerOn
[01/16/2009|08:10] C:\Program Files\<DIR> AVI MPEG ASF WMV Splitter
[01/20/2009|12:59] C:\Program Files\<DIR> bitsoft.net
[10/03/2007|01:27] C:\Program Files\<DIR> BitTorrent
[10/03/2007|01:27] C:\Program Files\<DIR> BitTorrent_DNA
[02/24/2008|08:53] C:\Program Files\<DIR> CleanUp!
[12/18/2007|10:05] C:\Program Files\<DIR> Combined Community Codec Pack
[01/14/2006|05:26] C:\Program Files\<DIR> Common Files
[09/29/2007|08:55] C:\Program Files\<DIR> Conf
[03/21/2006|09:03] C:\Program Files\<DIR> Creative
[01/14/2006|03:44] C:\Program Files\<DIR> CyberLink
[08/07/2007|02:15] C:\Program Files\<DIR> DAP
[09/14/2008|10:29] C:\Program Files\<DIR> DIFX
[12/18/2007|10:20] C:\Program Files\<DIR> DivX
[03/12/2006|01:30] C:\Program Files\<DIR> DivX Player
[03/13/2008|08:06] C:\Program Files\<DIR> DNA
[08/05/2007|08:43] C:\Program Files\<DIR> DRV MEAL CAMP
[08/27/2007|11:02] C:\Program Files\<DIR> DVD Cutter
[01/29/2006|09:21] C:\Program Files\<DIR> DXBall2
[03/21/2006|08:56] C:\Program Files\<DIR> Eidos Interactive
[08/12/2007|03:18] C:\Program Files\<DIR> Everstrike Software
[08/27/2007|04:24] C:\Program Files\<DIR> Executive Software
[04/24/2008|11:42] C:\Program Files\<DIR> Flock
[02/09/2006|08:27] C:\Program Files\<DIR> Google
[07/31/2006|11:49] C:\Program Files\<DIR> HFXP2
[01/21/2009|11:26] C:\Program Files\<DIR> Hijackthis
[01/14/2006|03:16] C:\Program Files\<DIR> InstallShield Installation Information
[01/14/2006|03:17] C:\Program Files\<DIR> Intel
[12/27/2006|11:08] C:\Program Files\<DIR> InterActual
[01/16/2008|11:37] C:\Program Files\<DIR> Internet Download Manager
[01/25/2006|12:14] C:\Program Files\<DIR> Internet Explorer
[09/12/2006|09:42] C:\Program Files\<DIR> InterVideo
[11/02/2007|09:46] C:\Program Files\<DIR> InterVideo Information Service
[03/04/2008|08:14] C:\Program Files\<DIR> Java
[01/14/2006|04:34] C:\Program Files\<DIR> JavaSoft
[01/14/2006|04:10] C:\Program Files\<DIR> Macromedia
[01/14/2006|03:46] C:\Program Files\<DIR> McAfee.com
[08/10/2007|03:50] C:\Program Files\<DIR> Megaupload
[08/10/2007|02:59] C:\Program Files\<DIR> MegauploadToolbar
[01/14/2006|03:06] C:\Program Files\<DIR> Messenger
[01/14/2006|03:32] C:\Program Files\<DIR> Microsoft ActiveSync
[01/14/2006|03:09] C:\Program Files\<DIR> microsoft frontpage
[01/14/2006|03:30] C:\Program Files\<DIR> Microsoft Office
[01/14/2006|03:31] C:\Program Files\<DIR> Microsoft Visual Studio
[01/25/2006|12:24] C:\Program Files\<DIR> Movie Maker
[08/04/2007|06:54] C:\Program Files\<DIR> Mozilla Firefox
[08/10/2008|03:10] C:\Program Files\<DIR> Mp3 Knife
[08/10/2008|03:19] C:\Program Files\<DIR> Mp3 Merger
[02/25/2007|12:30] C:\Program Files\<DIR> Mpgdvd
[01/14/2006|03:05] C:\Program Files\<DIR> MSN
[01/14/2006|03:06] C:\Program Files\<DIR> MSN Gaming Zone
[08/05/2007|07:21] C:\Program Files\<DIR> MSXML 4.0
[03/25/2006|02:17] C:\Program Files\<DIR> Musicmatch
[02/26/2008|08:08] C:\Program Files\<DIR> MZL & Novatech TrafficStatistic
[03/25/2006|08:41] C:\Program Files\<DIR> Nero
[01/14/2006|03:07] C:\Program Files\<DIR> NetMeeting
[10/27/2007|07:52] C:\Program Files\<DIR> Netscape
[08/27/2007|04:05] C:\Program Files\<DIR> NewTech Infosystems
[09/14/2008|10:28] C:\Program Files\<DIR> Nokia
[01/14/2006|03:06] C:\Program Files\<DIR> Online Services
[12/24/2007|12:07] C:\Program Files\<DIR> Onlinebandit
[01/14/2006|03:07] C:\Program Files\<DIR> Outlook Express
[09/14/2008|10:28] C:\Program Files\<DIR> PC Connectivity Solution
[09/12/2006|09:37] C:\Program Files\<DIR> Real
[01/25/2006|12:27] C:\Program Files\<DIR> Realtek
[08/20/2007|04:17] C:\Program Files\<DIR> speed-bit
[08/07/2007|02:23] C:\Program Files\<DIR> SpeedBit Video Accelerator
[08/07/2007|02:28] C:\Program Files\<DIR> SpeedOptimizer
[08/03/2006|03:28] C:\Program Files\<DIR> Stardock
[01/21/2007|10:34] C:\Program Files\<DIR> Talisman 2
[01/21/2009|11:54] C:\Program Files\<DIR> Trend Micro
[01/14/2006|03:15] C:\Program Files\<DIR> Uninstall Information
[08/14/2007|04:03] C:\Program Files\<DIR> Universal Shield 4.1
[08/04/2007|07:24] C:\Program Files\<DIR> uTorrent
[02/09/2006|10:09] C:\Program Files\<DIR> VCD Cutter
[02/09/2006|10:10] C:\Program Files\<DIR> VCDCut
[06/03/2007|02:52] C:\Program Files\<DIR> VideoLAN
[01/27/2008|08:12] C:\Program Files\<DIR> VSO
[01/14/2006|04:23] C:\Program Files\<DIR> Web Publish
[09/01/2007|12:22] C:\Program Files\<DIR> Webteh
[01/25/2006|12:26] C:\Program Files\<DIR> Winamp
[08/23/2007|02:21] C:\Program Files\<DIR> Windows Media Connect 2
[01/25/2006|12:25] C:\Program Files\<DIR> Windows Media Player
[01/14/2006|03:05] C:\Program Files\<DIR> Windows NT
[01/14/2006|03:08] C:\Program Files\<DIR> WindowsUpdate
[09/30/2007|08:04] C:\Program Files\<DIR> WinGuard Pro 2007
[02/26/2008|08:09] C:\Program Files\<DIR> WinPcap
[04/07/2006|09:28] C:\Program Files\<DIR> Winrar
[01/14/2006|03:33] C:\Program Files\<DIR> WinZip
[02/10/2007|12:35] C:\Program Files\<DIR> WSPingPR
[01/14/2006|03:09] C:\Program Files\<DIR> xerox
[08/03/2006|03:26] C:\Program Files\<DIR> XP Codec Pack
[03/25/2006|08:34] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/14/2006|03:26] C:\Program Files\Common Files\<DIR> Adobe
[01/14/2006|03:42] C:\Program Files\Common Files\<DIR> Ahead
[01/14/2006|03:31] C:\Program Files\Common Files\<DIR> Designer
[03/24/2006|10:46] C:\Program Files\Common Files\<DIR> DirectX
[02/25/2008|01:28] C:\Program Files\Common Files\<DIR> Download Manager
[08/12/2007|03:18] C:\Program Files\Common Files\<DIR> Everstrike Software
[01/14/2006|03:16] C:\Program Files\Common Files\<DIR> InstallShield
[08/26/2007|12:41] C:\Program Files\Common Files\<DIR> InterVideo
[03/04/2008|08:14] C:\Program Files\Common Files\<DIR> Java
[01/14/2006|03:30] C:\Program Files\Common Files\<DIR> L&H
[01/14/2006|05:26] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/14/2006|03:07] C:\Program Files\Common Files\<DIR> MSSoap
[09/14/2008|10:29] C:\Program Files\Common Files\<DIR> Nokia
[01/14/2006|05:26] C:\Program Files\Common Files\<DIR> ODBC
[09/14/2008|10:29] C:\Program Files\Common Files\<DIR> PCSuite
[09/12/2006|09:37] C:\Program Files\Common Files\<DIR> Real
[01/14/2006|03:07] C:\Program Files\Common Files\<DIR> Services
[01/14/2006|05:26] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/14/2006|03:07] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 30 Processes )

... OK !

--------------------\\ Searching with S_Lop

C:\DOCUME~1\RAKESH\APPLIC~1\DRVMEA~1

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\encplatformstart]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Rakesh\\APPLIC~1\\DRVMEA~1\\wipe mapi window.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 14:05:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\RAKESH\Desktop\housefulc\New Folder\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal.Shield.4.1.+.Crack.torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal Shield 4.1 + Crack
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar(2).torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal Shield 4.1 + Crack\ushield.exe
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal Shield 4.1 + Crack\USPro.exe
C:\DOCUME~1\RAKESH\Application Data\uTorrent\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.1.torrent
C:\DOCUME~1\RAKESH\Application Data\uTorrent\Universal Shield 4.1 + Crack.torrent
C:\DOCUME~1\RAKESH\Application Data\uTorrent\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.torrent
C:\DOCUME~1\RAKESH\Application Data\uTorrent\123.AVI.to.GIF.Converter.v3.0.Incl.Keygen-TSRh.torrent


[F:29][D:1]-> C:\DOCUME~1\Rakesh\LOCALS~1\Temp
[F:69][D:0]-> C:\DOCUME~1\Rakesh\Cookies
[F:34][D:4]-> C:\DOCUME~1\Rakesh\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - Mon 02/02/2009|14:05 - Option : [1]

--------------------\\ Scan completed at 14:05:46



---------------------------------------------------------------------

ComboFix 09-02-01.01 - Rakesh 2009-02-02 14:10:15.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.182 [GMT 5.5:30]
Running from: c:\documents and settings\Rakesh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rakesh\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\is-7FQQS.exe
c:\windows\is-7FQQS.lst
c:\windows\is-7FQQS.msg
c:\windows\System32\Drivers\gaopdxeyoynkrd.sys
c:\windows\system32\drivers\gaopdxjoyxvkon.sys
c:\windows\system32\drivers\gaopdxlqijrkdy.sys
c:\windows\System32\Drivers\gaopdxqjnqhnlp.dll
c:\windows\system32\drivers\gaopdxsrfqxeut.sys
c:\windows\system32\drivers\gaopdxwwuplhbq.sys
c:\windows\system32\drivers\gaopdxyqmepxuf.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\is-7FQQS.exe
c:\windows\is-7FQQS.lst
c:\windows\is-7FQQS.msg
c:\windows\system32\drivers\gaopdxjoyxvkon.sys
c:\windows\system32\drivers\gaopdxlqijrkdy.sys
c:\windows\system32\drivers\gaopdxsrfqxeut.sys
c:\windows\system32\drivers\gaopdxwwuplhbq.sys
c:\windows\system32\drivers\gaopdxyqmepxuf.sys

.
((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))))
.

2009-02-02 14:02 . 2009-02-02 14:02 <DIR> d-------- C:\Lop SD
2009-01-30 17:07 . 2008-04-17 21:13 811,008 --a------ C:\gmer.exe
2009-01-30 16:52 . 2009-01-30 17:15 250 --a------ c:\windows\gmer.ini
2009-01-30 16:49 . 2009-01-30 16:49 <DIR> d-------- C:\combos
2009-01-21 12:15 . 2009-01-21 12:15 <DIR> d--hs---- C:\FOUND.045
2009-01-21 11:54 . 2009-01-21 11:54 <DIR> d-------- c:\program files\Trend Micro
2009-01-21 11:25 . 2009-01-21 11:25 <DIR> d-------- C:\HJT
2009-01-20 12:59 . 2009-01-20 12:59 <DIR> d-------- c:\program files\bitsoft.net
2009-01-16 20:10 . 2009-01-16 20:10 <DIR> d-------- c:\program files\AVI MPEG ASF WMV Splitter
2009-01-16 20:10 . 2009-01-16 20:10 <DIR> d-------- c:\documents and settings\Rakesh\Application Data\Bitsoft
2009-01-16 08:36 . 2009-01-16 08:36 <DIR> d--hs---- C:\FOUND.044
2009-01-14 02:40 . 2009-01-14 02:40 <DIR> d--hs---- C:\FOUND.043
2009-01-12 19:04 . 2009-01-12 19:04 <DIR> d-------- c:\documents and settings\Rakesh\LocalLow
2009-01-12 19:04 . 2009-01-12 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\TVU Networks
2009-01-11 00:37 . 2009-01-11 00:37 <DIR> d--hs---- C:\FOUND.042

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 17:33 3,060,224 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 05:16 --------- d-----w c:\documents and settings\All Users\Application Data\Bluetooth
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2007-10-03 14:14 21,280 ----a-w c:\documents and settings\Rakesh\Application Data\GDIPFONTCACHEV1.DAT
2009-01-17 04:26 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-17 04:26 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-15 15:48 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-01-17 04:26 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-17 04:26 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-17 04:26 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\Rakesh\LocalLow ----

2009-01-12 19:16 73728 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\TVU
2009-01-12 19:16 15930 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\DownDatabase.Xml
2009-01-12 19:15 336710 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\ChannelList.xml
2009-01-12 19:14 228 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\PeerList.xml
2009-01-12 19:05 898 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\5225.png
2009-01-12 19:05 851 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\5455.png
2009-01-12 19:05 767 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\6888.png
2009-01-12 19:05 654 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\JSBC.png
2009-01-12 19:05 628 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\3992.png
2009-01-12 19:05 619 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\MAVTV.png
2009-01-12 19:05 611 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\5500.png
2009-01-12 19:05 608 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\3000.png
2009-01-12 19:05 585 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\9000.png
2009-01-12 19:05 574 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\640.png
2009-01-12 19:05 566 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\4000.png
2009-01-12 19:05 547 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\620.png
2009-01-12 19:05 536 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\CNA.png
2009-01-12 19:05 511 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\Telemundo.png
2009-01-12 19:05 502 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\8670.png
2009-01-12 19:05 485 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\212.png
2009-01-12 19:05 474 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\CNTV.png
2009-01-12 19:05 402 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\Nostalgia.png
2009-01-12 19:05 3684 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\OCJ.png
2009-01-12 19:05 1434 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\570.png
2009-01-12 19:05 1348 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\270.png
2009-01-12 19:05 1339 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\530.png
2009-01-12 19:05 1285 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\TV9.gif
2009-01-12 19:05 1175 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\ETTV.png
2009-01-12 19:05 1169 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\lonestar sports
2009-01-12 19:04 409 --a------ c:\documents and settings\Rakesh\LocalLow\TVU Networks\TVUPlayer\logo\PDTV.png


((((((((((((((((((((((((((((( snapshot@2009-01-25_ 9.06.27.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 14:32:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2009-01-30 11:22:16 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 15:43:02 811,008 ----a-w c:\windows\gmer.exe
- 2000-08-31 02:30:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 02:30:00 286,720 ----a-w c:\windows\SWREG.exe
+ 2009-01-30 11:22:16 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0A94B116-4504-4e26-AB05-E61E474AA38B}"= "c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL" [2007-08-07 61440]
"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\program files\speed-bit\tbspe1.dll" [2007-09-25 1453080]

[HKEY_CLASSES_ROOT\clsid\{0a94b116-4504-4e26-ab05-e61e474aa38b}]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2007-09-25 02:17 1453080 --a------ c:\program files\speed-bit\tbspe1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\program files\speed-bit\tbspe1.dll" [2007-09-25 1453080]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "c:\program files\speed-bit\tbspe1.dll" [2007-09-25 1453080]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"AutoPowerOn"="c:\program files\AutoPowerOn\AutoPowerOn.exe" [2006-02-10 718848]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-20 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-06 118784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"WinGuard Pro"="c:\windows\system32\wgp.exe" [2006-10-18 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"PV92TRAY"="PV92Tray.exe" [2005-04-29 c:\windows\system32\PV92Tray.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-03 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-14 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"l3codecp.acm"= Fraunhofer IIS MPEG Layer-3 Codec
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-15 23:27 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
--a------ 2004-06-11 16:04 1226752 c:\program files\Intel\IDU\iptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 18:29 303104 c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 12:05 212992 c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2005-08-11 22:02 53248 c:\program files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-04 06:19 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--a------ 2005-08-10 12:49 163840 c:\program files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 18:18 151552 c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-21 00:11 33792 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-04 07:13 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
-ra------ 2005-04-29 10:54 180224 c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-05-05 05:58 14396416 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"OracleWebAssistant0"=2 (0x2)
"OracleServiceAB"=2 (0x2)
"OracleOraHome81TNSListener"=2 (0x2)
"OracleOraHome81DataGatherer"=3 (0x3)
"OracleOraHome81ClientCache"=3 (0x3)
"OracleOraHome81Agent"=3 (0x3)
"iHCService"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"Diskeeper"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\JavaSoft\\JRE\\1.3\\bin\\rmid.exe"=
"c:\\Program Files\\JavaSoft\\JRE\\1.3\\bin\\rmiregistry.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=

R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2004-06-01 10386]
R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [2007-08-07 35200]
R3 US30Kbd;US30Kbd;c:\windows\system32\drivers\US30Kbd2K.sys [2005-03-31 10464]
S2 PCAutoPowerOnService;Auto Power-on & Shut-down Service;c:\program files\AutoPowerOn\PCAutoPowerOnService.exe [2007-11-20 484864]
S3 wip0203;Wippien Network Adapter 2.3;c:\windows\system32\drivers\wip0203.sys [2007-09-02 23096]
S4 OracleOraHome81Agent;OracleOraHome81Agent;e:\oracle\Ora81\bin\dbsnmp.exe --> e:\oracle\Ora81\bin\dbsnmp.exe [?]
S4 OracleOraHome81ClientCache;OracleOraHome81ClientCache;e:\oracle\Ora81\BIN\ONRSD.EXE --> e:\oracle\Ora81\BIN\ONRSD.EXE [?]
S4 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer;e:\oracle\Ora81\bin\vppdc.exe --> e:\oracle\Ora81\bin\vppdc.exe [?]
S4 OracleOraHome81TNSListener;OracleOraHome81TNSListener;e:\oracle\Ora81\BIN\TNSLSNR --> e:\oracle\Ora81\BIN\TNSLSNR [?]
S4 OracleServiceAB;OracleServiceAB;e:\oracle\ora81\bin\ORACLE.EXE AB --> e:\oracle\ora81\bin\ORACLE.EXE AB [?]
S4 OracleWebAssistant0;OracleWebAssistant0;e:\oracle\Ora81\BIN\OWASTSVR.EXE --> e:\oracle\Ora81\BIN\OWASTSVR.EXE [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ca3ba40-d5f6-11dc-8b31-001320cadede}]
\Shell\AutoRun\command - L:\xn1i9x.com
\Shell\explore\Command - L:\xn1i9x.com
\Shell\open\Command - L:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89523ea2-8e53-11dd-8d50-001320cadede}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2007-11-19 c:\windows\Tasks\Calculator.job
- c:\windows\system32\calc.exe [2001-08-23 17:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
uInternet Settings,ProxyServer = 0.0.0.0:80
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rakesh\Application Data\Mozilla\Firefox\Profiles\4hjxnzs7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 14:12:09
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome81TNSListener]
"ImagePath"="e:\oracle\Ora81\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-879983540-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\progra~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
.
Completion time: 2009-02-02 14:13:34
ComboFix-quarantined-files.txt 2009-02-02 08:43:32
ComboFix2.txt 2009-01-25 03:37:38

Pre-Run: 796,262,400 bytes free
Post-Run: 785,883,136 bytes free

300 --- E O F --- 2009-01-13 21:32:05


-------------------------------------------------------------------------------------

#11 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:45 PM

Posted 02 February 2009 - 03:09 PM

udayippo,

I'm glad that your HD and spoolsv.exe issues have resolved. :thumbup2:

Now let's see if the following fix can help the extended shut-down time you are experiencing.


Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 3 to choose Option 3 (Fix - Hosts), then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

#12 udayippu

udayippu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 02 February 2009 - 11:17 PM

before doing the above step, let me tell u that my windows xp is asking for genuine validation..there was no probs b4...i tried some keyfinder...but not working...plzz help in this too....

#13 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:45 PM

Posted 03 February 2009 - 01:28 PM

udayippo,

When are you being asked to Validate Windows? At start-up, while visiting Microsoft Update, etc.?

I'm not sure why your computer is now asking for Windows Validation, but if you have a legitimate copy of Windows installed you can just run the Windows Validation process again and validate your Windows OS:
  • Go to Microsoft's Genuine Software and click on Validate Windows on the left side of the page.
  • You will need to use Internet Explorer. You can use FireFox, but you will have to download a plug-in, which the above link will provide steps for after you click on Validate Windows. Using Internet Explorer will just be simpler.
Once you've finished validating windows, please do the following:

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 3 to choose Option 3 (Fix - Hosts), then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

#14 udayippu

udayippu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:15 AM

Posted 05 February 2009 - 12:34 AM

now i could shut down easily....
but when i requested for the same prob in some other forum, they told me to use... 'OTMoveIt3 by OldTimer '
should i use it now??...

i am pasting that here...

-----------------------------------

Please download the OTMoveIt3 by OldTimer

* Save it to your desktop.
* Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

----------------

CODE
:Processes
explorer.exe

:Services

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ca3ba40-d5f6-11dc-8b31-001320cadede}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89523ea2-8e53-11dd-8d50-001320cadede}]

:Files
C:\DOCUME~1\RAKESH\APPLIC~1\DRVMEA~1
C:\DOCUME~1\RAKESH\Desktop\housefulc\New Folder\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal.Shield.4.1.+.Crack.torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal Shield 4.1 + Crack
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar(2).torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal Shield 4.1 + Crack\ushield.exe
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal Shield 4.1 + Crack\USPro.exe
C:\DOCUME~1\RAKESH\Application Data\uTorrent\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.1.torrent
C:\DOCUME~1\RAKESH\Application Data\uTorrent\Universal Shield 4.1 + Crack.torrent
C:\DOCUME~1\RAKESH\Application Data\uTorrent\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.torrent
C:\DOCUME~1\RAKESH\Application Data\uTorrent\123.AVI.to.GIF.Converter.v3.0.Incl.Keygen-TSRh.torrent
C:\FOUND.04?
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
------------------------
* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
* Close OTMoveIt3


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


---------------------------------------------

should i test this????....i think my prob is resolved by now...
pasting the lopR log here as u said...


----

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )
BIOS : BIOS Date: 04/29/05 21:08:57 Ver: 08.00.10
USER : Rakesh ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:15 Go (Free:0 Go)
D:\ (Local Disk) - FAT32 - Total:19 Go (Free:0 Go)
E:\ (Local Disk) - FAT32 - Total:19 Go (Free:0 Go)
F:\ (Local Disk) - FAT32 - Total:9 Go (Free:0 Go)
G:\ (CD or DVD)
H:\ (Local Disk) - FAT32 - Total:1 Go (Free:0 Go)
I:\ (Local Disk) - FAT32 - Total:9 Go (Free:0 Go)
J:\ (Local Disk) - FAT32 - Total:29 Go (Free:0 Go)
K:\ (Local Disk) - FAT32 - Total:29 Go (Free:0 Go)
M:\ (Local Disk) - FAT32 - Total:26 Go (Free:0 Go)
S:\ (Local Disk) - FAT32 - Total:9 Go (Free:0 Go)
T:\ (Local Disk) - FAT32 - Total:29 Go (Free:0 Go)
W:\ (Local Disk) - FAT32 - Total:14 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [3] ( Thu 02/05/2009|10:46 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\RAKESH\APPLIC~1\DRVMEA~1
Deleted! - C:\Program Files\DRVMEA~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[01/14/2006|05:22] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/14/2006|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/13/2006|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[12/12/2008|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Bluetooth
[01/14/2006|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[11/02/2008|01:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EmailNotifier
[07/31/2007|02:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[09/14/2008|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Installations
[09/12/2006|09:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[02/25/2008|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[01/14/2006|03:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[01/14/2006|05:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[09/14/2008|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Suite
[08/07/2007|02:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[01/12/2009|07:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TVU Networks
[08/23/2007|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[08/04/2007|06:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[03/25/2006|08:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[01/14/2006|05:22] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[12/06/2007|02:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> BitTorrent
[08/09/2007|01:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[01/14/2006|05:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[11/19/2007|11:34] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> .ABC
[01/14/2006|03:26] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Adobe
[03/12/2006|01:30] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Ahead
[08/10/2008|03:49] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Audacity
[11/20/2007|01:08] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> AutoPowerOn
[01/16/2009|08:10] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Bitsoft
[10/03/2007|01:27] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> BitTorrent
[10/03/2007|01:27] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> BitTorrent DNA
[01/14/2006|07:54] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> CyberLink
[09/01/2007|02:39] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> DivX
[01/16/2008|11:38] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> DMCache
[03/13/2008|08:06] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> DNA
[06/06/2007|11:35] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> dvdcss
[04/24/2008|11:44] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Flock
[01/25/2006|11:32] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> gen_ff v1.07
[07/31/2007|03:02] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Google
[01/16/2006|12:32] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Help
[01/14/2006|03:15] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Identities
[01/16/2008|11:38] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> IDM
[08/10/2007|03:49] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> InstallShield
[01/14/2006|03:26] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> InterTrust
[09/12/2006|09:02] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Intervideo
[03/09/2006|11:26] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Macromedia
[02/25/2008|01:29] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Malwarebytes
[02/22/2007|07:15] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Media Player Classic
[08/10/2007|03:51] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Megaupload
[08/10/2007|02:59] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> MegauploadToolbar
[01/14/2006|05:22] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Microsoft
[08/04/2007|06:55] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Mozilla
[08/26/2007|07:19] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Musicmatch
[09/29/2006|12:39] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Nero
[10/27/2007|07:52] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Netscape
[09/14/2008|10:30] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Nokia
[09/14/2008|10:30] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> PC Suite
[03/11/2008|07:54] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Sun
[08/04/2007|06:55] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Talkback
[08/04/2007|07:24] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> uTorrent
[06/03/2007|02:52] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> vlc
[01/27/2008|07:39] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Vso
[09/02/2007|01:45] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Wippien
[08/04/2007|11:56] C:\DOCUME~1\RAKESH\APPLIC~1\<DIR> Yahoo!

[01/14/2006|05:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[09/15/2007|11:04] C:\DOCUME~1\ADMINI~1.RAK\APPLIC~1\<DIR> DivX
[01/14/2006|05:22] C:\DOCUME~1\ADMINI~1.RAK\APPLIC~1\<DIR> Microsoft
[09/15/2007|03:05] C:\DOCUME~1\ADMINI~1.RAK\APPLIC~1\<DIR> Mozilla
[09/15/2007|03:06] C:\DOCUME~1\ADMINI~1.RAK\APPLIC~1\<DIR> Talkback



--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/20/2007 12:25 AM][--a------] C:\WINDOWS\tasks\Calculator.job
[07/08/2007 10:35 PM][--a------] C:\WINDOWS\tasks\UPS System Shutdown Program.job
[02/05/2009 10:38 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 05:30 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[06/12/2008|08:07] C:\Program Files\<DIR> 3D Live Snooker
[11/19/2007|11:34] C:\Program Files\<DIR> ABC
[02/02/2009|05:17] C:\Program Files\<DIR> ABC Amber NBU Converter
[08/04/2007|10:21] C:\Program Files\<DIR> Absolutist.com
[01/14/2006|03:26] C:\Program Files\<DIR> Adobe
[01/14/2006|03:42] C:\Program Files\<DIR> Ahead
[08/07/2007|02:23] C:\Program Files\<DIR> AskPBar
[08/10/2008|03:49] C:\Program Files\<DIR> Audacity 1.3 Beta (Unicode)
[08/10/2008|03:56] C:\Program Files\<DIR> AudacityPortable
[11/20/2007|01:08] C:\Program Files\<DIR> AutoPowerOn
[01/16/2009|08:10] C:\Program Files\<DIR> AVI MPEG ASF WMV Splitter
[01/20/2009|12:59] C:\Program Files\<DIR> bitsoft.net
[10/03/2007|01:27] C:\Program Files\<DIR> BitTorrent
[10/03/2007|01:27] C:\Program Files\<DIR> BitTorrent_DNA
[02/24/2008|08:53] C:\Program Files\<DIR> CleanUp!
[12/18/2007|10:05] C:\Program Files\<DIR> Combined Community Codec Pack
[01/14/2006|05:26] C:\Program Files\<DIR> Common Files
[09/29/2007|08:55] C:\Program Files\<DIR> Conf
[03/21/2006|09:03] C:\Program Files\<DIR> Creative
[01/14/2006|03:44] C:\Program Files\<DIR> CyberLink
[08/07/2007|02:15] C:\Program Files\<DIR> DAP
[09/14/2008|10:29] C:\Program Files\<DIR> DIFX
[12/18/2007|10:20] C:\Program Files\<DIR> DivX
[03/12/2006|01:30] C:\Program Files\<DIR> DivX Player
[03/13/2008|08:06] C:\Program Files\<DIR> DNA
[08/27/2007|11:02] C:\Program Files\<DIR> DVD Cutter
[01/29/2006|09:21] C:\Program Files\<DIR> DXBall2
[03/21/2006|08:56] C:\Program Files\<DIR> Eidos Interactive
[08/12/2007|03:18] C:\Program Files\<DIR> Everstrike Software
[08/27/2007|04:24] C:\Program Files\<DIR> Executive Software
[04/24/2008|11:42] C:\Program Files\<DIR> Flock
[02/09/2006|08:27] C:\Program Files\<DIR> Google
[07/31/2006|11:49] C:\Program Files\<DIR> HFXP2
[01/21/2009|11:26] C:\Program Files\<DIR> Hijackthis
[01/14/2006|03:16] C:\Program Files\<DIR> InstallShield Installation Information
[01/14/2006|03:17] C:\Program Files\<DIR> Intel
[12/27/2006|11:08] C:\Program Files\<DIR> InterActual
[01/16/2008|11:37] C:\Program Files\<DIR> Internet Download Manager
[01/25/2006|12:14] C:\Program Files\<DIR> Internet Explorer
[09/12/2006|09:42] C:\Program Files\<DIR> InterVideo
[11/02/2007|09:46] C:\Program Files\<DIR> InterVideo Information Service
[02/02/2009|02:42] C:\Program Files\<DIR> IVT Corporation
[03/04/2008|08:14] C:\Program Files\<DIR> Java
[01/14/2006|04:34] C:\Program Files\<DIR> JavaSoft
[01/14/2006|04:10] C:\Program Files\<DIR> Macromedia
[01/14/2006|03:46] C:\Program Files\<DIR> McAfee.com
[08/10/2007|03:50] C:\Program Files\<DIR> Megaupload
[08/10/2007|02:59] C:\Program Files\<DIR> MegauploadToolbar
[01/14/2006|03:06] C:\Program Files\<DIR> Messenger
[01/14/2006|03:32] C:\Program Files\<DIR> Microsoft ActiveSync
[01/14/2006|03:09] C:\Program Files\<DIR> microsoft frontpage
[01/14/2006|03:30] C:\Program Files\<DIR> Microsoft Office
[01/14/2006|03:31] C:\Program Files\<DIR> Microsoft Visual Studio
[01/25/2006|12:24] C:\Program Files\<DIR> Movie Maker
[08/04/2007|06:54] C:\Program Files\<DIR> Mozilla Firefox
[08/10/2008|03:10] C:\Program Files\<DIR> Mp3 Knife
[08/10/2008|03:19] C:\Program Files\<DIR> Mp3 Merger
[02/25/2007|12:30] C:\Program Files\<DIR> Mpgdvd
[01/14/2006|03:05] C:\Program Files\<DIR> MSN
[01/14/2006|03:06] C:\Program Files\<DIR> MSN Gaming Zone
[08/05/2007|07:21] C:\Program Files\<DIR> MSXML 4.0
[03/25/2006|02:17] C:\Program Files\<DIR> Musicmatch
[02/26/2008|08:08] C:\Program Files\<DIR> MZL & Novatech TrafficStatistic
[03/25/2006|08:41] C:\Program Files\<DIR> Nero
[01/14/2006|03:07] C:\Program Files\<DIR> NetMeeting
[10/27/2007|07:52] C:\Program Files\<DIR> Netscape
[08/27/2007|04:05] C:\Program Files\<DIR> NewTech Infosystems
[02/02/2009|05:12] C:\Program Files\<DIR> Noki
[09/14/2008|10:28] C:\Program Files\<DIR> Nokia
[01/14/2006|03:06] C:\Program Files\<DIR> Online Services
[12/24/2007|12:07] C:\Program Files\<DIR> Onlinebandit
[01/14/2006|03:07] C:\Program Files\<DIR> Outlook Express
[02/02/2009|02:33] C:\Program Files\<DIR> PC Connectivity Solution
[09/12/2006|09:37] C:\Program Files\<DIR> Real
[01/25/2006|12:27] C:\Program Files\<DIR> Realtek
[08/20/2007|04:17] C:\Program Files\<DIR> speed-bit
[08/07/2007|02:23] C:\Program Files\<DIR> SpeedBit Video Accelerator
[08/07/2007|02:28] C:\Program Files\<DIR> SpeedOptimizer
[08/03/2006|03:28] C:\Program Files\<DIR> Stardock
[01/21/2007|10:34] C:\Program Files\<DIR> Talisman 2
[01/21/2009|11:54] C:\Program Files\<DIR> Trend Micro
[01/14/2006|03:15] C:\Program Files\<DIR> Uninstall Information
[08/14/2007|04:03] C:\Program Files\<DIR> Universal Shield 4.1
[08/04/2007|07:24] C:\Program Files\<DIR> uTorrent
[02/09/2006|10:09] C:\Program Files\<DIR> VCD Cutter
[02/09/2006|10:10] C:\Program Files\<DIR> VCDCut
[06/03/2007|02:52] C:\Program Files\<DIR> VideoLAN
[01/27/2008|08:12] C:\Program Files\<DIR> VSO
[01/14/2006|04:23] C:\Program Files\<DIR> Web Publish
[09/01/2007|12:22] C:\Program Files\<DIR> Webteh
[01/25/2006|12:26] C:\Program Files\<DIR> Winamp
[08/23/2007|02:21] C:\Program Files\<DIR> Windows Media Connect 2
[01/25/2006|12:25] C:\Program Files\<DIR> Windows Media Player
[01/14/2006|03:05] C:\Program Files\<DIR> Windows NT
[01/14/2006|03:08] C:\Program Files\<DIR> WindowsUpdate
[09/30/2007|08:04] C:\Program Files\<DIR> WinGuard Pro 2007
[02/26/2008|08:09] C:\Program Files\<DIR> WinPcap
[04/07/2006|09:28] C:\Program Files\<DIR> Winrar
[01/14/2006|03:33] C:\Program Files\<DIR> WinZip
[02/10/2007|12:35] C:\Program Files\<DIR> WSPingPR
[01/14/2006|03:09] C:\Program Files\<DIR> xerox
[08/03/2006|03:26] C:\Program Files\<DIR> XP Codec Pack
[03/25/2006|08:34] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/14/2006|03:26] C:\Program Files\Common Files\<DIR> Adobe
[01/14/2006|03:42] C:\Program Files\Common Files\<DIR> Ahead
[01/14/2006|03:31] C:\Program Files\Common Files\<DIR> Designer
[03/24/2006|10:46] C:\Program Files\Common Files\<DIR> DirectX
[02/25/2008|01:28] C:\Program Files\Common Files\<DIR> Download Manager
[08/12/2007|03:18] C:\Program Files\Common Files\<DIR> Everstrike Software
[01/14/2006|03:16] C:\Program Files\Common Files\<DIR> InstallShield
[08/26/2007|12:41] C:\Program Files\Common Files\<DIR> InterVideo
[03/04/2008|08:14] C:\Program Files\Common Files\<DIR> Java
[01/14/2006|03:30] C:\Program Files\Common Files\<DIR> L&H
[01/14/2006|05:26] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/14/2006|03:07] C:\Program Files\Common Files\<DIR> MSSoap
[02/02/2009|02:33] C:\Program Files\Common Files\<DIR> Nokia
[01/14/2006|05:26] C:\Program Files\Common Files\<DIR> ODBC
[02/02/2009|02:33] C:\Program Files\Common Files\<DIR> PCSuite
[09/12/2006|09:37] C:\Program Files\Common Files\<DIR> Real
[01/14/2006|03:07] C:\Program Files\Common Files\<DIR> Services
[01/14/2006|05:26] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/14/2006|03:07] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 31 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 10:48:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\RAKESH\Desktop\housefulc\New Folder\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal.Shield.4.1.+.Crack.torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal Shield 4.1 + Crack
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar(2).torrent
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal Shield 4.1 + Crack\ushield.exe
C:\DOCUME~1\RAKESH\Desktop\housefulc\fresh\Universal Shield 4.1 + Crack\USPro.exe
C:\DOCUME~1\RAKESH\Application Data\uTorrent\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.1.torrent
C:\DOCUME~1\RAKESH\Application Data\uTorrent\Universal Shield 4.1 + Crack.torrent
C:\DOCUME~1\RAKESH\Application Data\uTorrent\Internet.Password.Lock.v2.3.0.Incl.Keygen-CROSSFiRE.rar.torrent
C:\DOCUME~1\RAKESH\Application Data\uTorrent\123.AVI.to.GIF.Converter.v3.0.Incl.Keygen-TSRh.torrent


[F:67][D:11]-> C:\DOCUME~1\Rakesh\LOCALS~1\Temp
[F:70][D:0]-> C:\DOCUME~1\Rakesh\Cookies
[F:8][D:4]-> C:\DOCUME~1\Rakesh\LOCALS~1\TEMPOR~1\content.IE5
[F:3][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - Mon 02/02/2009|14:05 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Thu 02/05/2009|10:48 - Option : [3]

--------------------\\ Scan completed at 10:48:51


------------------

#15 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:07:45 PM

Posted 05 February 2009 - 03:11 PM

udayippo,

Do NOT run the OTMovetIt3 Fix. I should have stated this before we initially started (my fault):

In order for me to be effective in helping you with your computer problem(s) you must do the following:
  • Do not seek help at other Help Forums while we are working together. This will only confuse things.
  • Do not make any changes to your system until we have finished. Changes include the following:
  • Deleting Files/Folders
  • Running tools such as Anti-Virus, Anti-Spyware, etc., that will delete Files/folders.
  • Downloading and installing programs.
  • Running Fixes from other Help Forums
If you feel that you CAN follow these rules, then we can continue to work together. :thumbup2:
If you feel that you can NOT follow these rules, then we can no longer work together to fix your computer problems. :)

Just a word of Caution/Warning regarding the use of Cracks/KeyGens.
  • Aside from them being illegal, they are also a great source for getting infected with a Trojan/Virus/Rootkit/etc.. This is probably where you got infected. Not downloading and installing these Cracks/KeyGens will greatly increase the integrity of your computer.
  • Whether you continue to use these is obviously up to you, and I do not assume to tell you how to conduct yourself. Just merely pointing out the dangers of using such things, in case you weren't already aware of them.
If you have decided that you want to continue working with me...and following the above rules...please run ComboFix again by double-clicking on the ComboFix Icon and post a new ComboFix Log.

Doc.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users