Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various Virus Detected by AVG


  • Please log in to reply
18 replies to this topic

#1 Asim Hussain

Asim Hussain

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 28 February 2009 - 11:44 AM

DDS (Ver_09-02-01.01) - NTFSx86
Run by Asim Hussain at 16:28:10.05 on 28/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1413 [GMT 0:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Asim Hussain\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [AVG7_CC] "c:\progra~1\grisoft\avg7\avgcc.exe" /STARTUP
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [SoundMan] "c:\windows\SOUNDMAN.EXE"
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232127058750
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232127035750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1232135345564&h=808371a5f730fb1223e18cb87972b210/&filename=jinstall-6u11-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\asimhu~1\applic~1\mozilla\firefox\profiles\6ostxbs0.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2009-1-16 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2009-1-16 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2009-1-16 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2009-1-16 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2009-1-16 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2009-1-16 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2009-1-16 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2009-1-16 4960]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-17 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-17 596840]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384]
S2 gupdate1c989866a6fa276;Google Update Service (gupdate1c989866a6fa276);c:\program files\google\update\GoogleUpdate.exe [2009-2-8 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-1-18 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-1-18 8320]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-02-28 16:01 <DIR> --d----- C:\Autoruns
2009-02-27 14:11 <DIR> --d----- c:\program files\MKVtoolnix
2009-02-26 22:48 <DIR> --d----- c:\windows\NV32563260.TMP
2009-02-26 22:40 <DIR> --d----- c:\program files\Realtek AC97
2009-02-26 22:31 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx
2009-02-26 22:31 662,288 a------- c:\windows\system32\MSCOMCT2.OCX
2009-02-26 22:31 427,864 a------- c:\windows\system32\XceedZip.dll
2009-02-26 22:31 <DIR> --d----- c:\program files\Driver-Soft
2009-02-26 12:13 2,246,163 a------- c:\windows\system32\x264vfw.dll
2009-02-26 12:13 684,032 a------- c:\windows\system32\divx.dll
2009-02-26 10:35 <DIR> --d----- c:\docume~1\asimhu~1\applic~1\LaCie
2009-02-26 10:35 <DIR> --d----- c:\program files\LaCie
2009-02-26 10:35 <DIR> --d----- c:\windows\Downloaded Installations
2009-02-22 16:08 <DIR> --d----- c:\program files\Remote Professional
2009-02-12 20:15 <DIR> --d----- c:\windows\SxsCaPendDel
2009-02-12 19:50 <DIR> --d----- c:\program files\MSECACHE
2009-02-11 19:14 <DIR> --d----- c:\program files\megui
2009-02-09 13:18 401,408 a------- c:\windows\system32\nvcuvid.dll
2009-02-08 19:01 <DIR> --d-h--- c:\windows\PIF
2009-02-08 18:49 <DIR> --d----- c:\program files\Lavalys
2009-02-07 20:04 168,448 a------- c:\windows\system32\unrar.dll
2009-02-07 20:04 839,680 a------- c:\windows\system32\lameACM.acm
2009-02-07 20:04 795,648 a------- c:\windows\system32\xvidcore.dll
2009-02-07 20:04 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-02-07 20:04 118,784 a------- c:\windows\system32\ac3acm.acm
2009-02-07 20:04 414 a------- c:\windows\system32\lame_acm.xml
2009-02-07 20:04 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-02-07 20:04 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-07 20:04 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-02-07 20:04 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-02-07 16:36 <DIR> --d----- c:\program files\Haali
2009-02-07 16:34 <DIR> --d----- c:\program files\CoreCodec
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 17:31 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-02-06 17:31 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-02-06 17:31 <DIR> --d----- c:\program files\DivX
2009-02-04 21:49 <DIR> --d----- c:\program files\XviD
2009-01-31 14:26 <DIR> --d----- c:\program files\FairUse Wizard 2
2009-01-29 21:49 <DIR> --d----- c:\program files\Trend Micro
2009-01-29 20:01 <DIR> --d----- c:\program files\ratDVD

==================== Find3M ====================

2009-02-28 13:01 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-28 13:01 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-01-31 15:11 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-26 17:16 135 a---h--- c:\docume~1\asimhu~1\applic~1\lakerda1967.sys
2009-01-26 17:16 360,580 a------- c:\windows\eSellerateEngine.dll
2009-01-22 19:35 2,282,496 a------- c:\windows\system32\TUKernel.exe
2009-01-22 18:39 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-20 17:19 87,608 a------- c:\docume~1\asimhu~1\applic~1\inst.exe
2009-01-20 17:19 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-01-20 17:19 47,360 a------- c:\docume~1\asimhu~1\applic~1\pcouffin.sys
2009-01-18 22:09 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-18 22:09 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-18 15:37 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-01-17 15:16 74,703 a------- c:\windows\system32\mfc45.dll
2009-01-17 00:48 164 a------- C:\install.dat
2009-01-16 19:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-16 19:19 43,698 a------- c:\windows\system32\xvid-uninstall.exe
2009-01-16 18:33 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2009-01-16 18:24 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-01-16 17:13 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-16 17:13 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-16 15:22 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-26 00:08 6,168,960 a------- c:\windows\system32\nv4_disp(3).dll
2008-12-26 00:08 663,552 a------- c:\windows\system32\nvapi(3).dll
2008-12-26 00:08 453,152 a------- c:\windows\system32\nvudisp.exe
2008-12-26 00:08 163,908 a------- c:\windows\system32\nvsvc32(3).exe
2008-12-26 00:08 135,168 a------- c:\windows\system32\nvcod(3).dll
2008-12-26 00:08 86,016 a------- c:\windows\system32\nvmctray(3).dll
2008-12-23 21:58 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-21 21:46 351,744 a------- c:\windows\system32\avisynth.dll
2008-12-20 23:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-11 00:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-11 00:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-09 02:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-09 02:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-12-04 09:28 24,344 a------- c:\windows\system32\PhysXDevice.dll

============= FINISH: 16:35:11.41 ===============

Avg detected viruses which are on my external hardrive and C:/ drive where xp is installed.

external drive virus are below
Virus identified I-Worm/Generic.CNL","M:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx","2/28/2009 3:35:08 PM","jwgkvsq.vmx","157.44 KB"

and Virus identified Worm/Generic_c.ZS","M:\autorun.inf","2/28/2009 3:35:08 PM","autorun.inf","92.81 KB"

M: is my external harddrive.


please let me know if you need more information thanks.

Attached Files



BC AdBot (Login to Remove)

 


#2 Asim Hussain

Asim Hussain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 28 February 2009 - 06:53 PM

update after posting my log here. I can't display hidden files and folders any more and all my system restore files are not there anymore. help me please.

#3 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 04 March 2009 - 02:41 PM

Asim Hussain

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#4 Asim Hussain

Asim Hussain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 04 March 2009 - 04:35 PM

Thanks for taking your time out to help me.

I have changed avg virus to avast and spy sweeper to comodo firewall after i posted my hijack this log. avast has found more viruses on my external hard drive.

This combofix failed to install recovery console.

here combofix log

ComboFix 09-03-03.01 - Asim Hussain 2009-03-04 21:24:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1440 [GMT 0:00]
Running from: c:\documents and settings\Asim Hussain\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090303-2] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Asim Hussain\Application Data\inst.exe
c:\windows\system32\_000117_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-04 14:35 . 2009-03-04 14:35 <DIR> d-------- C:\rsit
2009-03-04 13:59 . 2009-03-04 13:59 <DIR> d-------- C:\Autoruns
2009-03-04 13:58 . 2009-03-04 13:58 7,680 --ahs---- c:\windows\Thumbs.db
2009-03-02 20:20 . 2009-03-02 21:09 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-02 17:50 . 2009-03-02 17:50 <DIR> d-------- c:\program files\Alwil Software
2009-03-01 19:48 . 2009-03-01 19:48 <DIR> d-------- c:\program files\COMODO
2009-03-01 19:48 . 2009-03-01 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Comodo
2009-03-01 19:48 . 2009-03-01 19:48 155,384 --a------ c:\windows\system32\guard32.dll
2009-03-01 19:48 . 2009-03-01 19:48 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-03-01 19:48 . 2009-03-01 19:48 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-01 17:57 . 2009-03-01 17:56 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-01 17:56 . 2009-03-01 17:56 <DIR> d-------- c:\program files\Java
2009-03-01 00:19 . 2009-03-01 00:19 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\Windows Search
2009-03-01 00:12 . 2009-03-01 00:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 00:12 . 2009-03-01 00:12 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\Malwarebytes
2009-03-01 00:12 . 2009-03-01 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-01 00:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 00:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-01 00:03 . 2009-03-01 00:03 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-01 00:03 . 2009-03-01 00:03 <DIR> d-------- c:\program files\Windows Desktop Search
2009-03-01 00:03 . 2009-03-01 00:03 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\Windows Desktop Search
2009-03-01 00:01 . 2006-11-13 06:02 288,768 --------- c:\windows\system32\rhttpaa.dll
2009-03-01 00:01 . 2006-11-13 06:02 116,736 --------- c:\windows\system32\aaclient.dll
2009-03-01 00:01 . 2006-11-13 06:02 36,352 --------- c:\windows\system32\tsgqec.dll
2009-02-27 14:11 . 2009-02-27 14:11 <DIR> d-------- c:\program files\MKVtoolnix
2009-02-26 22:48 . 2009-02-26 22:51 <DIR> d-------- c:\windows\NV32563260.TMP
2009-02-26 22:40 . 2009-02-26 22:40 <DIR> d-------- c:\program files\Realtek AC97
2009-02-26 22:31 . 2009-02-26 22:31 <DIR> d-------- c:\program files\Driver-Soft
2009-02-26 22:31 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx
2009-02-26 22:31 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-02-26 22:31 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll
2009-02-26 12:13 . 2009-01-28 21:25 2,246,163 --a------ c:\windows\system32\x264vfw.dll
2009-02-26 12:13 . 2008-11-06 16:33 684,032 --a------ c:\windows\system32\divx.dll
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\program files\LaCie
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\LaCie
2009-02-22 16:08 . 2009-02-22 16:08 <DIR> d-------- c:\program files\Remote Professional
2009-02-16 19:55 . 2009-02-16 19:55 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-02-12 20:15 . 2009-02-12 20:23 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-12 19:50 . 2009-02-12 20:32 <DIR> d-------- c:\program files\MSECACHE
2009-02-11 19:14 . 2009-02-11 20:45 <DIR> d-------- c:\program files\megui
2009-02-09 13:18 . 2009-02-09 13:18 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-02-08 19:01 . 2009-02-08 19:01 <DIR> d--h----- c:\windows\PIF
2009-02-08 18:49 . 2009-02-08 18:49 <DIR> d-------- c:\program files\Lavalys
2009-02-08 00:44 . 2009-03-01 19:43 <DIR> d-------- c:\program files\Google
2009-02-07 20:04 . 2009-02-26 12:13 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-02-07 20:04 . 2008-09-24 18:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-02-07 20:04 . 2008-12-07 18:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-02-07 20:04 . 2004-01-25 16:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-02-07 20:04 . 2008-09-16 19:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-02-07 20:04 . 2008-12-07 18:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-02-07 20:04 . 2007-09-21 00:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-02-07 20:04 . 2009-02-09 18:56 67,584 --a------ c:\windows\system32\ff_vfw.dll
2009-02-07 20:04 . 2007-07-10 16:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-02-07 20:04 . 2008-10-03 12:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-02-07 16:36 . 2009-02-07 16:36 <DIR> d-------- c:\program files\Haali
2009-02-07 16:34 . 2009-02-07 16:40 <DIR> d-------- c:\program files\CoreCodec
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-06 17:32 . 2009-02-06 17:41 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\DivX
2009-02-06 17:31 . 2009-02-26 12:10 <DIR> d-------- c:\program files\DivX
2009-02-06 17:31 . 2008-11-06 16:37 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-02-06 17:31 . 2008-11-06 16:37 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-02-04 21:49 . 2009-02-04 21:49 <DIR> d-------- c:\program files\XviD
2009-02-04 18:54 . 2009-02-04 18:54 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\ImgBurn
2009-02-04 18:53 . 2009-02-04 18:53 <DIR> d-------- c:\program files\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 21:27 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-03-04 21:27 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-03-04 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-03 21:05 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Azureus
2009-02-27 14:14 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\UseNeXT
2009-02-27 13:51 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\uTorrent
2009-02-26 23:17 --------- d-----w c:\program files\Vuze
2009-02-26 22:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-26 22:49 --------- d-----w c:\program files\AGEIA Technologies
2009-02-26 22:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 22:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 19:27 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Vso
2009-02-25 21:40 --------- d-----w c:\program files\SopCast
2009-02-22 16:39 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Nokia
2009-02-22 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-17 18:51 --------- d-----w c:\program files\Driving Test Complete
2009-02-16 17:21 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\mIRC
2009-02-16 16:59 --------- d-----w c:\program files\mIRC
2009-02-13 22:02 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\iolo
2009-02-12 21:41 --------- d-----w c:\program files\UseNeXT
2009-02-11 19:16 --------- d-----w c:\program files\AviSynth 2.5
2009-02-11 18:56 --------- d-----w c:\program files\Gabest
2009-02-09 13:18 6,307,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-07 16:47 --------- d-----w c:\program files\GordianKnot
2009-02-04 21:49 --------- d-----w c:\program files\AutoGK
2009-01-31 14:36 --------- d-----w c:\program files\FairUse Wizard 2
2009-01-29 21:49 --------- d-----w c:\program files\Trend Micro
2009-01-29 20:01 --------- d-----w c:\program files\ratDVD
2009-01-28 20:42 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\AVS4YOU
2009-01-28 20:41 --------- d-----w c:\program files\AVS4YOU
2009-01-28 20:41 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-28 20:40 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-28 15:27 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Yahoo
2009-01-28 15:08 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-28 15:08 --------- d-----w c:\program files\Windows Live
2009-01-28 15:08 --------- d-----w c:\program files\Microsoft
2009-01-28 15:05 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-26 17:16 360,580 ----a-w c:\windows\eSellerateEngine.dll
2009-01-26 17:16 135 ---ha-w c:\documents and settings\Asim Hussain\Application Data\lakerda1967.sys
2009-01-26 17:16 --------- d-----w c:\program files\Common Files\eSellerate
2009-01-26 16:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-25 19:20 --------- d-----w c:\program files\Driving Test Success 2006-2007
2009-01-25 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\Driving Test Success
2009-01-25 15:19 --------- d-----w c:\program files\BlackSunSoft.net
2009-01-23 22:30 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\DAEMON Tools Lite
2009-01-22 18:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 18:33 --------- d-----w c:\program files\VID_0E8F&PID_0003
2009-01-22 18:33 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\InstallShield
2009-01-22 18:26 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2009-01-22 18:17 --------- d-----w c:\program files\KONAMI
2009-01-21 18:47 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\vlc
2009-01-21 18:41 --------- d-----w c:\program files\VideoLAN
2009-01-21 17:59 --------- d-----w c:\program files\avisplit
2009-01-21 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-21 17:02 --------- d-----w c:\program files\Yahoo!
2009-01-21 17:02 --------- d-----w c:\program files\Logitech
2009-01-21 17:02 --------- d-----w c:\program files\Common Files\logishrd
2009-01-21 17:02 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Leadertech
2009-01-21 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-01-21 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-20 17:19 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-20 17:19 47,360 ----a-w c:\documents and settings\Asim Hussain\Application Data\pcouffin.sys
2009-01-20 17:19 --------- d-----w c:\program files\VSO
2009-01-19 15:25 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Download Manager
2009-01-18 22:17 --------- d-----w c:\program files\Nokia
2009-01-18 22:17 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-01-18 22:16 --------- d-----w c:\program files\Common Files\Nokia
2009-01-18 22:15 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-18 22:14 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\PC Suite
2009-01-18 22:09 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-18 22:09 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-18 21:22 --------- d-----w c:\program files\DIFX
2009-01-18 21:22 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-18 21:21 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-18 17:11 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2009-01-18 16:23 --------- d-----w c:\program files\Your Uninstaller 2008
2009-01-18 16:20 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\URSoft
2009-01-18 16:10 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Winamp
2009-01-18 15:43 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\DAEMON Tools Pro
2009-01-18 15:43 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\DAEMON Tools
2009-01-18 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-18 15:41 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-18 15:37 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-17 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2009-01-17 15:38 --------- d-----w c:\program files\iolo
2009-01-17 00:48 164 ----a-w C:\install.dat
2009-01-16 21:24 --------- d-----w c:\program files\Ultra Flash Video FLV Converter
2009-01-16 21:01 --------- d-----w c:\program files\MSBuild
2009-01-16 20:59 --------- d-----w c:\program files\Reference Assemblies
2009-01-16 20:50 --------- d-----w c:\program files\TechSmith
2009-01-16 20:50 --------- d-----w c:\program files\Common Files\TechSmith Shared
2009-01-16 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-01-16 20:29 --------- d-----w c:\program files\WinAVI Video Converter
2009-01-16 20:19 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-16 20:16 --------- d-----w c:\program files\Common Files\Adobe
2009-01-16 19:41 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-01-16 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-01-16 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-16 19:28 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-16 19:24 --------- d-----w c:\program files\coolpro2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="c:\windows\system32\nwiz.exe" [2009-02-09 1657376]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2007-04-16 577536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-01 1851128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-16 17:23 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Asim Hussain^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Asim Hussain\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 17:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-01-08 19:38 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-01 17:56 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-02 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-01 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-01 24336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-02 20560]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-17 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-17 596840]
S2 gupdate1c989866a6fa276;Google Update Service (gupdate1c989866a6fa276);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
S2 hwotfpfhy;Installer Image;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-18 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-18 8320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
hwotfpfhy
.
Contents of the 'Scheduled Tasks' folder

2009-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-03-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 00:44]

2009-03-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 00:44]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-realtecg - c:\documents and settings\Asim Hussain\Application Data\Google\xpsdg6420222.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Asim Hussain\Application Data\Mozilla\Firefox\Profiles\6ostxbs0.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 21:28:57
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\guard32.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-04 21:31:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-04 21:31:48

Pre-Run: 103,836,831,744 bytes free
Post-Run: 103,758,458,880 bytes free

337 --- E O F --- 2009-02-26 22:10:43

Edited by Asim Hussain, 04 March 2009 - 04:37 PM.


#5 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 05 March 2009 - 02:41 PM

Asim Hussain

You are most welcome

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

Driver::
hwotfpfhy

File::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security

#6 Asim Hussain

Asim Hussain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 05 March 2009 - 03:05 PM

ComboFix 09-03-03.01 - Asim Hussain 2009-03-05 19:56:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1551 [GMT 0:00]
Running from: c:\documents and settings\Asim Hussain\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Asim Hussain\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090305-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HWOTFPFHY


((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-04 14:35 . 2009-03-04 14:35 <DIR> d-------- C:\rsit
2009-03-04 13:59 . 2009-03-04 13:59 <DIR> d-------- C:\Autoruns
2009-03-04 13:58 . 2009-03-04 13:58 7,680 --ahs---- c:\windows\Thumbs.db
2009-03-02 20:20 . 2009-03-02 21:09 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-02 17:50 . 2009-03-02 17:50 <DIR> d-------- c:\program files\Alwil Software
2009-03-01 19:48 . 2009-03-01 19:48 <DIR> d-------- c:\program files\COMODO
2009-03-01 19:48 . 2009-03-01 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Comodo
2009-03-01 19:48 . 2009-03-01 19:48 155,384 --a------ c:\windows\system32\guard32.dll
2009-03-01 19:48 . 2009-03-01 19:48 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-03-01 19:48 . 2009-03-01 19:48 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-01 17:57 . 2009-03-01 17:56 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-01 17:56 . 2009-03-01 17:56 <DIR> d-------- c:\program files\Java
2009-03-01 00:19 . 2009-03-01 00:19 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\Windows Search
2009-03-01 00:12 . 2009-03-01 00:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 00:12 . 2009-03-01 00:12 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\Malwarebytes
2009-03-01 00:12 . 2009-03-01 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-01 00:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 00:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-01 00:03 . 2009-03-01 00:03 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-01 00:03 . 2009-03-01 00:03 <DIR> d-------- c:\program files\Windows Desktop Search
2009-03-01 00:03 . 2009-03-01 00:03 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\Windows Desktop Search
2009-03-01 00:01 . 2006-11-13 06:02 288,768 --------- c:\windows\system32\rhttpaa.dll
2009-03-01 00:01 . 2006-11-13 06:02 116,736 --------- c:\windows\system32\aaclient.dll
2009-03-01 00:01 . 2006-11-13 06:02 36,352 --------- c:\windows\system32\tsgqec.dll
2009-02-27 14:11 . 2009-02-27 14:11 <DIR> d-------- c:\program files\MKVtoolnix
2009-02-26 22:48 . 2009-02-26 22:51 <DIR> d-------- c:\windows\NV32563260.TMP
2009-02-26 22:40 . 2009-02-26 22:40 <DIR> d-------- c:\program files\Realtek AC97
2009-02-26 22:31 . 2009-02-26 22:31 <DIR> d-------- c:\program files\Driver-Soft
2009-02-26 22:31 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx
2009-02-26 22:31 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-02-26 22:31 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll
2009-02-26 12:13 . 2009-01-28 21:25 2,246,163 --a------ c:\windows\system32\x264vfw.dll
2009-02-26 12:13 . 2008-11-06 16:33 684,032 --a------ c:\windows\system32\divx.dll
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\program files\LaCie
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\LaCie
2009-02-22 16:08 . 2009-02-22 16:08 <DIR> d-------- c:\program files\Remote Professional
2009-02-16 19:55 . 2009-02-16 19:55 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-02-12 20:15 . 2009-02-12 20:23 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-12 19:50 . 2009-02-12 20:32 <DIR> d-------- c:\program files\MSECACHE
2009-02-11 19:14 . 2009-02-11 20:45 <DIR> d-------- c:\program files\megui
2009-02-09 13:18 . 2009-02-09 13:18 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-02-08 19:01 . 2009-02-08 19:01 <DIR> d--h----- c:\windows\PIF
2009-02-08 18:49 . 2009-02-08 18:49 <DIR> d-------- c:\program files\Lavalys
2009-02-08 00:44 . 2009-03-01 19:43 <DIR> d-------- c:\program files\Google
2009-02-07 20:04 . 2009-02-26 12:13 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-02-07 20:04 . 2008-09-24 18:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-02-07 20:04 . 2008-12-07 18:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-02-07 20:04 . 2004-01-25 16:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-02-07 20:04 . 2008-09-16 19:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-02-07 20:04 . 2008-12-07 18:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-02-07 20:04 . 2007-09-21 00:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-02-07 20:04 . 2009-02-09 18:56 67,584 --a------ c:\windows\system32\ff_vfw.dll
2009-02-07 20:04 . 2007-07-10 16:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-02-07 20:04 . 2008-10-03 12:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-02-07 16:36 . 2009-02-07 16:36 <DIR> d-------- c:\program files\Haali
2009-02-07 16:34 . 2009-02-07 16:40 <DIR> d-------- c:\program files\CoreCodec
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-06 17:32 . 2009-02-06 17:41 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\DivX
2009-02-06 17:31 . 2009-02-26 12:10 <DIR> d-------- c:\program files\DivX
2009-02-06 17:31 . 2008-11-06 16:37 120,056 --------- c:\windows\system32\pxcpyi64.exe
2009-02-06 17:31 . 2008-11-06 16:37 118,520 --------- c:\windows\system32\pxinsi64.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-03 21:05 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Azureus
2009-02-27 14:14 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\UseNeXT
2009-02-27 13:51 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\uTorrent
2009-02-26 23:17 --------- d-----w c:\program files\Vuze
2009-02-26 22:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-26 22:49 --------- d-----w c:\program files\AGEIA Technologies
2009-02-26 22:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 22:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 19:27 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Vso
2009-02-25 21:40 --------- d-----w c:\program files\SopCast
2009-02-22 16:39 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Nokia
2009-02-22 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-17 18:51 --------- d-----w c:\program files\Driving Test Complete
2009-02-16 17:21 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\mIRC
2009-02-16 16:59 --------- d-----w c:\program files\mIRC
2009-02-13 22:02 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\iolo
2009-02-12 21:41 --------- d-----w c:\program files\UseNeXT
2009-02-11 19:16 --------- d-----w c:\program files\AviSynth 2.5
2009-02-11 18:56 --------- d-----w c:\program files\Gabest
2009-02-09 13:18 6,307,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-07 16:47 --------- d-----w c:\program files\GordianKnot
2009-02-04 21:49 --------- d-----w c:\program files\XviD
2009-02-04 21:49 --------- d-----w c:\program files\AutoGK
2009-02-04 18:54 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\ImgBurn
2009-02-04 18:53 --------- d-----w c:\program files\ImgBurn
2009-01-31 14:36 --------- d-----w c:\program files\FairUse Wizard 2
2009-01-29 21:49 --------- d-----w c:\program files\Trend Micro
2009-01-29 20:01 --------- d-----w c:\program files\ratDVD
2009-01-28 20:42 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\AVS4YOU
2009-01-28 20:41 --------- d-----w c:\program files\AVS4YOU
2009-01-28 20:41 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-28 20:40 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-28 15:27 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Yahoo
2009-01-28 15:08 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-28 15:08 --------- d-----w c:\program files\Windows Live
2009-01-28 15:08 --------- d-----w c:\program files\Microsoft
2009-01-28 15:05 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-26 17:16 360,580 ----a-w c:\windows\eSellerateEngine.dll
2009-01-26 17:16 135 ---ha-w c:\documents and settings\Asim Hussain\Application Data\lakerda1967.sys
2009-01-26 17:16 --------- d-----w c:\program files\Common Files\eSellerate
2009-01-26 16:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-25 19:20 --------- d-----w c:\program files\Driving Test Success 2006-2007
2009-01-25 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\Driving Test Success
2009-01-25 15:19 --------- d-----w c:\program files\BlackSunSoft.net
2009-01-23 22:30 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\DAEMON Tools Lite
2009-01-22 18:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 18:33 --------- d-----w c:\program files\VID_0E8F&PID_0003
2009-01-22 18:33 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\InstallShield
2009-01-22 18:26 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2009-01-22 18:17 --------- d-----w c:\program files\KONAMI
2009-01-21 18:47 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\vlc
2009-01-21 18:41 --------- d-----w c:\program files\VideoLAN
2009-01-21 17:59 --------- d-----w c:\program files\avisplit
2009-01-21 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-21 17:02 --------- d-----w c:\program files\Yahoo!
2009-01-21 17:02 --------- d-----w c:\program files\Logitech
2009-01-21 17:02 --------- d-----w c:\program files\Common Files\logishrd
2009-01-21 17:02 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Leadertech
2009-01-21 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-01-21 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-20 17:19 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-20 17:19 47,360 ----a-w c:\documents and settings\Asim Hussain\Application Data\pcouffin.sys
2009-01-20 17:19 --------- d-----w c:\program files\VSO
2009-01-19 15:25 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Download Manager
2009-01-18 22:17 --------- d-----w c:\program files\Nokia
2009-01-18 22:17 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-01-18 22:16 --------- d-----w c:\program files\Common Files\Nokia
2009-01-18 22:15 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-18 22:14 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\PC Suite
2009-01-18 22:09 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-18 22:09 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-18 21:22 --------- d-----w c:\program files\DIFX
2009-01-18 21:22 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-18 21:21 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-18 17:11 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2009-01-18 16:23 --------- d-----w c:\program files\Your Uninstaller 2008
2009-01-18 16:20 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\URSoft
2009-01-18 16:10 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Winamp
2009-01-18 15:43 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\DAEMON Tools Pro
2009-01-18 15:43 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\DAEMON Tools
2009-01-18 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-18 15:41 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-18 15:37 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-17 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2009-01-17 15:38 --------- d-----w c:\program files\iolo
2009-01-17 00:48 164 ----a-w C:\install.dat
2009-01-16 21:24 --------- d-----w c:\program files\Ultra Flash Video FLV Converter
2009-01-16 21:01 --------- d-----w c:\program files\MSBuild
2009-01-16 20:59 --------- d-----w c:\program files\Reference Assemblies
2009-01-16 20:50 --------- d-----w c:\program files\TechSmith
2009-01-16 20:50 --------- d-----w c:\program files\Common Files\TechSmith Shared
2009-01-16 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-01-16 20:29 --------- d-----w c:\program files\WinAVI Video Converter
2009-01-16 20:19 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-16 20:16 --------- d-----w c:\program files\Common Files\Adobe
2009-01-16 19:41 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-01-16 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-01-16 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-16 19:28 --------- d-----w c:\program files\Microsoft ActiveSync
.

((((((((((((((((((((((((((((( SnapShot@2009-03-04_21.30.37.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-04 21:27:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_674.dat
+ 2009-03-05 19:59:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_674.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="c:\windows\system32\nwiz.exe" [2009-02-09 1657376]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2007-04-16 577536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-01 1851128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-16 17:23 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Asim Hussain^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Asim Hussain\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 17:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-01-08 19:38 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-01 17:56 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-02 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-01 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-01 24336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-02 20560]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-17 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-17 596840]
S2 gupdate1c989866a6fa276;Google Update Service (gupdate1c989866a6fa276);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-18 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-18 8320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-03-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 00:44]

2009-03-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 00:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Asim Hussain\Application Data\Mozilla\Firefox\Profiles\6ostxbs0.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 20:01:33
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\guard32.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\guard32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-05 20:04:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-05 20:04:13
ComboFix2.txt 2009-03-05 19:51:47
ComboFix3.txt 2009-03-04 21:31:53

Pre-Run: 103,698,575,360 bytes free
Post-Run: 103,687,036,928 bytes free

336 --- E O F --- 2009-02-26 22:10:43

#7 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 06 March 2009 - 08:56 AM

Asim Hussain

How is your PC running now?

Please download HJT Installer from Here and save it to your Desktop.Double click on the HJTInstall.exe.
at the next window Select Install.
It will be installed by default here: C:\Program Files\Trend Micro\HijackThis.
A shortcut to the application will also be placed on your Desktop.
The program will open automatically after installation.
Select "Do a system scan and save logfile"
It will open in Notepad. save it to your Desktop
Before closing HJT, please click on the AnalyzeThis button. "Analyze This" is for use by TrendMicro, and DOES NOT mean "Analyze My Log". You will need to post your log on the Hijackthis Board.
Close the web page that appears and then close the program.
Open the Hijackthis log you saved to your desktop and copy and paste the results as a reply to this thread.
Use the Hijackthis shortcut to run future scans.

Posted Image
Microsoft MVP - Windows Security

#8 Asim Hussain

Asim Hussain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 06 March 2009 - 01:55 PM

system is running better but still not sure if my system is virus free which are on my external drive and normall drive. I installed avast as virus scanner it has found more viruses than avg.

here is log HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:47, on 06/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232127058750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232127035750
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate1c989866a6fa276) (gupdate1c989866a6fa276) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7373 bytes

#9 Asim Hussain

Asim Hussain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 06 March 2009 - 02:16 PM

i found this when i did system scan with random system information tool. i downloaded this tool from different forum i wanted to see what program run on my system then i came across this forum and used hijack this. should i be concerned with information given below.

======Hosts File======

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

#10 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 06 March 2009 - 04:35 PM

Asim Hussain

As far as the host file entries

Please download HostsXpert 4.0 - Hosts File Manager
  • And Save it to your Desktop
  • Rt Click Hoster.zip->>Extract all->>Extract it to your Desktop (or your C:\ drive)
  • Open The Hoster folder->>Double Click HostsXpert.exe
  • When the program Opens Click The "Restore MS Hosts File" button in the left pane.
  • Then select "Restore Original Hosts" when prompted.
  • Close the Hoster program when complete
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
As far as your external drive, you can scan it with your Anti Virus program.

Once you have done this, then reply so we can finish up.
Posted Image
Microsoft MVP - Windows Security

#11 Asim Hussain

Asim Hussain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 06 March 2009 - 06:36 PM

i downloaded host files from bleeping computers link http://www.mvps.org/winhelp2002/hosts.htm. i am using these hosts files.

i followed your last post then i got stuck at >Note: If you were using a custom Hosts file you will need to replace any of those entries yourself. I don't know what to do.

I have tried avast to remove viruses from external hardrive but avast fails to delete the viruses.

I don't know if you need this but i am posting KASPERSKY ONLINE SCANNER 7.

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, March 7, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 07, 2009 11:07:57
Records in database: 1876921
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
K:\
M:\

Scan statistics:
Files scanned: 247752
Threat name: 8
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 05:58:33


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
D:\My Stuff From C Drive\Internet Downloads\Torrents\Torrents Downloads\Windows Genuine in 5 seconds\RockXP4.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 2
D:\My Stuff From C Drive\Internet Downloads\Torrents\Torrents Downloads\Windows Genuine in 5 seconds\RockXP4.exe Infected: not-a-virus:PSWTool.Win32.RAS.k 1
M:\Programs ETC\Latest & Old Programs\FIFA09.exe Infected: Trojan-Downloader.Win32.Agent.ahbi 1
M:\Programs ETC\Latest & Old Programs\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
M:\Programs ETC\Latest & Old Programs\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
M:\Programs ETC\Zip & RAR Files\Aero_Ultimate_RC3_1_by_fediaFedia.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.a 1
M:\Programs ETC\Zip & RAR Files\AMV_Convert_400.zip Infected: not-a-virus:RiskTool.Win32.Deleter.e 1
M:\Programs ETC\Zip & RAR Files\vdownloader.zip Infected: not-a-virus:Downloader.Win32.VDown.a 1

The selected area was scanned.

Edited by Asim Hussain, 07 March 2009 - 12:28 PM.


#12 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 09 March 2009 - 09:41 AM

Asim Hussain

If you are using the MVP hosts file, then HostXpert is not required.

Let's use Combofix to remove those files. Make sure that your external drives are attached when using Combofix

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
D:\My Stuff From C Drive\Internet Downloads\Torrents\Torrents Downloads\Windows Genuine in 5 seconds\RockXP4.exe
M:\Programs ETC\Latest & Old Programs\FIFA09.exe
M:\Programs ETC\Latest & Old Programs\mirc616.exe
M:\Programs ETC\Zip & RAR Files\Aero_Ultimate_RC3_1_by_fediaFedia.zip
M:\Programs ETC\Zip & RAR Files\vdownloader.zip

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security

#13 Asim Hussain

Asim Hussain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 09 March 2009 - 10:35 AM

FILE ::
d:\my stuff from c drive\Internet Downloads\Torrents\Torrents Downloads\Windows Genuine in 5 seconds\RockXP4.exe
m:\programs etc\Latest & Old Programs\FIFA09.exe
m:\programs etc\Latest & Old Programs\mirc616.exe
m:\programs etc\Zip & RAR Files\Aero_Ultimate_RC3_1_by_fediaFedia.zip
m:\programs etc\Zip & RAR Files\vdownloader.zip


i have deleted these files manually my self before your reply.

Here is Log


ComboFix 09-03-03.01 - Asim Hussain 2009-03-09 15:28:13.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1519 [GMT 0:00]
Running from: c:\documents and settings\Asim Hussain\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Asim Hussain\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090308-0] *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
d:\my stuff from c drive\Internet Downloads\Torrents\Torrents Downloads\Windows Genuine in 5 seconds\RockXP4.exe
m:\programs etc\Latest & Old Programs\FIFA09.exe
m:\programs etc\Latest & Old Programs\mirc616.exe
m:\programs etc\Zip & RAR Files\Aero_Ultimate_RC3_1_by_fediaFedia.zip
m:\programs etc\Zip & RAR Files\vdownloader.zip
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

M:\Autorun.inf
m:\programs etc\Latest & Old Programs\mirc616.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-07 19:37 . 2009-03-07 19:37 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-07 19:37 . 2009-03-07 19:37 1,409 --a------ c:\windows\QTFont.for
2009-03-06 23:28 . 2009-03-06 23:30 <DIR> d-------- C:\HostsXpert
2009-03-06 18:47 . 2009-03-09 14:07 0 --a------ c:\windows\system32\drivers\lvuvc.hs
2009-03-04 14:35 . 2009-03-04 14:35 <DIR> d-------- C:\rsit
2009-03-04 13:59 . 2009-03-04 13:59 <DIR> d-------- C:\Autoruns
2009-03-04 13:58 . 2009-03-06 23:28 7,680 --ahs---- c:\windows\Thumbs.db
2009-03-02 20:20 . 2009-03-02 21:09 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-02 17:50 . 2009-03-02 17:50 <DIR> d-------- c:\program files\Alwil Software
2009-03-01 19:48 . 2009-03-01 19:48 <DIR> d-------- c:\program files\COMODO
2009-03-01 19:48 . 2009-03-01 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Comodo
2009-03-01 19:48 . 2009-03-01 19:48 155,384 --a------ c:\windows\system32\guard32.dll
2009-03-01 19:48 . 2009-03-01 19:48 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-03-01 19:48 . 2009-03-01 19:48 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-03-01 17:57 . 2009-03-01 17:56 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-01 17:56 . 2009-03-01 17:56 <DIR> d-------- c:\program files\Java
2009-03-01 00:19 . 2009-03-01 00:19 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\Windows Search
2009-03-01 00:12 . 2009-03-01 00:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-01 00:12 . 2009-03-01 00:12 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\Malwarebytes
2009-03-01 00:12 . 2009-03-01 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-01 00:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 00:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-01 00:03 . 2009-03-01 00:03 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-01 00:03 . 2009-03-01 00:03 <DIR> d-------- c:\program files\Windows Desktop Search
2009-03-01 00:03 . 2009-03-01 00:03 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\Windows Desktop Search
2009-03-01 00:01 . 2006-11-13 06:02 288,768 --------- c:\windows\system32\rhttpaa.dll
2009-03-01 00:01 . 2006-11-13 06:02 116,736 --------- c:\windows\system32\aaclient.dll
2009-03-01 00:01 . 2006-11-13 06:02 36,352 --------- c:\windows\system32\tsgqec.dll
2009-02-27 14:11 . 2009-02-27 14:11 <DIR> d-------- c:\program files\MKVtoolnix
2009-02-26 22:48 . 2009-02-26 22:51 <DIR> d-------- c:\windows\NV32563260.TMP
2009-02-26 22:40 . 2009-02-26 22:40 <DIR> d-------- c:\program files\Realtek AC97
2009-02-26 22:31 . 2009-02-26 22:31 <DIR> d-------- c:\program files\Driver-Soft
2009-02-26 22:31 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx
2009-02-26 22:31 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2009-02-26 22:31 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll
2009-02-26 12:13 . 2009-01-28 21:25 2,246,163 --a------ c:\windows\system32\x264vfw.dll
2009-02-26 12:13 . 2008-11-06 16:33 684,032 --a------ c:\windows\system32\divx.dll
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\program files\LaCie
2009-02-26 10:35 . 2009-02-26 10:35 <DIR> d-------- c:\documents and settings\Asim Hussain\Application Data\LaCie
2009-02-22 16:08 . 2009-02-22 16:08 <DIR> d-------- c:\program files\Remote Professional
2009-02-16 19:55 . 2009-02-16 19:55 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-02-12 20:15 . 2009-02-12 20:23 <DIR> d-------- c:\windows\SxsCaPendDel
2009-02-12 19:50 . 2009-02-12 20:32 <DIR> d-------- c:\program files\MSECACHE
2009-02-11 19:14 . 2009-02-11 20:45 <DIR> d-------- c:\program files\megui
2009-02-09 13:18 . 2009-02-09 13:18 401,408 --a------ c:\windows\system32\nvcuvid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 15:23 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\UseNeXT
2009-03-09 15:15 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\mIRC
2009-03-09 14:31 --------- d-----w c:\program files\mIRC
2009-03-08 17:54 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Vso
2009-03-08 16:06 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Azureus
2009-03-06 23:53 --------- d-----w c:\program files\Google
2009-03-04 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-01 17:56 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-27 13:51 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\uTorrent
2009-02-26 23:17 --------- d-----w c:\program files\Vuze
2009-02-26 22:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-26 22:49 --------- d-----w c:\program files\AGEIA Technologies
2009-02-26 22:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 22:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 12:13 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-26 12:10 --------- d-----w c:\program files\DivX
2009-02-25 21:40 --------- d-----w c:\program files\SopCast
2009-02-22 16:39 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Nokia
2009-02-22 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-17 18:51 --------- d-----w c:\program files\Driving Test Complete
2009-02-13 22:02 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\iolo
2009-02-12 21:41 --------- d-----w c:\program files\UseNeXT
2009-02-11 19:16 --------- d-----w c:\program files\AviSynth 2.5
2009-02-11 18:56 --------- d-----w c:\program files\Gabest
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-08 18:49 --------- d-----w c:\program files\Lavalys
2009-02-07 16:47 --------- d-----w c:\program files\GordianKnot
2009-02-07 16:40 --------- d-----w c:\program files\CoreCodec
2009-02-07 16:36 --------- d-----w c:\program files\Haali
2009-02-06 18:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 17:41 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\DivX
2009-02-04 21:49 --------- d-----w c:\program files\XviD
2009-02-04 21:49 --------- d-----w c:\program files\AutoGK
2009-02-04 18:54 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\ImgBurn
2009-02-04 18:53 --------- d-----w c:\program files\ImgBurn
2009-01-31 14:36 --------- d-----w c:\program files\FairUse Wizard 2
2009-01-29 21:49 --------- d-----w c:\program files\Trend Micro
2009-01-29 20:01 --------- d-----w c:\program files\ratDVD
2009-01-28 20:42 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\AVS4YOU
2009-01-28 20:41 --------- d-----w c:\program files\AVS4YOU
2009-01-28 20:41 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-28 20:40 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-28 15:27 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Yahoo
2009-01-28 15:08 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-28 15:08 --------- d-----w c:\program files\Windows Live
2009-01-28 15:08 --------- d-----w c:\program files\Microsoft
2009-01-28 15:05 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-26 17:16 360,580 ----a-w c:\windows\eSellerateEngine.dll
2009-01-26 17:16 135 ---ha-w c:\documents and settings\Asim Hussain\Application Data\lakerda1967.sys
2009-01-26 17:16 --------- d-----w c:\program files\Common Files\eSellerate
2009-01-26 16:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-25 19:20 --------- d-----w c:\program files\Driving Test Success 2006-2007
2009-01-25 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\Driving Test Success
2009-01-25 15:19 --------- d-----w c:\program files\BlackSunSoft.net
2009-01-23 22:30 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\DAEMON Tools Lite
2009-01-22 19:35 2,282,496 ----a-w c:\windows\system32\TUKernel.exe
2009-01-22 18:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-22 18:33 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-22 18:33 --------- d-----w c:\program files\VID_0E8F&PID_0003
2009-01-22 18:33 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\InstallShield
2009-01-22 18:26 --------- d-----w c:\documents and settings\All Users\Application Data\KONAMI
2009-01-22 18:17 --------- d-----w c:\program files\KONAMI
2009-01-21 18:47 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\vlc
2009-01-21 18:41 --------- d-----w c:\program files\VideoLAN
2009-01-21 17:59 --------- d-----w c:\program files\avisplit
2009-01-21 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-21 17:02 --------- d-----w c:\program files\Yahoo!
2009-01-21 17:02 --------- d-----w c:\program files\Logitech
2009-01-21 17:02 --------- d-----w c:\program files\Common Files\logishrd
2009-01-21 17:02 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Leadertech
2009-01-21 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-01-21 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-20 17:19 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-20 17:19 47,360 ----a-w c:\documents and settings\Asim Hussain\Application Data\pcouffin.sys
2009-01-20 17:19 --------- d-----w c:\program files\VSO
2009-01-19 15:25 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Download Manager
2009-01-18 22:17 --------- d-----w c:\program files\Nokia
2009-01-18 22:17 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-01-18 22:16 --------- d-----w c:\program files\Common Files\Nokia
2009-01-18 22:15 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-01-18 22:14 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\PC Suite
2009-01-18 22:09 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-18 22:09 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-01-18 21:22 --------- d-----w c:\program files\DIFX
2009-01-18 21:22 --------- d-----w c:\program files\Common Files\PCSuite
2009-01-18 21:21 --------- d-----w c:\program files\PC Connectivity Solution
2009-01-18 17:11 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2009-01-18 16:23 --------- d-----w c:\program files\Your Uninstaller 2008
2009-01-18 16:20 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\URSoft
2009-01-18 16:10 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\Winamp
2009-01-18 15:43 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\DAEMON Tools Pro
2009-01-18 15:43 --------- d-----w c:\documents and settings\Asim Hussain\Application Data\DAEMON Tools
2009-01-18 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-01-18 15:41 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-18 15:37 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-17 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2009-01-17 15:38 --------- d-----w c:\program files\iolo
2009-01-17 15:16 74,703 ----a-w c:\windows\system32\mfc45.dll
2009-01-17 00:48 164 ----a-w C:\install.dat
2009-01-16 21:24 --------- d-----w c:\program files\Ultra Flash Video FLV Converter
.

((((((((((((((((((((((((((((( SnapShot@2009-03-04_21.30.37.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-09 14:08:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_630.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="c:\windows\system32\nwiz.exe" [2009-02-09 1657376]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"SoundMan"="c:\windows\SOUNDMAN.EXE" [2007-04-16 577536]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-01 1851128]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-16 17:23 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Asim Hussain^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Asim Hussain\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 17:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-01-08 19:38 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-01 17:56 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-02 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-03-01 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-03-01 24336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-02 20560]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-17 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-01-17 596840]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-18 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-18 8320]

--- Other Services/Drivers In Memory ---

*Deregistered* - PROCEXP113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-03-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-08 00:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Asim Hussain\Application Data\Mozilla\Firefox\Profiles\6ostxbs0.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 15:30:07
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\guard32.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\guard32.dll
.
Completion time: 2009-03-09 15:31:56
ComboFix-quarantined-files.txt 2009-03-09 15:31:54
ComboFix2.txt 2009-03-05 20:04:17
ComboFix3.txt 2009-03-05 19:51:47
ComboFix4.txt 2009-03-04 21:31:53

Pre-Run: 92,485,898,240 bytes free
Post-Run: 92,591,304,704 bytes free

304 --- E O F --- 2009-02-26 22:10:43

Edited by Asim Hussain, 09 March 2009 - 10:36 AM.


#14 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 10 March 2009 - 08:12 AM

Asim Hussain

How is your PC running at this point?
Posted Image
Microsoft MVP - Windows Security

#15 Asim Hussain

Asim Hussain
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 10 March 2009 - 11:56 AM

My PC is running fine now. Only thing is my default external hardrive icon is deleted by autorun virus i had is there any way i can restore defualt icon of lacie external hardrive. Now it only displays windows defualt icons




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users