Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably a spyware stopping Windows service from connecting to Internet


  • This topic is locked This topic is locked
20 replies to this topic

#16 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 PM

Posted 07 March 2009 - 10:44 AM

Hi Lanny25,


Step1
  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Remember to plug in the flash drive to disinfect as well.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:

1.Combofix log
2.New HJT log

Tell me how things went.

BC AdBot (Login to Remove)

 


#17 Lanny25

Lanny25
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:15 PM

Posted 07 March 2009 - 11:23 AM

Hello sundavis Here is my Combofix Log


ComboFix 09-03-06.02 - Shantam 2009-03-07 21:43:01.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1022.360 [GMT 5.5:30]
Running from: d:\users\Shantam\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090228-0] *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-07 18:12 . 2009-03-07 18:12 <DIR> d-------- d:\program files\FreshDevices
2009-03-07 10:27 . 2009-03-07 13:21 <DIR> d-------- d:\users\Shantam\Tracing
2009-03-07 10:24 . 2009-03-07 10:24 <DIR> d-------- d:\program files\Windows Live SkyDrive
2009-03-07 10:24 . 2009-03-07 10:25 <DIR> d-------- d:\program files\Windows Live
2009-03-07 10:01 . 2009-03-07 10:01 <DIR> d-------- d:\program files\Common Files\Windows Live
2009-03-06 11:05 . 2009-03-06 11:06 <DIR> d-------- d:\program files\Audacity
2009-03-05 22:28 . 2009-03-05 22:31 <DIR> d-------- d:\program files\CyberLink
2009-03-05 21:17 . 2009-03-05 21:17 <DIR> d-------- d:\users\Public\CyberLink
2009-03-05 21:16 . 2009-03-05 21:17 <DIR> d-------- d:\users\Shantam\AppData\Roaming\CyberLink
2009-03-05 21:14 . 2009-03-06 06:56 <DIR> d-------- d:\users\All Users\CyberLink
2009-03-05 21:14 . 2009-03-06 06:56 <DIR> d-------- d:\programdata\CyberLink
2009-03-05 21:14 . 2009-03-05 21:14 <DIR> d-------- d:\program files\Common Files\CyberLink
2009-03-05 21:09 . 2009-03-05 22:27 29,480 --a------ d:\windows\System32\msxml3a.dll
2009-03-05 15:27 . 2009-03-05 15:29 <DIR> d-------- d:\users\All Users\Yahoo!
2009-03-05 15:27 . 2009-03-05 15:29 <DIR> d-------- d:\programdata\Yahoo!
2009-03-05 15:26 . 2009-03-05 15:27 <DIR> d-------- d:\program files\Yahoo!
2009-03-05 09:56 . 2009-03-05 09:56 <DIR> d-------- d:\program files\Java
2009-03-04 19:51 . 2009-03-04 19:51 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-03-04 19:51 . 2009-02-11 10:19 38,496 --a------ d:\windows\System32\drivers\mbamswissarmy.sys
2009-03-04 19:51 . 2009-02-11 10:19 15,504 --a------ d:\windows\System32\drivers\mbam.sys
2009-03-04 15:18 . 2008-12-16 08:59 8,147,456 --a------ d:\windows\System32\wmploc.DLL
2009-03-04 15:18 . 2008-12-16 11:01 7,680 --a------ d:\windows\System32\spwmp.dll
2009-03-04 15:18 . 2008-12-16 11:01 4,096 --a------ d:\windows\System32\msdxm.ocx
2009-03-04 15:18 . 2008-12-16 11:01 4,096 --a------ d:\windows\System32\dxmasf.dll
2009-03-03 20:31 . 2009-03-03 20:34 <DIR> d-------- d:\users\Shantam\AppData\Roaming\VoxOx
2009-03-03 20:29 . 2009-03-03 20:37 <DIR> d-------- d:\program files\VoxOx
2009-03-02 19:46 . 2009-03-07 08:05 250 --a------ d:\windows\gmer.ini
2009-03-02 19:43 . 2009-03-02 19:43 <DIR> d-------- D:\rsit
2009-03-02 18:53 . 2009-03-02 18:53 <DIR> d-------- d:\users\Shantam\AppData\Roaming\Malwarebytes
2009-03-02 18:53 . 2009-03-02 18:53 <DIR> d-------- d:\users\All Users\Malwarebytes
2009-03-02 18:53 . 2009-03-02 18:53 <DIR> d-------- d:\programdata\Malwarebytes
2009-03-02 08:29 . 2009-03-04 14:39 <DIR> d-------- d:\users\All Users\Spybot - Search & Destroy
2009-03-02 08:29 . 2009-03-04 14:39 <DIR> d-------- d:\programdata\Spybot - Search & Destroy
2009-03-02 08:29 . 2009-03-04 15:31 <DIR> d-------- d:\program files\Spybot - Search & Destroy
2009-03-01 21:02 . 2009-03-01 21:02 <DIR> d-------- d:\users\Shantam\AppData\Roaming\Broad Intelligence
2009-03-01 21:01 . 2009-03-01 21:01 <DIR> d-------- d:\program files\MediaCoder
2009-03-01 10:51 . 2009-03-01 10:51 <DIR> d-------- d:\program files\Alwil Software
2009-03-01 10:51 . 2003-03-19 02:50 1,060,864 --a------ d:\windows\System32\MFC71.dll
2009-03-01 10:51 . 2003-03-19 01:44 499,712 --a------ d:\windows\System32\MSVCP71.dll
2009-03-01 10:51 . 2003-02-21 10:12 348,160 --a------ d:\windows\System32\MSVCR71.dll
2009-03-01 10:51 . 2009-02-06 02:36 51,792 --a------ d:\windows\System32\drivers\aswMonFlt.sys
2009-02-28 16:37 . 2009-02-28 17:02 <DIR> d-------- d:\program files\Xvid
2009-02-28 16:37 . 2007-06-28 18:52 765,952 --a------ d:\windows\System32\xvidcore.dll
2009-02-28 16:37 . 2007-06-28 18:54 180,224 --a------ d:\windows\System32\xvidvfw.dll
2009-02-28 16:37 . 2007-06-28 18:55 77,824 --a------ d:\windows\System32\xvid.ax
2009-02-28 16:24 . 2009-02-28 16:27 <DIR> d-------- d:\program files\AviSynth 2.5
2009-02-26 19:33 . 2009-02-28 08:59 <DIR> d-------- d:\users\Shantam\AppData\Roaming\skypePM
2009-02-26 19:33 . 2009-02-26 19:33 56 --ah----- d:\users\All Users\ezsidmv.dat
2009-02-26 19:33 . 2009-02-26 19:33 56 --ah----- d:\programdata\ezsidmv.dat
2009-02-26 15:26 . 2007-01-24 14:46 808,448 --a------ d:\windows\System32\drivers\ti21sony.sys
2009-02-26 15:14 . 2008-12-09 17:06 311,808 --a------ d:\windows\System32\drivers\yk60x86.sys
2009-02-26 15:14 . 2008-12-09 17:06 282,624 --a------ d:\windows\System32\ykx32mpcoinst.dll
2009-02-26 15:07 . 2008-06-11 14:23 1,097,856 --a------ d:\windows\System32\drivers\smserial.sys
2009-02-26 15:07 . 2008-06-11 14:17 532,480 --a------ d:\windows\System32\sm56co85.dll
2009-02-26 13:12 . 2009-02-28 08:59 <DIR> d-------- d:\users\Shantam\AppData\Roaming\Skype
2009-02-26 13:10 . 2009-02-26 13:10 <DIR> d-------- d:\users\All Users\Skype
2009-02-26 13:10 . 2009-02-26 13:10 <DIR> d-------- d:\programdata\Skype
2009-02-26 13:10 . 2009-02-26 13:10 <DIR> dr------- d:\program files\Skype
2009-02-26 13:10 . 2009-02-26 13:10 <DIR> d-------- d:\program files\Common Files\Skype
2009-02-24 15:50 . 2009-03-01 07:27 <DIR> d-------- d:\users\Shantam\AppData\Roaming\LimeWire
2009-02-24 15:48 . 2009-03-05 09:56 410,984 --a------ d:\windows\System32\deploytk.dll
2009-02-22 17:36 . 2009-02-22 17:36 <DIR> d-------- d:\program files\Tally9.1 Full
2009-02-22 12:40 . 2009-02-24 08:29 <DIR> d-------- D:\Tally
2009-02-22 12:17 . 2009-02-22 12:34 <DIR> d-------- d:\users\All Users\kBilling
2009-02-22 12:17 . 2009-02-22 12:34 <DIR> d-------- d:\programdata\kBilling
2009-02-22 12:17 . 2009-02-22 12:17 <DIR> d-------- d:\program files\kBilling
2009-02-22 12:17 . 2008-01-06 05:39 558,592 --a------ d:\windows\System32\sqlite3odbc.dll
2009-02-21 09:47 . 2009-02-22 12:17 191 --a------ d:\windows\ODBCINST.INI
2009-02-21 09:47 . 2009-02-22 12:17 145 --a------ d:\windows\ODBC.INI
2009-02-20 10:40 . 2008-12-05 10:02 428,544 --a------ d:\windows\System32\EncDec.dll
2009-02-20 10:40 . 2008-12-05 10:02 293,376 --a------ d:\windows\System32\psisdecd.dll
2009-02-20 10:40 . 2008-12-05 10:01 217,088 --a------ d:\windows\System32\psisrndr.ax
2009-02-20 10:40 . 2008-12-05 10:01 177,664 --a------ d:\windows\System32\mpg2splt.ax
2009-02-20 10:40 . 2008-12-05 10:01 80,896 --a------ d:\windows\System32\MSNP.ax
2009-02-12 10:34 . 2009-01-15 09:06 1,383,424 --a------ d:\windows\System32\mshtml.tlb
2009-02-12 10:34 . 2009-01-15 11:41 827,392 --a------ d:\windows\System32\wininet.dll
2009-02-10 19:09 . 2009-03-01 11:54 <DIR> d-------- d:\program files\SpeedBit Video Accelerator
2009-02-10 18:59 . 2009-03-05 21:08 <DIR> d-a------ d:\users\All Users\TEMP
2009-02-10 18:59 . 2009-03-01 10:54 <DIR> d-------- d:\users\All Users\SpeedBit
2009-02-10 18:59 . 2009-03-05 21:08 <DIR> d-a------ d:\programdata\TEMP
2009-02-10 18:59 . 2009-03-01 10:54 <DIR> d-------- d:\programdata\SpeedBit
2009-02-10 18:59 . 2009-03-01 11:54 <DIR> d-------- d:\program files\DAP
2009-02-10 18:59 . 2009-02-10 18:59 479,298 --a------ d:\windows\System32\wbocx.ocx
2009-02-10 18:59 . 2009-02-10 18:59 172,032 --a------ d:\windows\System32\AniGIF.ocx
2009-02-10 18:59 . 2009-02-10 18:59 50,688 --a------ d:\windows\System32\wbhelp2.dll
2009-02-09 13:50 . 2009-02-09 13:50 <DIR> d-------- d:\program files\Microsoft Network Monitor 3
2009-02-08 12:54 . 2009-02-08 13:13 <DIR> d-------- d:\users\Shantam\AppData\Roaming\MRTalk
2009-02-08 12:54 . 2009-02-08 12:54 <DIR> d-------- d:\program files\MediaRing

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 16:13 --------- d-----w d:\users\Shantam\AppData\Roaming\uTorrent
2009-03-07 10:59 41,621 ----a-w d:\users\Shantam\AppData\Roaming\nvModes.dat
2009-03-07 04:55 --------- d-----w d:\program files\Microsoft
2009-03-05 17:01 --------- d--h--w d:\program files\InstallShield Installation Information
2009-03-04 14:48 --------- d-----w d:\programdata\Norton
2009-03-04 10:01 --------- d-----w d:\program files\Microsoft Silverlight
2009-03-04 09:58 --------- d-----w d:\program files\QuoteTracker
2009-03-01 03:37 --------- d-----w d:\program files\Britannica 9.0
2009-02-26 13:36 --------- d-----w d:\users\Shantam\AppData\Roaming\vlc
2009-02-26 09:15 --------- d-----w d:\program files\Realtek
2009-02-13 03:15 --------- d-----w d:\programdata\Microsoft Help
2009-02-13 03:14 --------- d-----w d:\program files\Windows Mail
2009-02-06 15:15 --------- d--h--w d:\program files\Zero G Registry
2009-02-06 13:22 49,504 ----a-w d:\windows\System32\sirenacm.dll
2009-02-05 03:23 --------- d-----w d:\users\Shantam\AppData\Roaming\MessengerGadget
2009-02-03 06:24 --------- d-----w d:\program files\MSBuild
2009-02-03 06:24 --------- d-----w d:\program files\Microsoft Works
2009-02-03 06:21 --------- d-----w d:\program files\Microsoft.NET
2009-02-03 06:18 --------- d-----w d:\program files\Microsoft Visual Studio 8
2009-02-01 10:15 --------- d-----w d:\programdata\WindowsSearch
2009-01-31 06:01 --------- d-----w d:\program files\Microsoft Games
2009-01-31 05:59 --------- d-----w d:\program files\BitLocker
2009-01-31 03:04 0 ---ha-w d:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-01-30 15:06 --------- d-----w d:\program files\uTorrent
2009-01-30 14:57 --------- d-----w d:\program files\VideoLAN
2009-01-30 14:53 --------- d-----w d:\users\Shantam\AppData\Roaming\Foxit
2009-01-30 14:53 --------- d-----w d:\program files\Foxit Software
2009-01-30 14:43 --------- d-----w d:\programdata\Symantec
2009-01-30 14:41 --------- d-----w d:\programdata\NortonInstaller
2009-01-30 14:31 --------- d-----w d:\users\Shantam\AppData\Roaming\InstallShield
2009-01-30 14:31 --------- d-----w d:\program files\RALINK
2009-01-30 14:22 0 ---ha-w d:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-30 14:22 --------- d-----w d:\program files\Synaptics
2009-01-30 14:20 --------- d-----w d:\users\Shantam\AppData\Roaming\TMP
2009-01-30 14:20 --------- d-----w d:\program files\Motorola
2009-01-30 14:20 --------- d-----w d:\program files\Marvell
2009-01-30 14:19 --------- d-----w d:\program files\Keyboard Manager
2009-01-30 14:16 --------- d-----w d:\program files\Intel
2009-01-30 14:13 319,456 ----a-w d:\windows\DIFxAPI.dll
2009-01-30 14:13 315,392 ----a-w d:\windows\HideWin.exe
2009-01-30 14:13 --------- d-----w d:\program files\Common Files\InstallShield
2009-01-13 21:38 288,768 ----a-w d:\windows\system32\drivers\srv.sys
2009-01-06 13:59 965,664 ----a-w d:\windows\System32\RtkPgExt.dll
2009-01-06 13:59 44,064 ----a-w d:\windows\System32\RtkCoInst.dll
2009-01-06 13:59 322,080 ----a-w d:\windows\System32\RtkApoApi.dll
2009-01-06 13:59 2,510,368 ----a-w d:\windows\System32\RtkAPO.dll
2008-12-10 19:15 1,645,568 ----a-w d:\windows\System32\connect.dll
2008-12-10 19:14 241,152 ----a-w d:\windows\System32\PortableDeviceApi.dll
2008-12-10 19:14 2,927,104 ----a-w d:\windows\explorer.exe
2008-12-10 19:11 712,704 ----a-w d:\windows\System32\WindowsCodecs.dll
2008-12-10 19:11 541,696 ----a-w d:\windows\AppPatch\AcLayers.dll
2008-12-10 19:11 52,736 ----a-w d:\windows\AppPatch\iebrshim.dll
2008-12-10 19:11 460,288 ----a-w d:\windows\AppPatch\AcSpecfc.dll
2008-12-10 19:11 425,472 ----a-w d:\windows\System32\PhotoMetadataHandler.dll
2008-12-10 19:11 4,240,384 ----a-w d:\windows\System32\GameUXLegacyGDFs.dll
2008-12-10 19:11 347,136 ----a-w d:\windows\System32\WindowsCodecsExt.dll
2008-12-10 19:11 28,672 ----a-w d:\windows\System32\Apphlpdm.dll
2008-12-10 19:11 2,154,496 ----a-w d:\windows\AppPatch\AcGenral.dll
2008-12-10 19:11 173,056 ----a-w d:\windows\AppPatch\AcXtrnal.dll
2008-12-10 19:10 296,960 ----a-w d:\windows\System32\gdi32.dll
2008-12-10 19:10 2,048 ----a-w d:\windows\System32\tzres.dll
2008-12-10 19:09 996,352 ----a-w d:\windows\System32\WMNetMgr.dll
2008-12-10 19:09 94,720 ----a-w d:\windows\System32\logagent.exe
2008-12-10 19:09 678,408 ----a-w d:\windows\System32\gpprefcl.dll
2008-12-10 19:09 2,868,736 ----a-w d:\windows\System32\mf.dll
2008-01-21 02:41 174 --sha-w d:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-03-04_ 6.58.56.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-07 04:55:36 80,395 ----a-r d:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-03-05 17:01:08 75,497 ----a-r d:\windows\Installer\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\ARPPRODUCTICON.exe
+ 2009-03-07 04:54:48 62,304 ----a-r d:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
- 2009-03-04 01:19:00 2,048 --sha-w d:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-07 07:49:04 2,048 --sha-w d:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-04 01:19:00 2,048 --sha-w d:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-07 07:49:04 2,048 --sha-w d:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-04 01:20:00 262,144 --sha-w d:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-07 08:27:26 262,144 --sha-w d:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-07 08:27:26 262,144 ---ha-w d:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-30 13:46:24 2,661,623 -c--a-w d:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2009-03-04 10:03:26 2,661,623 -c--a-w d:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2009-03-04 01:20:52 262,144 --sha-w d:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-07 16:15:53 262,144 --sha-w d:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-07 16:15:53 262,144 ---ha-w d:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-04 01:19:23 16,384 --sha-w d:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-07 15:50:45 16,384 --sha-w d:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-04 01:19:23 32,768 --sha-w d:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-07 15:50:45 32,768 --sha-w d:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-17 09:59:12 20,040 ----a-w d:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
- 2009-03-04 01:19:23 16,384 --sha-w d:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-07 15:50:45 16,384 --sha-w d:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-04 01:14:51 262,144 ----a-w d:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-07 16:12:46 262,144 ----a-w d:\windows\System32\config\systemprofile\ntuser.dat
- 2009-02-24 10:17:29 144,792 ----a-w d:\windows\System32\java.exe
+ 2009-03-05 04:26:14 144,792 ----a-w d:\windows\System32\java.exe
- 2009-02-24 10:17:29 144,792 ----a-w d:\windows\System32\javaw.exe
+ 2009-03-05 04:26:14 144,792 ----a-w d:\windows\System32\javaw.exe
- 2009-02-24 10:17:29 148,888 ----a-w d:\windows\System32\javaws.exe
+ 2009-03-05 04:26:15 148,888 ----a-w d:\windows\System32\javaws.exe
- 2009-02-27 07:02:16 105,852 ----a-w d:\windows\System32\perfc009.dat
+ 2009-03-07 16:08:12 105,852 ----a-w d:\windows\System32\perfc009.dat
- 2009-02-27 07:02:16 600,378 ----a-w d:\windows\System32\perfh009.dat
+ 2009-03-07 16:08:12 600,378 ----a-w d:\windows\System32\perfh009.dat
- 2009-03-03 16:52:17 6,553,600 ----a-w d:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-03-07 06:43:00 6,553,600 ----a-w d:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-01-21 02:21:22 89,600 ----a-w d:\windows\System32\spool\prtprocs\w32x86\1_HPZPPLHN.DLL
- 2009-03-04 01:21:00 7,140 ----a-w d:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-288562864-4153202436-3229124400-1000_UserData.bin
+ 2009-03-07 07:51:09 7,544 ----a-w d:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-288562864-4153202436-3229124400-1000_UserData.bin
- 2009-03-04 01:20:59 70,972 ----a-w d:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-07 07:51:09 71,400 ----a-w d:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-04 01:20:54 30,548 ----a-w d:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-07 07:51:00 32,622 ----a-w d:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-26 02:54:28 205,432 ----a-w d:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-03-05 03:21:59 208,198 ----a-w d:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-01-21 02:23:26 10,620,928 ----a-w d:\windows\System32\wmp.dll
+ 2008-12-16 05:31:35 10,622,976 ----a-w d:\windows\System32\wmp.dll
- 2009-03-03 15:00:42 84,442,821 ----a-w d:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-03-07 04:54:18 85,448,804 ----a-w d:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-16 05:53:36 4,096 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\dxmasf.dll
+ 2008-12-16 05:53:35 7,680 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\spwmp.dll
+ 2008-12-16 05:53:36 10,619,904 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmp.dll
+ 2008-12-16 05:53:30 107,520 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmpconfig.exe
+ 2008-12-16 05:53:30 168,960 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmplayer.exe
+ 2008-12-16 04:00:17 8,147,968 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmploc.DLL
+ 2008-12-16 05:53:30 107,520 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\wmpshare.exe
+ 2008-12-16 05:37:10 4,096 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\dxmasf.dll
+ 2008-12-16 05:36:47 7,680 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\spwmp.dll
+ 2008-12-16 05:37:33 10,619,904 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmp.dll
+ 2008-12-16 03:49:51 107,520 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmpconfig.exe
+ 2008-12-16 03:49:38 168,960 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmplayer.exe
+ 2008-12-16 03:49:52 8,147,968 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmploc.DLL
+ 2008-12-16 03:49:20 107,520 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\wmpshare.exe
+ 2008-12-16 05:31:31 4,096 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\dxmasf.dll
+ 2008-12-16 05:31:30 7,680 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\spwmp.dll
+ 2008-12-16 05:31:35 10,622,976 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmp.dll
+ 2008-12-16 05:31:19 107,520 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmpconfig.exe
+ 2008-12-16 05:31:19 168,960 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmplayer.exe
+ 2008-12-16 03:29:44 8,147,456 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmploc.DLL
+ 2008-12-16 05:31:19 107,520 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\wmpshare.exe
+ 2008-12-16 04:32:10 4,096 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\dxmasf.dll
+ 2008-12-16 04:31:29 7,680 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\spwmp.dll
+ 2008-12-16 04:32:38 10,624,512 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmp.dll
+ 2008-12-16 02:38:46 107,520 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmpconfig.exe
+ 2008-12-16 02:38:29 168,960 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmplayer.exe
+ 2008-12-16 02:39:20 8,147,456 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmploc.DLL
+ 2008-12-16 02:38:10 107,520 ----a-w d:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\wmpshare.exe
+ 2009-03-07 04:54:09 479,232 ----a-w d:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad\msvcm80.dll
+ 2009-03-07 04:54:09 548,864 ----a-w d:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad\msvcp80.dll
+ 2009-03-07 04:54:09 626,688 ----a-w d:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Google Update"="d:\users\Shantam\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-30 133104]
"ehTray.exe"="d:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"googletalk"="d:\users\Shantam\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"Messenger (Yahoo!)"="d:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 d:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="d:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6707744]
"Skytel"="d:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"Keyboard Manager Utility"="d:\program files\Keyboard Manager\Manager Utility\KeyboardManager.exe" [2007-03-27 1359872]
"SMSERIAL"="d:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-06-11 1454080]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"NvSvc"="d:\windows\system32\nvsvc.dll" [2007-05-22 86016]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-05-22 8433664]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2007-05-22 81920]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 148888]
"RemoteControl9"="d:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="d:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="d:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]

d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - d:\program files\RALINK\Common\RaUI.exe [2009-01-30 942080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= d:\windows\system32\xvidvfw.dll

[HKLM\~\startupfolder\D:^Users^Shantam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=d:\users\Shantam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=d:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\D:^Users^Shantam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MediaRing Talk.lnk]
path=d:\users\Shantam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MediaRing Talk.lnk
backup=d:\windows\pss\MediaRing Talk.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 d:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-05 09:56 148888 d:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoxOx]
--a------ 2009-02-21 00:41 5087232 d:\program files\VoxOx\voxox.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2D40C8DD-73C0-4F53-85C3-BFE9DF60634F}"= UDP:d:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{77E9FDB8-1A12-44E5-9A6D-688B539B090B}"= TCP:d:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7FBB4549-192E-482D-B1DB-247763DBE7EF}"= TCP:6004|d:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{61DE8B5E-A213-4A4D-B222-013BDBDF7405}"= UDP:d:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{87CD0346-EA8C-45B1-9A26-A89B38316D7C}"= TCP:d:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{34B5FE4F-C343-4673-B269-C5FDBC694A6A}"= UDP:d:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A89AAA3B-5AD1-4D4E-8FC0-3F7EAD235DC5}"= TCP:d:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A645A130-9751-4109-B583-B31A8D73355F}"= d:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{D863E18A-210F-42FD-B0CD-5B550DBD8A91}d:\\program files\\utorrent\\utorrent.exe"= UDP:d:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{1F2F2EDC-FB0C-419E-85F2-873312EF8970}d:\\program files\\utorrent\\utorrent.exe"= TCP:d:\program files\utorrent\utorrent.exe:µTorrent
"{1794399A-734F-468A-90FE-EBCB97435A0F}"= UDP:d:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A10AB192-BEF4-40F3-8008-0294DDFDE306}"= TCP:d:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{75BF14EF-9FDB-4661-9D76-A933CE8239E0}"= d:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0
"{4609D3AC-DFE8-4B24-A8CF-71C0A3CE6D7E}"= d:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0

R1 aswSP;avast! Self Protection;d:\windows\System32\drivers\aswSP.sys [2009-03-01 114768]
R1 nm3;Microsoft Network Monitor 3 Driver;d:\windows\System32\drivers\nm3.sys [2008-09-10 50184]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/03/05 22:31:28];d:\program files\CyberLink\PowerDVD9\000.fcl [2009-02-28 19:40:18 87536]
R2 aswFsBlk;aswFsBlk;d:\windows\System32\drivers\aswFsBlk.sys [2009-03-01 20560]
R2 aswMonFlt;aswMonFlt;d:\windows\System32\drivers\aswMonFlt.sys [2009-03-01 51792]
R2 HFGService;Handsfree Headset Service;d:\windows\system32\svchost.exe -k bthaudiosvc [2008-01-21 21504]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;d:\windows\System32\drivers\netr73.sys [2008-10-21 497152]
S3 BthAudioHF;BthAudioHF Service;d:\windows\System32\drivers\BthAudioHF.sys [2008-07-10 30208]
S3 ti21sony;ti21sony;d:\windows\System32\drivers\ti21sony.sys [2009-02-26 808448]
S4 .norton2009Reset;Norton 2009 Reset;d:\programdata\Norton\Norton2009Reset.exe --> d:\programdata\Norton\Norton2009Reset.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cad5ec70-ef42-11dd-bd5f-806e6f6e6963}]
\shell\AutoRun\command - G:\Digit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-03-07 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-288562864-4153202436-3229124400-1000.job
- d:\users\Shantam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-30 20:23]

2009-03-07 d:\windows\Tasks\User_Feed_Synchronization-{27232AA5-5B9B-4310-A6F3-E322BDD49D97}.job
- d:\windows\system32\msfeedssync.exe [2008-01-21 07:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B2659759-5804-46AB-AEE1-5988886259C9} = 208.67.220.220,208.67.222.222
FF - ProfilePath - d:\users\Shantam\AppData\Roaming\Mozilla\Firefox\Profiles\15u9hya4.default\
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: d:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: d:\users\Shantam\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\users\Shantam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 21:46:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-07 21:48:30
ComboFix-quarantined-files.txt 2009-03-07 16:18:25
ComboFix2.txt 2009-03-04 01:30:32

Pre-Run: 19,087,253,504 bytes free
Post-Run: 18,969,538,560 bytes free

372 --- E O F --- 2009-03-05 22:12:03


and Here is my Fresh HJT Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:47, on 07-03-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
D:\Windows\system32\Dwm.exe
D:\Windows\system32\taskeng.exe
D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
D:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Windows\System32\rundll32.exe
D:\Windows\System32\rundll32.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
D:\Program Files\CyberLink\Shared Files\brs.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Users\Shantam\AppData\Local\Google\Update\GoogleUpdate.exe
D:\Windows\ehome\ehtray.exe
D:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Users\Shantam\AppData\Roaming\Google\Google Talk\googletalk.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Windows\ehome\ehmsas.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Windows\system32\taskeng.exe
D:\Windows\Explorer.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Users\Shantam\Downloads\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] D:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "D:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [SMSERIAL] D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE D:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl9] "D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] D:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Google Update] "D:\Users\Shantam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] D:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [googletalk] D:\Users\Shantam\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2659759-5804-46AB-AEE1-5988886259C9}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - D:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 6685 bytes

The Flash Disinfector finished its work within just 4-5 seconds and I dont think it found anything and this time Combofix was also unable to find anything.

Edited by Lanny25, 07 March 2009 - 11:25 AM.


#18 Lanny25

Lanny25
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:15 PM

Posted 08 March 2009 - 07:13 AM

Hi sundavis :thumbup2:

Considering the severity of my infection and googling about it, I thought it was better to Format my Windows and Reinstall it again, so I have done so.I would now request you to give me some tips on how can I prevent future infections on my PC.I really thank you for your help :)

#19 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 PM

Posted 08 March 2009 - 08:51 AM

Hi Lanny25,


Sorry for thingy didn't go as i expected. But for the bright sight, It's a good call to make. Ensure that your system is clean, stable and secure. The following articles are good to read for your future prevention.

Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.

Best Regards,

#20 Lanny25

Lanny25
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:15 PM

Posted 08 March 2009 - 10:17 AM

No its nothing of that sort.I am very thankful to you for your precious help :thumbup2: and now you can surely close this topic.

#21 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 09 March 2009 - 06:41 AM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users