Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Urgent Help


  • This topic is locked This topic is locked
9 replies to this topic

#1 Jack The Ripper

Jack The Ripper

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 10 November 2010 - 04:29 PM

Hey guys ,


I ran combofix today cause i felt my Anti virus Kasper sky 2010 was missing out on something and i was correct as my computer was acting weird.
When i ran combofix , i found out that there was a root-kit i think it was calling TDL-143 if i remember correct , anyways combofix rebooted the pc and started running its scan which took almost 30 mins or so . It surely disinfected my PC but i have certain Issues .. When i try to Log in or Log out .. Or when i try to install Yahoo Messenger and sign In or even via installing , after its done it gives me a error saying

Yahoo Messenger error
" THE APPLICATION HAS FAILED TO INITIALIZE (0XC0000142) PRESS OK TO TERMINATE THE APPLICATION ) same error pop's up when i try to Log in or install something . something it has " Explorer error " with same message .

I have the combofix Log file .. and both DDS files , the files are almost 1 MB in size , so can you please help me and tell me how to resolve this issue. I uploaded all files because it was too big to post em . So please help me

Logs combofix and dds

Edited by Jack The Ripper, 10 November 2010 - 04:30 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 10 November 2010 - 04:37 PM

Hello Jack The Ripper ,

Posted Image

I can't see what you posted....not going to create an account for it either, but thank you for trying. :thumbup2: You can post them by breaking them up and using several posts, please....that's all right. :)

Let's do this and see if it helps :

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Jack The Ripper

Jack The Ripper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 10 November 2010 - 09:15 PM

The reason i came here was to find a solution . And the reason i uploaded the files was because .. i cant attach the logs it says they are too big

cant post em it says post is too big and there are 3 log files which means i would need to make 9 posts one after the other and i think tht would be considered spamming and logs wont make sense

Hence i put the Combofix and Dss logs 1 and 2 together and made one file and uploaded it . The Link doesnt need u to have an account , all you have to do is wait 20 seconds and then download the logs which are almost 1 MB

because i seen this forum and usually after combofix log , u request for dss logs , so i got em all together .

I tried the tddskiller and no infections were found . But thanks for the tool .

If you wish to help its your choice . i cant force you , it was my fault to use combofix i guess , i just wanted help with the error

i was getting , i couldnt intall or sign into yahoo messenger

because or error code (0xc0000142) as stated in my first post , i just wana know how to fix this error

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 10 November 2010 - 11:15 PM

Hello,

I didn't ask you to attach the logs....simply break them up and copy & paste into as many posts as is necessary. :)

Also, I'd like to know where you got the idea that I didn't want to help you? :blink:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 11 November 2010 - 02:37 AM

All right....I looked at your ComboFix log, and the file that it deleted with reference to anything Yahoo was the ymsg12encrypt.dll It *looks* like someone else has done this to you...the file is bad and ComboFix did right by deleting it, but its presence probably explains your issues. http://www.threatexpert.com/files/ymsg12encrypt.dll.html

I know you said you uninstalled and reinstalled it, but how thorough were you? Uninstall it again, and manually delete any folder having to do with it on your computer, then try reinstalling it.

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 Jack The Ripper

Jack The Ripper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 11 November 2010 - 03:31 AM

ok ill do that .. thanks a lot

#7 Jack The Ripper

Jack The Ripper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 11 November 2010 - 04:14 AM

This is the new log it still deleted YMSG12


ComboFix 10-11-09.02 - Sam 11/11/2010 0:58.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2536 [GMT -8:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sam\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SCLabel.ocx
c:\windows\system32\YMSG12ENCRYPT.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-11 to 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-11 01:20 . 2009-10-21 02:47 113280 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-11-11 01:20 . 2009-10-12 23:21 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-11-11 01:20 . 2009-09-10 22:55 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-11-11 01:20 . 2007-08-09 12:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-11-10 15:09 . 2010-11-10 15:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Skype
2010-11-03 14:16 . 2010-11-03 14:16 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-11-03 14:13 . 2010-11-03 14:13 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-11-03 14:13 . 2010-11-03 14:17 -------- d-----w- c:\windows\SHELLNEW
2010-11-03 14:13 . 2010-11-03 14:13 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Microsoft Help
2010-11-03 14:13 . 2010-11-10 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-11-03 14:13 . 2010-11-03 14:13 -------- d-----r- C:\MSOCache
2010-11-03 13:59 . 2003-04-19 02:06 8192 ----a-w- c:\windows\system32\srvany.exe
2010-11-02 23:16 . 2010-11-08 18:14 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\AA2DeployClient
2010-11-02 23:16 . 2010-11-02 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AA2DeployClient
2010-11-01 19:30 . 2010-11-08 18:54 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-01 19:30 . 2010-11-01 19:30 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\PunkBuster
2010-11-01 19:29 . 2010-11-08 18:54 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-11-01 19:29 . 2010-11-01 19:29 138056 ----a-w- c:\documents and settings\Sam\Application Data\PnkBstrK.sys
2010-11-01 19:28 . 2010-11-08 18:54 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-01 19:28 . 2010-11-01 19:28 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-01 19:28 . 2010-10-31 20:18 3360624 ----a-w- c:\windows\system32\pbsvc.exe
2010-11-01 19:24 . 2010-11-01 19:25 -------- d-----w- c:\documents and settings\Sam\Application Data\Raptr
2010-11-01 19:24 . 2010-11-01 19:24 -------- d-----w- c:\program files\Raptr
2010-10-31 15:32 . 2010-10-31 15:32 -------- d-----w- c:\documents and settings\Sam\Application Data\Wireshark
2010-10-31 11:31 . 2010-11-09 10:14 -------- d-----w- c:\documents and settings\Sam\Application Data\vlc
2010-10-31 11:29 . 2010-10-31 11:29 -------- d-----w- c:\program files\VideoLAN
2010-10-31 11:28 . 2010-10-31 11:28 -------- d-sh--w- c:\documents and settings\Sam\IECompatCache
2010-10-31 11:28 . 2010-11-11 08:51 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\AskToolbar
2010-10-31 11:13 . 2010-11-09 20:54 -------- d-----w- c:\program files\Steam
2010-10-31 09:37 . 2010-10-31 09:37 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Thinstall
2010-10-31 09:37 . 2010-10-31 09:37 -------- d-----w- c:\documents and settings\Sam\Application Data\Thinstall
2010-10-29 09:52 . 2010-11-08 18:14 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Deployment
2010-10-29 01:50 . 2010-10-29 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Visual Studio
2010-10-29 01:42 . 2010-10-29 01:42 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\Identities
2010-10-28 09:20 . 2010-10-28 09:20 -------- d-----w- c:\program files\City Interactive
2010-10-28 04:26 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-10-28 04:26 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-10-28 04:24 . 2010-10-28 04:24 -------- d-----w- c:\windows\system32\RsFx
2010-10-28 04:17 . 2010-10-28 04:25 -------- d-----w- c:\program files\Microsoft SQL Server
2010-10-28 04:17 . 2010-10-28 04:17 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-10-28 04:17 . 2010-10-28 04:17 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-10-28 04:13 . 2010-10-28 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2010-10-28 04:05 . 2010-10-28 04:05 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-10-28 04:05 . 2010-10-28 04:05 -------- d-----w- c:\program files\IIS
2010-10-28 04:04 . 2010-10-28 04:04 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-10-28 04:04 . 2010-10-28 04:33 2478272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-10-28 03:55 . 2010-10-28 03:55 -------- d-----w- c:\windows\symbols
2010-10-28 03:54 . 2010-10-28 04:17 -------- d-----w- c:\program files\Microsoft SDKs
2010-10-28 03:54 . 2010-10-28 04:00 -------- d-----w- c:\program files\Microsoft F#
2010-10-28 03:54 . 2010-10-28 03:57 -------- d-----w- c:\program files\HTML Help Workshop
2010-10-28 03:54 . 2010-10-28 03:59 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-10-28 03:54 . 2010-10-28 03:54 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-10-28 03:54 . 2010-10-28 04:13 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-10-28 03:50 . 2010-10-28 03:50 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-10-27 09:32 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-10-27 05:30 . 2010-10-27 05:30 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-27 05:29 . 2010-11-01 19:28 -------- d-----w- c:\windows\system32\LogFiles
2010-10-27 05:29 . 2010-10-27 05:30 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-10-26 20:43 . 2010-10-26 20:43 -------- d-sh--w- c:\documents and settings\Sam\PrivacIE
2010-10-26 08:06 . 2010-10-26 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-10-26 04:21 . 2010-10-26 04:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-10-26 04:19 . 2010-11-03 08:32 -------- d-----w- c:\documents and settings\Sam\Application Data\skypePM
2010-10-26 04:16 . 2010-10-26 04:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-10-26 04:15 . 2010-10-31 12:26 -------- d-----w- c:\program files\Google
2010-10-26 04:15 . 2010-10-26 04:15 -------- d-----w- c:\program files\Common Files\Skype
2010-10-26 04:15 . 2010-11-03 12:50 -------- d-----w- c:\documents and settings\Sam\Application Data\Skype
2010-10-26 04:15 . 2010-10-26 04:15 -------- d-----r- c:\program files\Skype
2010-10-26 04:15 . 2010-10-26 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-10-26 04:08 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-26 04:08 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-26 04:06 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-25 13:52 . 2010-10-25 13:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-10-25 13:38 . 2010-10-25 13:38 -------- d-----w- c:\windows\system32\scripting
2010-10-25 13:38 . 2010-10-25 13:38 -------- d-----w- c:\windows\l2schemas
2010-10-25 13:38 . 2010-10-25 13:38 -------- d-----w- c:\windows\system32\en
2010-10-25 13:38 . 2010-10-25 13:38 -------- d-----w- c:\windows\system32\bits
2010-10-25 13:32 . 2010-10-25 13:32 -------- d-----w- c:\windows\EHome
2010-10-25 06:57 . 2010-10-25 06:57 -------- d-----w- c:\program files\Marvell
2010-10-25 06:47 . 2010-10-25 06:47 -------- d-sh--w- c:\documents and settings\Sam\IETldCache
2010-10-25 06:43 . 2010-10-25 06:44 -------- dc-h--w- c:\windows\ie8
2010-10-25 02:55 . 2010-10-25 02:55 -------- d-----w- c:\program files\Bonjour
2010-10-25 02:46 . 2010-10-25 02:46 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-10-24 12:33 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-24 12:33 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-24 03:54 . 2010-11-10 23:23 -------- d-----w- c:\documents and settings\Sam\Tracing
2010-10-24 03:35 . 2010-10-24 03:35 -------- d-----w- c:\program files\Microsoft
2010-10-24 03:34 . 2010-10-24 03:34 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-24 03:11 . 2010-10-24 03:11 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-24 03:04 . 2010-10-28 04:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-24 02:47 . 2010-10-24 03:09 -------- d-----w- c:\documents and settings\Sam\Contacts
2010-10-24 02:03 . 2010-10-24 02:05 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2010-10-24 02:03 . 2010-10-24 03:39 -------- d-----w- c:\program files\Windows Live
2010-10-24 02:03 . 2010-10-24 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2010-10-22 07:55 . 2010-10-22 08:01 -------- d-----w- c:\documents and settings\Sam\Application Data\YTK Enhanced
2010-10-22 00:32 . 2010-10-22 00:34 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-20 15:19 . 2009-03-09 22:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-10-20 15:18 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-10-20 14:28 . 2010-10-20 14:28 -------- d-----w- c:\windows\Logs
2010-10-19 21:18 . 2010-10-19 21:18 53248 ----a-w- c:\windows\system32\DarkSlime.ocx
2010-10-19 19:05 . 2010-10-19 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft
2010-10-19 18:51 . 2010-10-29 16:44 -------- d-----w- c:\documents and settings\Sam\Application Data\FrostWire
2010-10-19 18:49 . 2010-10-19 19:11 -------- d-----w- c:\documents and settings\Sam\Local Settings\Application Data\OpenCandy
2010-10-19 18:49 . 2010-10-19 18:49 -------- d-----w- c:\documents and settings\Sam\Application Data\OpenCandy
2010-10-19 18:49 . 2010-10-19 18:52 -------- d-----w- c:\program files\FrostWire
2010-10-17 23:58 . 2010-10-17 23:59 -------- d-----w- c:\program files\Dell Remote Access
2010-10-17 23:58 . 2010-10-17 23:58 -------- d-----w- c:\program files\Common Files\Dell
2010-10-17 23:58 . 2010-10-17 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-10-17 23:56 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-10-17 23:56 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-17 23:53 . 2010-10-17 23:53 -------- d-----w- c:\documents and settings\Sam\Bluetooth Software
2010-10-17 23:53 . 2010-10-17 23:53 -------- d-----w- c:\program files\WIDCOMM
2010-10-17 23:51 . 2010-10-17 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2010-10-17 23:50 . 2010-10-17 23:56 -------- d-----w- c:\program files\Raxco
2010-10-17 23:49 . 2010-10-17 23:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-17 23:49 . 2010-10-17 23:49 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-17 23:47 . 2010-11-09 21:42 -------- d-----w- c:\documents and settings\Sam\Application Data\4shared Desktop
2010-10-17 23:47 . 2010-10-17 23:47 -------- d-----w- c:\program files\4shared Desktop
2010-10-17 23:34 . 2010-10-17 23:35 -------- d-----w- c:\program files\Fingerprint Reader Suite
2010-10-17 22:24 . 2010-10-17 22:24 -------- d-----w- c:\program files\SystemRequirementsLab
2010-10-17 22:24 . 2010-10-17 22:24 -------- d-----w- c:\documents and settings\Sam\Application Data\SystemRequirementsLab
2010-10-17 22:21 . 2010-10-17 22:21 -------- d-----w- c:\windows\Sun
2010-10-17 20:18 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-10-17 20:18 . 2010-09-14 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-10-17 20:18 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-17 20:18 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-17 23:49 . 2010-10-09 23:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-10 03:26 . 2010-10-10 03:20 778240 ----a-w- c:\windows\system32\SkinCrafter2.dll
2010-10-10 00:17 . 2010-10-10 00:18 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-10-10 00:17 . 2010-10-10 00:18 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-10 00:17 . 2010-10-10 00:18 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-18 19:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-02 13:22 . 2010-09-06 15:36 76896 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-10-10 06:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2006-06-16 03:33 . 2010-10-10 05:58 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-26 01:43 . 2010-10-10 05:58 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 21:41 . 2010-10-10 05:58 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 20:10 . 2010-10-10 05:58 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 19:19 . 2010-10-10 05:58 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-11 01:35 . 2010-10-10 05:58 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 18:10 . 2010-10-10 05:58 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 18:42 . 2010-10-10 05:58 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 18:22 . 2010-10-10 05:58 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 18:21 . 2010-10-10 05:58 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-11-10_16.31.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-11 08:57 . 2010-11-11 08:57 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat
+ 2010-10-10 03:20 . 2008-06-22 06:26 48640 c:\windows\system32\YMSG15ncrypt.dll
- 2010-10-10 03:20 . 2008-06-22 05:26 48640 c:\windows\system32\YMSG15ncrypt.dll
- 2010-10-10 03:20 . 2008-10-16 10:39 51712 c:\windows\system32\YMSG13.dll
+ 2010-10-10 03:20 . 2008-10-16 11:39 51712 c:\windows\system32\YMSG13.dll
+ 2010-10-10 03:20 . 2008-06-22 07:26 48640 c:\windows\system32\VoodoEncrypt15.dll
- 2010-10-10 03:20 . 2008-06-22 06:26 48640 c:\windows\system32\VoodoEncrypt15.dll
+ 2010-11-03 14:19 . 2010-11-10 18:58 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 34144 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-11-03 14:19 . 2010-11-10 18:58 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 42848 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-11-03 14:19 . 2010-11-10 18:58 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 19296 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-10-10 03:20 . 2007-08-31 01:17 204800 c:\windows\system32\yacsui.dll
- 2010-10-10 03:20 . 2007-08-31 00:17 204800 c:\windows\system32\yacsui.dll
+ 2010-10-09 23:10 . 2008-05-12 05:30 274432 c:\windows\system32\yacscom.dll
- 2010-10-09 23:10 . 2008-05-12 04:30 274432 c:\windows\system32\yacscom.dll
+ 2010-10-10 03:20 . 2008-05-30 21:01 195584 c:\windows\system32\Xvoice.dll
- 2010-10-10 03:20 . 2008-05-30 20:01 195584 c:\windows\system32\Xvoice.dll
+ 2008-07-17 00:17 . 2002-10-07 04:37 119568 c:\windows\system32\VB6FR.DLL
- 2008-07-17 00:17 . 2002-10-07 03:37 119568 c:\windows\system32\VB6FR.DLL
+ 2006-02-28 12:00 . 2010-11-11 01:01 559834 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2010-11-10 16:33 559834 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2010-11-10 16:33 109302 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2010-11-11 01:01 109302 c:\windows\system32\perfc009.dat
- 2010-11-03 14:19 . 2010-11-09 22:08 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-11-03 14:19 . 2010-11-10 18:58 415584 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-11-03 14:19 . 2010-11-10 18:58 303456 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-11-03 14:19 . 2010-11-10 18:58 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 571232 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
+ 2010-11-03 14:19 . 2010-11-10 18:58 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 326496 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-10-27 22:24 . 2010-10-27 22:24 3464704 c:\windows\Installer\874e33.msp
+ 2010-11-03 14:19 . 2010-11-10 18:58 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 1479520 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-11-03 14:19 . 2010-11-10 18:58 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 1858400 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 4520288 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
+ 2010-11-03 14:19 . 2010-11-10 18:58 4520288 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\promoicon.exe
+ 2010-11-03 14:19 . 2010-11-10 18:58 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 3792736 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
- 2010-11-03 14:19 . 2010-11-09 22:08 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-11-03 14:19 . 2010-11-10 18:58 1449312 c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-10-11 05:37 . 2010-11-10 18:58 35758536 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-09-02 13:22 70264 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-10-31 3241312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NVHotkey"="nvHotkey.dll" [2010-07-09 178792]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2010-03-05 1396736]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1206544]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-10-11 340520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceCheck"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 06:04 86528 ----a-w- c:\windows\system32\psqlpwd.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Remote Access.lnk]
backup=c:\windows\pss\Dell Remote Access.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4shared Update]
2010-07-01 14:43 603136 ----a-w- c:\program files\4shared Desktop\checkUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-04-02 16:11 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2009-06-16 07:20 41800 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 23:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Partner]
2010-11-11 01:19 110592 ----a-w- c:\program files\Tata Photon+\Huawei\Tata Photon+.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PerfectSpeed.exe]
2009-12-02 19:30 7365896 ----a-w- c:\program files\Raxco\PerfectSpeed20\PerfectSpeed.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2007-04-17 05:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
2010-10-28 23:18 52136 ----a-w- c:\progra~1\Raptr\raptrstub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2010-04-08 16:15 3233752 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 07:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-10-31 11:15 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
2010-10-28 04:30 11804984 ----a-w- c:\program files\VoipDiscount.com\VoipDiscount\voipdiscount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PCToolsSSDMonitorSvc"=2 (0x2)
"TuneUp.UtilitiesSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"rpcapd"=3 (0x3)
"Bonjour Service"=2 (0x2)
"SQLWriter"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"hnmsvc"=2 (0x2)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"btwdins"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Dell Remote Access\\ezi_ra.exe"=
"c:\\Program Files\\Common Files\\Dell\\Advanced Networking Service\\hnm_svc.exe"=
"c:\\Program Files\\Common Files\\Dell\\VLC\\vlc.exe"=
"c:\\Program Files\\ZakFromAnotherPlanet\\Yazak Chat\\yazak.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\YEpic\\YEpic.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 7:18 PM 36880]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [9/6/2010 7:36 AM 76896]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/09 17:20];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [4/2/2010 8:11 AM 87536]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 10:19 AM 50704]
R2 Rx2Agent;Rx2Agent;c:\program files\Raxco\PerfectSpeed20\Rx2Agent.exe [12/2/2009 11:30 AM 779528]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 12:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 5:39 PM 19472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [11/3/2010 5:59 AM 8192]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [11/10/2010 5:20 PM 100736]
S3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [10/9/2010 3:12 PM 6606208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 Rx2Engine;Rx2Engine;c:\program files\Raxco\PerfectSpeed20\Rx2Engine.exe [12/2/2009 11:30 AM 947464]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 6:24 AM 10064]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [12/8/2009 8:24 PM 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 7:08 PM 47128]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/9/2010 3:14 PM 632792]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 2:23 AM 366936]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [10/30/2009 2:05 PM 1021256]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-11-11 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=14393&l=dis
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\down_link.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {8D29DA27-BE21-444C-9F48-D39414F86DED} = 218.248.240.208,218.248.240.180
TCP: {9468708D-2FF9-48A1-906A-3E01E8F439B1} = 218.248.241.4,218.248.240.180
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\3uhzal8a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Utubebario Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Sam\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Sam\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MI1933~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MI1933~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 01:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1767777339-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:36,9e,64,f1,ca,f5,9c,5e,23,6b,40,02,36,ce,62,90,53,1f,ff,d4,aa,17,c6,
01,1a,ef,5b,f5,b6,f6,30,42,4f,a6,df,31,27,4a,3f,bf,a0,41,cf,e0,6c,d6,9b,86,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1123561945-1767777339-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:24,d0,1a,04,e9,f2,81,bf,76,1d,77,52,9f,23,12,28,aa,28,1b,73,90,
7d,af,18,dc,bc,9f,aa,07,d5,98,1f,97,82,2f,59,26,63,b5,81,bc,3c,ab,6a,aa,fb,\
"rkeysecu"=hex:03,be,f8,37,27,fc,82,14,62,1b,f6,7e,0c,a0,1c,32

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7f472382-6d1a-490d-b88d-6a44ba04491d}]
@Denied: (Full) (Everyone)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1764)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Fingerprint Reader Suite\homepass.dll
c:\program files\Fingerprint Reader Suite\bio.dll
c:\program files\Fingerprint Reader Suite\remote.dll
c:\windows\system32\netprovcredman.dll
.
Completion time: 2010-11-11 01:07:21
ComboFix-quarantined-files.txt 2010-11-11 09:07
ComboFix2.txt 2010-11-10 16:36
ComboFix3.txt 2010-10-24 04:17
ComboFix4.txt 2010-10-17 20:28
ComboFix5.txt 2010-11-11 08:33

Pre-Run: 101,029,896,192 bytes free
Post-Run: 101,036,593,152 bytes free

- - End Of File - - EE49C1B0F832B2A213C8082CD1CBFFDF

#8 Jack The Ripper

Jack The Ripper
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 11 November 2010 - 04:20 AM

thanks a lot your way worked great . I ran combofix , it deleted Ymsg12encrypt again , and after that i deleted the folder and installed and its working fine

So thanks a lot for ur help sir

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 11 November 2010 - 10:15 AM

Hello,

You're welcome. :)

Uninstall ComboFix by doing the following :

Click Start>Run>Type in, or copy and paste ComboFix /Uninstall > click OK

If you don't use Ask, then I would uninstall it.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 14 November 2010 - 01:24 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users