Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pagefile Usage abnormally high


  • This topic is locked This topic is locked
14 replies to this topic

#1 funky_beats06

funky_beats06

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 April 2011 - 09:21 AM

Hi,

Since the last few days my pc task manager shows initial pagefile usage as 400 mb ,which is quite normal, but it keeps on increasing until it reaches 2 gb or more.Then my pc becomes very slow ,even if i try opening an application ,like a web browser, it becomes unresponsive and then forcefully closes itself.Then restarting my pc is the only option left.
After a few googles, I learnt and tried to change the initial and maximum pagefile size to around 1.5 times the amount of RAM in my system, but thats of no use i guess because the problem still persists.

Also, i have panda cloud antivirus and shows virus alerts atleast twice everyday and it says they have been neutralized,strainge thing about this is that it happens everyday !

Please help !!!

Heres my HJT log :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:10 PM, on 2/3/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jqsnotify.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -

C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud

Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java

Update\jusched.exe"
O4 - HKLM\..\Run: [IntelDataMgr] C:\WINDOWS\system32\igfxtd32.exe
O4 - HKLM\..\Run: [IntelDataManager] C:\WINDOWS\system32\igfxdm32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet

Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program

Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download

Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program

Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -

C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes -

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -

http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?123

8095774140
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -

http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) -

http://www.yoyogames.com/downloads/activex/YoYo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24DCF250-8DD5-406B-AAC0-497FB10EA533}:

NameServer = 203.115.71.66 203.115.81.38
O17 - HKLM\System\CS2\Services\Tcpip\..\{24DCF250-8DD5-406B-AAC0-497FB10EA533}:

NameServer = 203.115.71.66 203.115.81.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program

Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common

Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT

Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner -

E:\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. -

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. -

C:\Program Files\TP-LINK\COMMON\RaRegistry.exe

--
End of file - 8268 bytes

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 PM

Posted 08 May 2011 - 04:14 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 funky_beats06

funky_beats06
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 08 May 2011 - 02:05 PM

Hi Elise,

I downloaded and ran DDS. The contents of DDS.txt are posted below, Attach.txt is also attached.

Also, since my last post, I ran Malwarebytes' Anti Malware and Super AntiSpyware Free Edition, both of which found some files and also deleted them.

And regarding the pagefile usage, I tried setting the maximum pagefile size to 2811 MB, but as I stated earlier, the pagefile size goes on increasing. Currently it is 3.3GB :blink: ,because of which my pc cant run more than 3 applications at a time,that is to say that it just freezes!

However i think that the pagefile issue is indirectly related to the malware infecting my pc.

Mulţumesc foarte mult Elise :)

DDS.txt:


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Faiz at 0:04:15.45 on Sat 02/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.20 [GMT 5.5:30]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxds32.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Faiz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Faiz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Faiz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Faiz\Desktop\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: Userinit=c:\windows\system32\userinit.exe
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSConfig] c:\documents and settings\faiz\twuki.exe \u
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelDataMgr] c:\windows\system32\igfxtd32.exe
mRun: [IntelDataManager] c:\windows\system32\igfxdm32.exe
mRun: [IntelDataScheduler] c:\windows\system32\igfxds32.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: NoChangeAnimation = 0 (0x0)
mPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
LSP: c:\windows\system32\idmmbc.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238095774140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\faiz\applic~1\mozilla\firefox\profiles\97mxx2t5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=wbst&q=
FF - component: c:\documents and settings\faiz\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\faiz\application data\mozilla\firefox\profiles\97mxx2t5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\faiz\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\faiz\application data\mozilla\firefox\profiles\97mxx2t5.default\extensions\openxmlviewer@codeplex.com\plugins\npDocX.dll
FF - plugin: c:\documents and settings\faiz\application data\mozilla\firefox\profiles\97mxx2t5.default\extensions\openxmlviewer@codeplex.com\plugins\npnul32.dll
FF - plugin: c:\documents and settings\faiz\application data\mozilla\firefox\profiles\97mxx2t5.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\faiz\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox 3.5 beta 4\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - c:\program files\autocompletepro\support@predictad.com
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: OpenXMLViewer: OpenXMLViewer@Codeplex.com - %profile%\extensions\OpenXMLViewer@Codeplex.com
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\faiz\application data\idm\idmmzcc3
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - );user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 qhjidcfu;qhjidcfu;c:\windows\system32\drivers\qhjidcfu.sys --> c:\windows\system32\drivers\qhjidcfu.sys [?]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2009-11-23 3026]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 129928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 74480]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-4-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 110920]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\tp-link\common\RaRegistry.exe [2010-8-1 185632]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2010-8-1 19072]
R3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2010-6-18 26752]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2007-5-11 29184]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-10-3 31504]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 agsxi;Driver Image;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 aifytgniv;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 apgzh;Monitor Image;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 aqmqxgm;Monitor Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 awtyngkb;Support Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 blbwjxl;pxzkgza;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 bllikl;ohisp;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 btyitjlh;Boot Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 cgfogr;rldwbzo;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 cialjis;Network Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 cjmjdqdo;Manager Time;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 cyzyfya;Security Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 czhpyfqfs;Manager Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ddobuxq;Update Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 djdksiz;Driver Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 efftf;Helper Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 efjoib;Helper Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 eigwj;Boot Config;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 eolzefyel;Universal Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 esnviwrai;System Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ffzuu;System Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 fjkjmwx;Helper Network;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 fpncgjkiq;Security Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 grong;System Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 gsfedw;Microsoft Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-24 136176]
S2 gxkpwzp;Universal Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 hfirf;Support Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 hhxrm;Manager Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 hmhlgtk;Driver Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 hrftosijt;Manager Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 hsbhs;Universal Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 hsfodm;jpebjt;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 hsspzq;Image Server;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 imzhukzhz;Manager Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 innixl;Windows Task;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ismjudze;Time Universal;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ixjesec;System Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 iycza;Monitor Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 iytblzsjn;Installer Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 jaqufojx;mazdheqck;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 jkxdbfzis;Image Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 jovkp;Manager Image;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 jwjonterq;Server Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 kiiesvr;System Server;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 lidogglln;Helper Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 lipibuolo;Helper Task;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ljpmwnfzz;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mbhubw;Driver Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mfecwn;Windows Server;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mhdjgtix;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mnlbbjgog;Driver Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mrwllb;Manager Task;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 muxbe;Windows Task;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 myjyj;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 nagedhk;Task Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 nktloxkzd;Support Network;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ntasi;Manager Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 nxwcnqg;Server Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ofbggkil;Image Universal;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 oipdzrogl;Installer Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 pghobflif;Server Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 piyut;Task Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 pmdxpd;Boot Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 pqrlid;Support Shell;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 pzzyuwml;unabozkt;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 qhasev;Shell Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 qqkdcn;Installer Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 rbcelebq;Time Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 rivcvty;Server Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 rpualhl;svuuanah;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 rssgvpi;Helper Universal;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 rucpbg;Installer Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 sdnxpm;Universal Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 spnmscrhr;Windows Manager;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 sqaeozwkt;Update Config;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 stbma;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 sxflfh;Task Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 taudvf;Helper Config;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 tfbmc;Windows System;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 tthvyml;Monitor Image;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 uaovmohe;Microsoft Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ugukhzxnw;Monitor Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 umozsiftj;Config Image;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 uryvl;Windows Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 uwdjtd;Shell Image;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 velubewc;Time Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 vewdcy;Installer Task;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 vfxsp;Center Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 vygff;Monitor Manager;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 wjkoudb;Windows Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 wlbtuyh;Universal Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 wstyjhtb;Monitor Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 xjtvpmag;xeefkr;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 xrmfmadzm;Image Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 xrzbvle;Shell Helper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ybfzp;Boot Security;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 aloyzoyb;aloyzoyb;\??\c:\windows\system32\drivers\aloyzoyb.sys --> c:\windows\system32\drivers\aloyzoyb.sys [?]
S3 cnvzydgo;cnvzydgo;\??\c:\windows\system32\drivers\cnvzydgo.sys --> c:\windows\system32\drivers\cnvzydgo.sys [?]
S3 dnazsgqk;dnazsgqk;\??\c:\windows\system32\drivers\dnazsgqk.sys --> c:\windows\system32\drivers\dnazsgqk.sys [?]
S3 dxlacqsj;dxlacqsj;\??\c:\windows\system32\drivers\dxlacqsj.sys --> c:\windows\system32\drivers\dxlacqsj.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\faiz\locals~1\temp\ntm131.tmp --> c:\docume~1\faiz\locals~1\temp\NTM131.tmp [?]
S3 gbmyybvk;gbmyybvk;\??\c:\windows\system32\drivers\gbmyybvk.sys --> c:\windows\system32\drivers\gbmyybvk.sys [?]
S3 ghyhcohp;ghyhcohp;\??\c:\windows\system32\drivers\ghyhcohp.sys --> c:\windows\system32\drivers\ghyhcohp.sys [?]
S3 imhvbusi;imhvbusi;\??\c:\windows\system32\drivers\imhvbusi.sys --> c:\windows\system32\drivers\imhvbusi.sys [?]
S3 jndcqkaw;jndcqkaw;\??\c:\windows\system32\drivers\jndcqkaw.sys --> c:\windows\system32\drivers\jndcqkaw.sys [?]
S3 kqfkwesd;kqfkwesd;\??\c:\windows\system32\drivers\kqfkwesd.sys --> c:\windows\system32\drivers\kqfkwesd.sys [?]
S3 lbkqyoli;lbkqyoli;\??\c:\windows\system32\drivers\lbkqyoli.sys --> c:\windows\system32\drivers\lbkqyoli.sys [?]
S3 lgflgpzm;lgflgpzm;\??\c:\windows\system32\drivers\lgflgpzm.sys --> c:\windows\system32\drivers\lgflgpzm.sys [?]
S3 lljpsuer;lljpsuer;\??\c:\windows\system32\drivers\lljpsuer.sys --> c:\windows\system32\drivers\lljpsuer.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2010-6-21 36928]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2008-11-21 25773]
S3 rhtwjlea;rhtwjlea;\??\c:\windows\system32\drivers\rhtwjlea.sys --> c:\windows\system32\drivers\rhtwjlea.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 rshtnigq;rshtnigq;\??\c:\windows\system32\drivers\rshtnigq.sys --> c:\windows\system32\drivers\rshtnigq.sys [?]
S3 saiuwait;saiuwait;\??\c:\windows\system32\drivers\saiuwait.sys --> c:\windows\system32\drivers\saiuwait.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S3 vhovhsyv;vhovhsyv;\??\c:\windows\system32\drivers\vhovhsyv.sys --> c:\windows\system32\drivers\vhovhsyv.sys [?]
S3 yzsfwiip;yzsfwiip;\??\c:\windows\system32\drivers\yzsfwiip.sys --> c:\windows\system32\drivers\yzsfwiip.sys [?]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [2007-10-30 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [2007-10-30 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [2007-10-30 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [2007-10-30 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [2007-10-30 83344]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2010-11-01 06:37:29 167936 ----a-w- c:\windows\system32\xupc47.exe@
2010-11-01 06:34:56 326144 --sh--w- c:\windows\system32\igfxds32.exe
2010-10-30 16:56:43 -------- d-sh--r- C:\cwsandbox
2010-10-22 12:56:40 -------- d-----w- c:\documents and settings\faiz\nimbuzz
2010-10-22 12:56:04 -------- d-----w- c:\program files\Nimbuzz
2010-10-18 07:16:52 -------- d-----w- c:\docume~1\faiz\applic~1\CDisplayEx
2010-10-18 07:16:35 -------- d-----w- c:\program files\CDisplayEx
2010-10-12 15:04:56 -------- d-----w- c:\program files\Apache Software Foundation
2010-10-12 14:41:07 -------- d-----w- C:\php
2010-10-11 11:42:50 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 2
2010-10-11 10:07:36 -------- d-----w- c:\program files\Chit Chat For Facebook
2010-10-11 10:07:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Chit Chat For Facebook
2010-10-11 10:07:20 -------- d-----w- c:\program files\AutocompletePro
2010-10-07 16:04:25 -------- d-----w- c:\program files\common files\Autodesk Shared
2010-10-07 16:04:25 -------- d-----w- c:\program files\Autodesk
2010-10-06 18:40:33 -------- d-----w- C:\3dsmax9Tutorials
2010-10-05 18:33:10 -------- d-----w- c:\docume~1\faiz\applic~1\OpenOffice.org
2010-10-05 18:28:33 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-05 18:27:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-05 18:27:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-04 13:39:00 -------- d-----w- c:\program files\NetBeans 6.1
2010-10-04 06:46:16 0 ----a-w- c:\windows\system32\igfxdmv32.exe
2010-10-03 15:31:20 167936 ----a-w- c:\windows\system32\wmpbn3.exe
2010-10-01 14:28:46 3615744 ----a-w- c:\docume~1\faiz\applic~1\setup.exe
2010-09-23 07:57:29 -------- d-----w- c:\program files\Google Video
2010-09-13 17:49:10 388096 ----a-r- c:\docume~1\faiz\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-09-13 17:13:13 -------- d-----w- C:\cs 1.6
2010-09-13 08:22:36 123568 ----a-w- c:\windows\system32\cmdb87.exe@
2010-09-01 04:46:30 0 ----a-w- c:\windows\system32\gff6.exe
2010-08-22 16:44:36 -------- d-----w- c:\program files\Wireshark
2010-08-22 12:52:29 54428 ----a-w- c:\windows\system32\cmdb67.exe@
2010-08-01 15:29:47 796032 ----a-w- c:\windows\system32\Scutum.dll
2010-08-01 15:29:47 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-08-01 15:29:47 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2010-08-01 15:29:47 180224 ----a-w- c:\windows\system32\W32N55.dll
2010-08-01 15:29:47 152968 ----a-w- c:\windows\system32\RalinkGina.dll
2010-08-01 15:29:47 147456 ----a-w- c:\windows\system32\DiagFunc.dll
2010-08-01 15:29:47 1085440 ----a-w- c:\windows\system32\libeay32.dll
2010-08-01 15:16:40 -------- d-----w- c:\program files\TP-LINK
2010-08-01 15:10:34 465152 ----a-w- c:\windows\system32\drivers\rt73.sys
2010-08-01 15:10:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\TP-LINK Driver
2010-07-31 18:05:41 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-07-29 14:11:08 -------- d-----w- c:\docume~1\faiz\applic~1\facemoods.com
2010-07-16 08:13:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-16 08:12:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-07-16 08:12:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-07-16 08:12:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-07-16 08:12:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-07-16 08:12:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-07-16 08:12:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-07-16 08:12:38 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-07-16 08:08:44 -------- d-----w- c:\program files\Bonjour
2010-07-16 06:54:29 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-07-16 06:54:27 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-07-03 10:28:43 -------- d-----w- c:\program files\Magic RM to MP3 Converter
2010-07-03 10:02:49 421888 ----a-w- c:\windows\system32\rmsp.ax
2010-07-03 10:02:49 245760 ----a-w- c:\windows\system32\lame.ax
2010-07-03 10:02:49 110592 ----a-w- c:\windows\system32\dump.ax
2010-07-03 10:02:49 -------- d-----w- c:\program files\Free RM to MP3 Converter Splitter
2010-06-26 13:50:29 -------- d-----w- c:\docume~1\faiz\applic~1\Power Sound Editor Free
2010-06-26 13:49:20 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2010-06-26 13:49:20 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2010-06-26 13:49:20 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2010-06-26 13:49:20 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll
2010-06-26 13:49:20 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-06-26 13:49:19 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2010-06-26 13:49:18 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2010-06-26 13:49:18 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2010-06-26 13:13:48 -------- d-----w- c:\program files\Image To PDF Converter
2010-06-25 14:43:12 -------- d-----w- c:\docume~1\faiz\applic~1\HpUpdate
2010-06-25 14:42:59 -------- d-----w- c:\windows\Hewlett-Packard
2010-06-21 12:51:45 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2010-06-21 12:51:43 -------- d-----w- c:\docume~1\faiz\applic~1\XLink Kai
2010-06-21 12:48:51 1449984 ----a-r- c:\docume~1\faiz\applic~1\microsoft\installer\{87c24822-389c-45aa-9e75-0757b8f1a892}\kaiEngine.exe
2010-06-21 12:48:39 -------- d-----w- c:\program files\XLink Kai
2010-06-19 08:46:28 334 ----a-w- C:\FixReg.reg
2010-06-18 18:04:38 26752 ----a-r- c:\windows\system32\drivers\ipfnd51.sys
2010-06-10 06:48:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2010-06-08 08:50:22 98816 ------w- c:\windows\system32\FGWVB32.DLL
2010-06-08 08:50:22 419488 ------w- c:\windows\system32\Vsflex7L.ocx
2010-06-08 08:50:19 33280 ----a-w- c:\windows\system32\Huffyuv.dll
2010-05-27 13:09:30 141384 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2010-05-18 11:05:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 11:05:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 11:05:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 11:05:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 05:28:11 110920 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2010-05-04 03:06:53 129928 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2010-04-30 13:52:50 -------- d-----w- c:\docume~1\faiz\applic~1\MSNInstaller
2010-04-30 08:21:32 365824 ----a-w- c:\windows\system32\PSUNCpl.cpl
2010-04-30 08:16:51 111624 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2010-04-30 08:16:50 97032 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2010-04-27 10:46:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\PassMark
2010-04-22 14:48:04 -------- d-----w- c:\program files\PC Thermo K647
2010-04-19 11:02:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-04-18 18:09:38 -------- d-----w- c:\program files\ACW
2010-04-15 07:37:49 -------- d-----w- c:\docume~1\faiz\applic~1\Dropbox
2010-04-13 13:32:05 -------- d-----w- c:\docume~1\faiz\applic~1\AnvSoft
2010-04-11 16:22:57 356352 ----a-w- c:\windows\eSellerateEngine.dll
2010-04-06 08:14:28 -------- d-----w- c:\docume~1\faiz\locals~1\applic~1\Western Digital
2010-04-04 18:48:36 -------- d-----w- c:\documents and settings\faiz\j2mewtk
2010-04-04 17:31:08 -------- d-----w- c:\program files\LanHelper
2010-03-31 15:11:50 -------- d-----w- c:\docume~1\faiz\applic~1\Facebook
2010-03-21 14:30:09 -------- d-----w- c:\docume~1\faiz\locals~1\applic~1\assembly
2010-03-18 16:46:16 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-18 16:46:16 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-03-13 07:57:54 -------- d-----w- c:\docume~1\faiz\applic~1\IDM
2010-03-05 15:07:34 -------- d-----w- c:\program files\Softronics
2010-02-27 12:44:32 237568 ------w- c:\program files\common files\installshield\driver\8\intel 32\IScript8.dll
2010-02-27 12:44:31 327680 ------w- c:\program files\common files\installshield\driver\8\intel 32\ISRT.dll
2010-02-27 12:44:31 32768 ----a-w- c:\program files\common files\installshield\driver\8\intel 32\objps8.dll
2010-02-27 12:44:30 188416 ------w- c:\program files\common files\installshield\driver\8\intel 32\IUser8.dll
2010-02-27 12:44:28 647168 ----a-w- c:\program files\common files\installshield\driver\8\intel 32\IDriver.exe
2010-02-27 12:44:27 290816 ------w- c:\program files\common files\installshield\driver\8\intel 32\_ISRES1033.dll
2010-02-11 07:55:31 61674 ----a-w- c:\windows\system32\cmdb28.exe@
2010-02-11 07:55:29 172554 ----a-w- c:\windows\system32\xkmt18.exe@
2010-02-10 07:41:11 20480 ---ha-w- c:\documents and settings\faiz\twuki.exe
2010-02-09 12:03:50 -------- d-----w- c:\program files\DC++
2010-02-08 14:47:03 -------- d-----w- c:\program files\Microids
2010-02-08 10:22:14 73216 ----a-w- c:\windows\temp.000
2010-02-04 15:50:11 -------- d-----w- c:\docume~1\faiz\applic~1\UDC Profiles
2010-02-04 14:59:17 1024 ----a-w- c:\docume~1\alluse~1\applic~1\imgpdf2.dll
2010-02-04 14:59:14 -------- d-----w- c:\program files\PDF-Convert
2010-02-02 16:03:37 286720 ------w- c:\windows\Setup1.exe
2010-02-02 16:03:30 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-02-02 16:03:30 102912 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-02 13:11:53 -------- d-----w- C:\Output Files
2010-01-15 18:48:38 -------- d-----w- c:\windows\.jagex_cache_32
.
==================== Find3M ====================
.
2010-01-06 13:59:41 74703 ----a-w- c:\windows\system32\mfc45.dll
2004-08-03 19:26:56 69120 -csh--r- c:\windows\NOTEPAD.EXE
.
============= FINISH: 0:05:49.87 ===============

Attached Files


Edited by funky_beats06, 08 May 2011 - 02:26 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 PM

Posted 08 May 2011 - 02:49 PM

There is still some malware showing here.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 funky_beats06

funky_beats06
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 09 May 2011 - 04:32 AM

I downloaded Combofix and saved it on the desktop, but when i try to run it by double-clicking it shows me the following message :

You appear to have a corrupt download.
Please download a fresh copy of Combofix.exe
You can close Combofix by clicking the right corner of the progress bar.

Since then, i tried downloading from both the links several times but to no avail, even tried restarting my PC and then downloading , still the same message pops up.

Could you suggest me an alternative?
Thanks :)

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 PM

Posted 09 May 2011 - 04:35 AM

Reboot your computer in Safe Mode with Networking and try to download it from there.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 funky_beats06

funky_beats06
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 13 May 2011 - 10:15 AM

I was able to download Combofix the way you had said, but when i double clicked it , it showed me the following pop up:

Posted Image

Then Combofix refuses to proceed.

I dont have AVG installed on my machine :blink: , as you might have known by now I have Panda Antivirus. I had installed AVG some time back, but then i had uninstalled it and switched to Panda.

Help me !!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 PM

Posted 13 May 2011 - 10:22 AM

Please run AVG remover and then try again.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 funky_beats06

funky_beats06
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 14 May 2011 - 01:35 PM

I ran AVG remover, it produced a log which I am attaching for your reference.
However, still cant get Combofix to run, the same window pops up saying that I have AVG installed!!

Attached Files



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 PM

Posted 14 May 2011 - 01:41 PM

Please navigate to c:\program files\AVG and delete that folder. Then try to rerun Combofix.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 funky_beats06

funky_beats06
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 15 May 2011 - 01:46 PM

Finally got Combofix to run :thumbup2: !!!

Heres Combofix.txt :

ComboFix 11-05-09.02 - Faiz 05/15/2011 23:48:04.22.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.346 [GMT 5.5:30]
Running from: c:\documents and settings\Faiz\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Faiz\Application Data\Desktopicon
c:\documents and settings\Faiz\Application Data\facemoods.com
c:\documents and settings\Faiz\WINDOWS
c:\documents and settings\NetworkService\Application Data\facemoods.com
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AcRemoteUpdate.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\TaskScheduler.dll
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\windows\fix
.
.
((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))
.
.
2011-05-15 18:09 . 2011-05-15 18:09 72 ----a-w- c:\windows\RAVTC.TMP
2011-05-15 18:09 . 2011-05-15 18:09 -------- d-----w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan20.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-08-03 19:26 69120 -csh--r- c:\windows\NOTEPAD.EXE
2010-11-01 06:34 326144 --sh--w- c:\windows\system32\igfxds32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 09:34 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 09:34 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelDataScheduler"="c:\windows\system32\igfxds32.exe" [2010-11-01 326144]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-03 10:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qhjidcfu.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 19:26 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 11:37 61952 ----a-w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 04:17 163840 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 04:17 131072 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 09:23 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"f:\\games\\MIDTOWN MADNESS\\midtown.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"e:\\Counter Strike\\czero.exe"=
"e:\\Counter Strike\\hlds.exe"=
"e:\\Counter Strike\\hltv.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Tally\\tally72.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft XNA\\XNA Game Studio\\v3.1\\Tools\\AudConsole3.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\XNA\\XnaTrans\\v3.0\\XnaTransX.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_16\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_16\\jre\\bin\\java.exe"=
"c:\\Program Files\\XLink Kai\\kaiEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TP-LINK\\COMMON\\ApUI.exe"=
"c:\\Program Files\\Nimbuzz\\Nimbuzz.exe"=
"c:\\WINDOWS\\system32\\igfxdmv32.exe"=
"e:\\3dsmax.exe"=
"e:\\monitor.exe"=
"e:\\manager.exe"=
"e:\\server.exe"=
"e:\\CS 1.6 HD\\Counter Strike 1.6 HD NonSteam\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\igfxds32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"7903:TCP"= 7903:TCP:lttqhmd
.
R0 qhjidcfu;qhjidcfu;c:\windows\system32\Drivers\qhjidcfu.sys --> c:\windows\system32\Drivers\qhjidcfu.sys [?]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/11/2007 11:47 AM 685816]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 74480]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 1:47 PM 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [8/1/2010 8:59 PM 19072]
R3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [6/18/2010 11:34 PM 26752]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [5/11/2007 12:12 AM 29184]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/3/2002 12:09 AM 31504]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 agsxi;Driver Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 aifytgniv;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 apgzh;Monitor Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 aqmqxgm;Monitor Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 awtyngkb;Support Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 blbwjxl;pxzkgza;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 bllikl;ohisp;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 btyitjlh;Boot Helper;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 cgfogr;rldwbzo;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 cialjis;Network Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 cjmjdqdo;Manager Time;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 cyzyfya;Security Helper;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 czhpyfqfs;Manager Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ddobuxq;Update Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 djdksiz;Driver Microsoft;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 efftf;Helper Microsoft;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 efjoib;Helper Monitor;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 eigwj;Boot Config;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 eolzefyel;Universal Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 esnviwrai;System Helper;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ffzuu;System Microsoft;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 fjkjmwx;Helper Network;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 fpncgjkiq;Security Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 grong;System Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 gsfedw;Microsoft Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 1:06 PM 136176]
S2 gxkpwzp;Universal Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hfirf;Support Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hhxrm;Manager Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hmhlgtk;Driver Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hrftosijt;Manager Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hsbhs;Universal Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hsfodm;jpebjt;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hsspzq;Image Server;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 imzhukzhz;Manager Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 innixl;Windows Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ismjudze;Time Universal;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ixjesec;System Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 iycza;Monitor Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 iytblzsjn;Installer Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 jaqufojx;mazdheqck;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 jkxdbfzis;Image Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 jovkp;Manager Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 jwjonterq;Server Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 kiiesvr;System Server;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 lidogglln;Helper Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 lipibuolo;Helper Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ljpmwnfzz;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 mbhubw;Driver Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 mfecwn;Windows Server;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 mhdjgtix;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 mnlbbjgog;Driver Support;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 mrwllb;Manager Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 muxbe;Windows Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 myjyj;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 nagedhk;Task Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 nktloxkzd;Support Network;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ntasi;Manager Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 nxwcnqg;Server Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ofbggkil;Image Universal;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 oipdzrogl;Installer Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 pghobflif;Server Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 piyut;Task Monitor;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 pmdxpd;Boot Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 pqrlid;Support Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 pzzyuwml;unabozkt;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 qhasev;Shell Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 qqkdcn;Installer Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 rbcelebq;Time Microsoft;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 rivcvty;Server Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 rpualhl;svuuanah;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 rssgvpi;Helper Universal;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 rucpbg;Installer Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 sdnxpm;Universal Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 spnmscrhr;Windows Manager;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 sqaeozwkt;Update Config;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 stbma;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 sxflfh;Task Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 taudvf;Helper Config;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 tfbmc;Windows System;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 tthvyml;Monitor Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 uaovmohe;Microsoft Helper;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ugukhzxnw;Monitor Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 umozsiftj;Config Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 uryvl;Windows Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 uwdjtd;Shell Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 velubewc;Time Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 vewdcy;Installer Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 vfxsp;Center Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 vygff;Monitor Manager;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 wjkoudb;Windows Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 wlbtuyh;Universal Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 wstyjhtb;Monitor Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 xjtvpmag;xeefkr;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 xrmfmadzm;Image Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 xrzbvle;Shell Helper;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ybfzp;Boot Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S3 aloyzoyb;aloyzoyb;\??\c:\windows\System32\Drivers\aloyzoyb.sys --> c:\windows\System32\Drivers\aloyzoyb.sys [?]
S3 cnvzydgo;cnvzydgo;\??\c:\windows\System32\Drivers\cnvzydgo.sys --> c:\windows\System32\Drivers\cnvzydgo.sys [?]
S3 dnazsgqk;dnazsgqk;\??\c:\windows\System32\Drivers\dnazsgqk.sys --> c:\windows\System32\Drivers\dnazsgqk.sys [?]
S3 dxlacqsj;dxlacqsj;\??\c:\windows\System32\Drivers\dxlacqsj.sys --> c:\windows\System32\Drivers\dxlacqsj.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Faiz\LOCALS~1\Temp\NTM131.tmp --> c:\docume~1\Faiz\LOCALS~1\Temp\NTM131.tmp [?]
S3 gbmyybvk;gbmyybvk;\??\c:\windows\System32\Drivers\gbmyybvk.sys --> c:\windows\System32\Drivers\gbmyybvk.sys [?]
S3 ghyhcohp;ghyhcohp;\??\c:\windows\System32\Drivers\ghyhcohp.sys --> c:\windows\System32\Drivers\ghyhcohp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 1:06 PM 136176]
S3 imhvbusi;imhvbusi;\??\c:\windows\System32\Drivers\imhvbusi.sys --> c:\windows\System32\Drivers\imhvbusi.sys [?]
S3 jndcqkaw;jndcqkaw;\??\c:\windows\System32\Drivers\jndcqkaw.sys --> c:\windows\System32\Drivers\jndcqkaw.sys [?]
S3 kqfkwesd;kqfkwesd;\??\c:\windows\System32\Drivers\kqfkwesd.sys --> c:\windows\System32\Drivers\kqfkwesd.sys [?]
S3 lbkqyoli;lbkqyoli;\??\c:\windows\System32\Drivers\lbkqyoli.sys --> c:\windows\System32\Drivers\lbkqyoli.sys [?]
S3 lgflgpzm;lgflgpzm;\??\c:\windows\System32\Drivers\lgflgpzm.sys --> c:\windows\System32\Drivers\lgflgpzm.sys [?]
S3 lljpsuer;lljpsuer;\??\c:\windows\System32\Drivers\lljpsuer.sys --> c:\windows\System32\Drivers\lljpsuer.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [6/21/2010 6:21 PM 36928]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [11/21/2008 12:35 AM 25773]
S3 rhtwjlea;rhtwjlea;\??\c:\windows\System32\Drivers\rhtwjlea.sys --> c:\windows\System32\Drivers\rhtwjlea.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 rshtnigq;rshtnigq;\??\c:\windows\System32\Drivers\rshtnigq.sys --> c:\windows\System32\Drivers\rshtnigq.sys [?]
S3 saiuwait;saiuwait;\??\c:\windows\System32\Drivers\saiuwait.sys --> c:\windows\System32\Drivers\saiuwait.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S3 vhovhsyv;vhovhsyv;\??\c:\windows\System32\Drivers\vhovhsyv.sys --> c:\windows\System32\Drivers\vhovhsyv.sys [?]
S3 yzsfwiip;yzsfwiip;\??\c:\windows\System32\Drivers\yzsfwiip.sys --> c:\windows\System32\Drivers\yzsfwiip.sys [?]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [10/30/2007 11:52 PM 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [10/30/2007 11:52 PM 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [10/30/2007 11:52 PM 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [10/30/2007 11:52 PM 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [10/30/2007 11:52 PM 83344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
xrzbvle
jaqufojx
wlbtuyh
hfirf
ybfzp
ofbggkil
qhasev
djdksiz
stbma
rssgvpi
ntasi
cjmjdqdo
imzhukzhz
apgzh
rpualhl
ismjudze
ixjesec
czhpyfqfs
spnmscrhr
myjyj
lidogglln
eolzefyel
efjoib
pghobflif
rbcelebq
ffzuu
umozsiftj
aqmqxgm
vygff
sqaeozwkt
iytblzsjn
mfecwn
vfxsp
kiiesvr
fpncgjkiq
velubewc
mrwllb
tfbmc
taudvf
hsbhs
nagedhk
sdnxpm
ddobuxq
mnlbbjgog
oipdzrogl
hsfodm
esnviwrai
hmhlgtk
rivcvty
ugukhzxnw
pqrlid
cgfogr
tthvyml
hsspzq
sxflfh
nktloxkzd
btyitjlh
iycza
gsfedw
pzzyuwml
cyzyfya
xrmfmadzm
xjtvpmag
fjkjmwx
innixl
agsxi
cialjis
bllikl
hrftosijt
muxbe
wstyjhtb
mbhubw
eigwj
mhdjgtix
hhxrm
wjkoudb
ljpmwnfzz
jovkp
uwdjtd
awtyngkb
uryvl
uaovmohe
gxkpwzp
pmdxpd
blbwjxl
nxwcnqg
rucpbg
efftf
jkxdbfzis
vewdcy
lipibuolo
qqkdcn
piyut
aifytgniv
jwjonterq
grong
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2010-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 07:36]
.
2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 07:36]
.
2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1450960922-725345543-1003Core.job
- c:\documents and settings\Faiz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 18:18]
.
2010-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1450960922-725345543-1003UA.job
- c:\documents and settings\Faiz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 18:18]
.
2010-07-06 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-06-26 13:30]
.
2010-10-13 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2007-06-27 14:58]
.
2011-05-15 c:\windows\Tasks\User_Feed_Synchronization-{D45CE396-5449-4D5D-95C6-92434BEDCA1A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:01]
.
2010-10-31 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-26 13:29]
.
2010-09-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-26 13:29]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
TCP: {24DCF250-8DD5-406B-AAC0-497FB10EA533} = 203.115.71.66 203.115.81.38
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\Faiz\Application Data\Mozilla\Firefox\Profiles\97mxx2t5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=wbst&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: OpenXMLViewer: OpenXMLViewer@Codeplex.com - %profile%\extensions\OpenXMLViewer@Codeplex.com
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\Faiz\Application Data\IDM\idmmzcc3
FF - user.js: general.useragent.extra.zencast - );user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-IntelDataMgr - c:\windows\system32\igfxtd32.exe
HKLM-Run-IntelDataManager - c:\windows\system32\igfxdm32.exe
SafeBoot-bjxueqoj.sys
SafeBoot-aawservice
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-15 23:49
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Faiz\LOCALS~1\Temp\NTM131.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\agsxi]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aifytgniv]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\apgzh]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aqmqxgm]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\awtyngkb]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\blbwjxl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bllikl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cgfogr]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cialjis]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cjmjdqdo]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cyzyfya]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\czhpyfqfs]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ddobuxq]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\djdksiz]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\efftf]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\efjoib]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eigwj]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eolzefyel]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\esnviwrai]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ffzuu]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\fjkjmwx]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\fpncgjkiq]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\grong]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gsfedw]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gxkpwzp]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hfirf]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hhxrm]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hmhlgtk]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hrftosijt]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hsbhs]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hsfodm]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hsspzq]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\imzhukzhz]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\innixl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ismjudze]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ixjesec]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iycza]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iytblzsjn]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jaqufojx]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jkxdbfzis]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jovkp]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jwjonterq]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kiiesvr]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lidogglln]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lipibuolo]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ljpmwnfzz]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mbhubw]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mfecwn]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mhdjgtix]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnlbbjgog]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mrwllb]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\muxbe]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\myjyj]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nagedhk]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nktloxkzd]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ntasi]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nxwcnqg]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ofbggkil]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\oipdzrogl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pghobflif]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\piyut]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pmdxpd]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pqrlid]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pzzyuwml]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\qhasev]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\qqkdcn]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rbcelebq]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rivcvty]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rpualhl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rssgvpi]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rucpbg]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sdnxpm]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\spnmscrhr]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sqaeozwkt]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\stbma]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sxflfh]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\taudvf]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\tfbmc]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\tthvyml]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\uaovmohe]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ugukhzxnw]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\umozsiftj]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\uryvl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\uwdjtd]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\velubewc]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vewdcy]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vfxsp]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vygff]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wjkoudb]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wlbtuyh]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wstyjhtb]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xjtvpmag]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xrmfmadzm]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xrzbvle]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ybfzp]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97DDDEE0-D344-627D-B413-AD212C9E32EA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E926004A-D040-0207-2B3B-F738CA62248C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fe,25,12,d3,ce,54,19,af,bd,f6,80,0d,61,a2,49,74,d4,cc,b4,2e,e3,10,94,
6d,8f,2b,59,31,8c,35,93,4c,e8,6d,2d,03,5e,b1,24,41,4a,f6,fb,32,9d,8b,e0,82,\
"??"=hex:0f,96,5a,b6,9c,27,42,72,4b,ae,2d,69,7c,1d,1c,2a
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:1f,ed,b7,1f,32,cd,9d,bd,a5,2f,ac,86,e3,e3,e9,4a,55,fd,b7,23,bf,
f4,bc,c3,25,2d,e2,4b,db,d5,56,20,01,c4,93,dc,45,78,05,84,a4,93,f3,06,56,a4,\
"rkeysecu"=hex:fc,18,cc,07,03,f7,94,c0,e2,80,cb,e7,4b,e8,e1,fb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c3,a4,f7,b1,89,cf,ad,a2,9b,7d,d9,9a,d8,4c,7e,d6,0b,5b,5a,ec,92,
df,31,f9,bb,04,72,a5,7a,0d,92,d2,dc,83,74,ae,8c,bf,ba,1f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):54,37,7c,dd,77,93,ad,54,19,2a,6e,31,24,ea,f1,2a,80,7e,b5,75,c3,
6b,cf,38,38,f4,78,2a,bc,e3,41,20,c0,a9,d8,fa,3d,1b,3a,46,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ae2345f2-230c-4bb8-bdc8-5aef1cb41404}]
@Denied: (Full) (Everyone)
"Model"=dword:00000064
"Therad"=dword:00000013
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b90d530c-906e-4baa-9fd4-7adc0fc63088}]
@Denied: (Full) (Everyone)
"Model"=dword:00000143
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="7BBBD570AEA5626CE0052DEFCA9BE840BA522422E6CF4DCAD1D9EE56C6EB3042B63F114C6A31814262C8309D5336C17998A5C6B98E321D732347A0F11CDD49E4D8C2A38F9863BD10F7CBF20444D837B8CC3AD09DCE538BA4AC9EE6D57B82CD303869C92C0B6047EE7DA35D8C866B34DDD834F6CEC67E60A7AFB3E43DD7A404787C5733B2AB12FDD99EE4CB41971858AD8C39E2EF25BB96AAC6DF300437D0E1F1A13700DAF228F830DDAB0F53844FF44F907730CC31DD5F3DDBFE53ADB45795B779374AFD711480359015E995F44290515E9C7050C3F89CD6AFF24B5FFC4E8049AA079B9DCA8B918FE1C494019F6AE5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794A2D97226D213B5550B220AF5F08153778C160D74805BBE97B4948327D68176084DE526BC59EFFB6C072F5FE2433569AA1A107F208D32AE2D788506046C2AE58091A974A0D826ACA8A3B7395AA69F15E51FE321013608A22F9985E13EAB95D985CF10AFD237E0DFA2B458E11F725CA5E21B35AC064B0F290DE15BE293FB27446A3921537C175B87A6F5822768221A2D877078DF13BF0A96EEFBA159346A5A572F6440DFBBBE645835857A5B61D49C827368770081AD5181AE79C89745A9BA8C8D4A9F5BA2975DCB0265D7D2294CBBBEF6AB50509BCDD1445A4D9076600C6A20EFC7C64DB82F3D1E75FB89E752F0E041184CF49E23818A7E36D192D1918C9E91772012C2F5390ED12E94CEF7644B8DAA103BAAB74A4D9215B6413908DA469F2474F5B04C49096DAAFA5CBC655A0D54E1CD520BED3BD80FAB093E41FCB0FBCC6271D3A7FD951B8E3361663B9422085B11F1CB06198F6FBD3188CBBE1A7C911517A9A7CC712F8A3738182A897021B1DEA6D0475A945881EE514A5319489A107FD18B434EC2E01CC14A8E0036E62C272E55F5C79EBC9A22078293208AF95C24A468BA5AA99269B21C3FE1A727E78EA6AC911DB43EF54E0BFC79DFE2A0A0871E32F00F883486F95B4A2F69C2156A87925196B9D9F4A5DC965E32DC30BF345474E74914C81546384260F82B588C674BF1A662EF66D6B7A9454CECEC809FB1F0C01D91897E477DBF3989BBE652ECDC7F6F4D37196DC71A86B9782A26AFC818FCBCBAAC62ED9CDF1DB5045E0A006E4CC0DAF79A4367013FBCBDAD3455FE1A6A8DCB3DC3C540379ED253A2893B9216BB1C276ED7302E921F083C4713769348B0AB71354290840F75D54F4AA9D2A143B395698B7BD4835D331745B4983D73D777D5574A59D1AAF09E928A76F05BA6A5C3A35E3D595B88957A8F0EFAD6110C264C7B4B33FB4D88FA5B650D3553977F427C32E40A8721C5C6F689EBB2248A2FDFC5823CBF63F9D7A271217E298BFAEF"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1160)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1216)
c:\windows\system32\idmmbc.dll
.
Completion time: 2011-05-15 23:56:09
ComboFix-quarantined-files.txt 2011-05-15 18:26
.
Pre-Run: 1,712,709,632 bytes free
Post-Run: 2,106,159,104 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=9PLHMX /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=9PLHMX-BAK
.
- - End Of File - - D18E5245629263CDA9324F1733861F2D



Heres a fresh HJTlog:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:17 AM, on 5/16/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxds32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TP-LINK\COMMON\RaRegistry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Faiz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Faiz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Faiz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Faiz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelDataScheduler] C:\WINDOWS\system32\igfxds32.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238095774140
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24DCF250-8DD5-406B-AAC0-497FB10EA533}: NameServer = 203.115.71.66 203.115.81.38
O17 - HKLM\System\CS2\Services\Tcpip\..\{24DCF250-8DD5-406B-AAC0-497FB10EA533}: NameServer = 203.115.71.66 203.115.81.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\TP-LINK\COMMON\RaRegistry.exe

--
End of file - 8331 bytes

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 PM

Posted 15 May 2011 - 01:58 PM

Please update XP first, and afterwards run the CFScript. Let me know how everything is running afterwards.

UPDATE XP
--------------
Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.[/color]


CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7903:TCP"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 funky_beats06

funky_beats06
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 19 May 2011 - 03:10 PM

I updated Windows and ran Combofix as directed.
Also i have seen that when the pagefile size keeps on increasing and it reaches around 2 gb, and then when i end the process explorer.exe from the task manager, the pagefile size drops down to the normal range, that is around 400 mb. Just thought if that might be of help :)
Also i ran superantispyware and malwarebytes which removed some of the trojans.
But i still get some alerts from my antivirus,saying that a particular file has been infected and it needs to be removed...

Heres the Combofix log:

ComboFix 11-05-09.02 - Faiz 05/19/2011 1:11.23.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.359 [GMT 5.5:30]
Running from: c:\documents and settings\Faiz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Faiz\Desktop\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Faiz\Application Data\Setup.exe
C:\readme.txt
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))
.
.
2011-05-18 19:38 . 2011-05-18 19:40 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-05-15 18:09 . 2011-05-15 18:09 -------- d-----w- c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Pan20.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-08-03 19:26 69120 -csh--r- c:\windows\NOTEPAD.EXE
2010-11-01 06:34 326144 --sh--w- c:\windows\system32\igfxds32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 09:34 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 09:34 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelDataScheduler"="c:\windows\system32\igfxds32.exe" [2010-11-01 326144]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-03 10:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qhjidcfu.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 19:26 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 11:37 61952 ----a-w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 04:17 163840 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 04:17 131072 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 09:23 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"f:\\games\\MIDTOWN MADNESS\\midtown.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"e:\\Counter Strike\\czero.exe"=
"e:\\Counter Strike\\hlds.exe"=
"e:\\Counter Strike\\hltv.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\rundll32.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Tally\\tally72.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft XNA\\XNA Game Studio\\v3.1\\Tools\\AudConsole3.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\XNA\\XnaTrans\\v3.0\\XnaTransX.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_16\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_16\\jre\\bin\\java.exe"=
"c:\\Program Files\\XLink Kai\\kaiEngine.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TP-LINK\\COMMON\\ApUI.exe"=
"c:\\Program Files\\Nimbuzz\\Nimbuzz.exe"=
"c:\\WINDOWS\\system32\\igfxdmv32.exe"=
"e:\\3dsmax.exe"=
"e:\\monitor.exe"=
"e:\\manager.exe"=
"e:\\server.exe"=
"e:\\CS 1.6 HD\\Counter Strike 1.6 HD NonSteam\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\igfxds32.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 qhjidcfu;qhjidcfu;c:\windows\system32\Drivers\qhjidcfu.sys --> c:\windows\system32\Drivers\qhjidcfu.sys [?]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/11/2007 11:47 AM 685816]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 74480]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [8/1/2010 8:59 PM 19072]
R3 ip100xp;TP-LINK TF-3200 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [6/18/2010 11:34 PM 26752]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [5/11/2007 12:12 AM 29184]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/3/2002 12:09 AM 31504]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 agsxi;Driver Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 aifytgniv;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 apgzh;Monitor Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 aqmqxgm;Monitor Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 awtyngkb;Support Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 blbwjxl;pxzkgza;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 bllikl;ohisp;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 btyitjlh;Boot Helper;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 cgfogr;rldwbzo;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 cialjis;Network Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 cjmjdqdo;Manager Time;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 cyzyfya;Security Helper;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 czhpyfqfs;Manager Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ddobuxq;Update Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 djdksiz;Driver Microsoft;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 efftf;Helper Microsoft;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 efjoib;Helper Monitor;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 eigwj;Boot Config;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 eolzefyel;Universal Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 esnviwrai;System Helper;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ffzuu;System Microsoft;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 fjkjmwx;Helper Network;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 fpncgjkiq;Security Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 grong;System Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 gsfedw;Microsoft Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 1:06 PM 136176]
S2 gxkpwzp;Universal Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hfirf;Support Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hhxrm;Manager Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hmhlgtk;Driver Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hrftosijt;Manager Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hsbhs;Universal Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hsfodm;jpebjt;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 hsspzq;Image Server;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 imzhukzhz;Manager Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 innixl;Windows Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ismjudze;Time Universal;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ixjesec;System Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 iycza;Monitor Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 iytblzsjn;Installer Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 jaqufojx;mazdheqck;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 jkxdbfzis;Image Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 jovkp;Manager Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 jwjonterq;Server Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 kiiesvr;System Server;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 lidogglln;Helper Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 lipibuolo;Helper Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ljpmwnfzz;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 mbhubw;Driver Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 mfecwn;Windows Server;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 mhdjgtix;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 mnlbbjgog;Driver Support;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 mrwllb;Manager Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 muxbe;Windows Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 myjyj;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 nagedhk;Task Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 1:47 PM 136448]
S2 nktloxkzd;Support Network;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ntasi;Manager Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 nxwcnqg;Server Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ofbggkil;Image Universal;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 oipdzrogl;Installer Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 pghobflif;Server Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 piyut;Task Monitor;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 pmdxpd;Boot Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 pqrlid;Support Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 pzzyuwml;unabozkt;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 qhasev;Shell Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 qqkdcn;Installer Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 rbcelebq;Time Microsoft;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 rivcvty;Server Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 rpualhl;svuuanah;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 rssgvpi;Helper Universal;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 rucpbg;Installer Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 sdnxpm;Universal Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 spnmscrhr;Windows Manager;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 sqaeozwkt;Update Config;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 stbma;Image Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 sxflfh;Task Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 taudvf;Helper Config;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 tfbmc;Windows System;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 tthvyml;Monitor Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 uaovmohe;Microsoft Helper;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ugukhzxnw;Monitor Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 umozsiftj;Config Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 uryvl;Windows Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 uwdjtd;Shell Image;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 velubewc;Time Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 vewdcy;Installer Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 vfxsp;Center Windows;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 vygff;Monitor Manager;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 wjkoudb;Windows Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 wlbtuyh;Universal Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 wstyjhtb;Monitor Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 xjtvpmag;xeefkr;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 xrmfmadzm;Image Boot;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 xrzbvle;Shell Helper;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S2 ybfzp;Boot Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S3 aloyzoyb;aloyzoyb;\??\c:\windows\System32\Drivers\aloyzoyb.sys --> c:\windows\System32\Drivers\aloyzoyb.sys [?]
S3 cnvzydgo;cnvzydgo;\??\c:\windows\System32\Drivers\cnvzydgo.sys --> c:\windows\System32\Drivers\cnvzydgo.sys [?]
S3 dnazsgqk;dnazsgqk;\??\c:\windows\System32\Drivers\dnazsgqk.sys --> c:\windows\System32\Drivers\dnazsgqk.sys [?]
S3 dxlacqsj;dxlacqsj;\??\c:\windows\System32\Drivers\dxlacqsj.sys --> c:\windows\System32\Drivers\dxlacqsj.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Faiz\LOCALS~1\Temp\NTM131.tmp --> c:\docume~1\Faiz\LOCALS~1\Temp\NTM131.tmp [?]
S3 gbmyybvk;gbmyybvk;\??\c:\windows\System32\Drivers\gbmyybvk.sys --> c:\windows\System32\Drivers\gbmyybvk.sys [?]
S3 ghyhcohp;ghyhcohp;\??\c:\windows\System32\Drivers\ghyhcohp.sys --> c:\windows\System32\Drivers\ghyhcohp.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 1:06 PM 136176]
S3 imhvbusi;imhvbusi;\??\c:\windows\System32\Drivers\imhvbusi.sys --> c:\windows\System32\Drivers\imhvbusi.sys [?]
S3 jndcqkaw;jndcqkaw;\??\c:\windows\System32\Drivers\jndcqkaw.sys --> c:\windows\System32\Drivers\jndcqkaw.sys [?]
S3 kqfkwesd;kqfkwesd;\??\c:\windows\System32\Drivers\kqfkwesd.sys --> c:\windows\System32\Drivers\kqfkwesd.sys [?]
S3 lbkqyoli;lbkqyoli;\??\c:\windows\System32\Drivers\lbkqyoli.sys --> c:\windows\System32\Drivers\lbkqyoli.sys [?]
S3 lgflgpzm;lgflgpzm;\??\c:\windows\System32\Drivers\lgflgpzm.sys --> c:\windows\System32\Drivers\lgflgpzm.sys [?]
S3 lljpsuer;lljpsuer;\??\c:\windows\System32\Drivers\lljpsuer.sys --> c:\windows\System32\Drivers\lljpsuer.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [6/21/2010 6:21 PM 36928]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [11/21/2008 12:35 AM 25773]
S3 rhtwjlea;rhtwjlea;\??\c:\windows\System32\Drivers\rhtwjlea.sys --> c:\windows\System32\Drivers\rhtwjlea.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 rshtnigq;rshtnigq;\??\c:\windows\System32\Drivers\rshtnigq.sys --> c:\windows\System32\Drivers\rshtnigq.sys [?]
S3 saiuwait;saiuwait;\??\c:\windows\System32\Drivers\saiuwait.sys --> c:\windows\System32\Drivers\saiuwait.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S3 vhovhsyv;vhovhsyv;\??\c:\windows\System32\Drivers\vhovhsyv.sys --> c:\windows\System32\Drivers\vhovhsyv.sys [?]
S3 yzsfwiip;yzsfwiip;\??\c:\windows\System32\Drivers\yzsfwiip.sys --> c:\windows\System32\Drivers\yzsfwiip.sys [?]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [10/30/2007 11:52 PM 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [10/30/2007 11:52 PM 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [10/30/2007 11:52 PM 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [10/30/2007 11:52 PM 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [10/30/2007 11:52 PM 83344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
xrzbvle
jaqufojx
wlbtuyh
hfirf
ybfzp
ofbggkil
qhasev
djdksiz
stbma
rssgvpi
ntasi
cjmjdqdo
imzhukzhz
apgzh
rpualhl
ismjudze
ixjesec
czhpyfqfs
spnmscrhr
myjyj
lidogglln
eolzefyel
efjoib
pghobflif
rbcelebq
ffzuu
umozsiftj
aqmqxgm
vygff
sqaeozwkt
iytblzsjn
mfecwn
vfxsp
kiiesvr
fpncgjkiq
velubewc
mrwllb
tfbmc
taudvf
hsbhs
nagedhk
sdnxpm
ddobuxq
mnlbbjgog
oipdzrogl
hsfodm
esnviwrai
hmhlgtk
rivcvty
ugukhzxnw
pqrlid
cgfogr
tthvyml
hsspzq
sxflfh
nktloxkzd
btyitjlh
iycza
gsfedw
pzzyuwml
cyzyfya
xrmfmadzm
xjtvpmag
fjkjmwx
innixl
agsxi
cialjis
bllikl
hrftosijt
muxbe
wstyjhtb
mbhubw
eigwj
mhdjgtix
hhxrm
wjkoudb
ljpmwnfzz
jovkp
uwdjtd
awtyngkb
uryvl
uaovmohe
gxkpwzp
pmdxpd
blbwjxl
nxwcnqg
rucpbg
efftf
jkxdbfzis
vewdcy
lipibuolo
qqkdcn
piyut
aifytgniv
jwjonterq
grong
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-24 07:08]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 07:36]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 07:36]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1450960922-725345543-1003Core.job
- c:\documents and settings\Faiz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 18:18]
.
2011-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1450960922-725345543-1003UA.job
- c:\documents and settings\Faiz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-20 18:18]
.
2010-07-06 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-06-26 13:30]
.
2010-10-13 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2007-06-27 14:58]
.
2011-05-18 c:\windows\Tasks\User_Feed_Synchronization-{D45CE396-5449-4D5D-95C6-92434BEDCA1A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:01]
.
2010-10-31 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-26 13:29]
.
2010-09-28 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-06-26 13:29]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\idmmbc.dll
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\Faiz\Application Data\Mozilla\Firefox\Profiles\97mxx2t5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=wbst&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 2\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: OpenXMLViewer: OpenXMLViewer@Codeplex.com - %profile%\extensions\OpenXMLViewer@Codeplex.com
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\Faiz\Application Data\IDM\idmmzcc3
FF - user.js: general.useragent.extra.zencast - );user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-19 01:14
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Faiz\LOCALS~1\Temp\NTM131.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\agsxi]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aifytgniv]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\apgzh]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aqmqxgm]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\awtyngkb]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\blbwjxl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bllikl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cgfogr]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cialjis]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cjmjdqdo]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cyzyfya]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\czhpyfqfs]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ddobuxq]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\djdksiz]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\efftf]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\efjoib]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eigwj]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eolzefyel]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\esnviwrai]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ffzuu]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\fjkjmwx]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\fpncgjkiq]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\grong]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gsfedw]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gxkpwzp]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hfirf]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hhxrm]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hmhlgtk]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hrftosijt]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hsbhs]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hsfodm]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hsspzq]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\imzhukzhz]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\innixl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ismjudze]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ixjesec]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iycza]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iytblzsjn]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jaqufojx]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jkxdbfzis]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jovkp]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\jwjonterq]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kiiesvr]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lidogglln]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lipibuolo]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ljpmwnfzz]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mbhubw]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mfecwn]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mhdjgtix]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnlbbjgog]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mrwllb]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\muxbe]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\myjyj]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nagedhk]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nktloxkzd]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ntasi]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nxwcnqg]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ofbggkil]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\oipdzrogl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pghobflif]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\piyut]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pmdxpd]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pqrlid]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pzzyuwml]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\qhasev]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\qqkdcn]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rbcelebq]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rivcvty]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rpualhl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rssgvpi]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rucpbg]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sdnxpm]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\spnmscrhr]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sqaeozwkt]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\stbma]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sxflfh]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\taudvf]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\tfbmc]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\tthvyml]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\uaovmohe]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ugukhzxnw]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\umozsiftj]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\uryvl]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\uwdjtd]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\velubewc]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vewdcy]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vfxsp]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vygff]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wjkoudb]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wlbtuyh]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wstyjhtb]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xjtvpmag]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xrmfmadzm]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xrzbvle]
"ServiceDll"="c:\windows\system32\elhogj.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ybfzp]
"ServiceDll"="c:\windows\system32\elhogj.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{97DDDEE0-D344-627D-B413-AD212C9E32EA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E926004A-D040-0207-2B3B-F738CA62248C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fe,25,12,d3,ce,54,19,af,bd,f6,80,0d,61,a2,49,74,d4,cc,b4,2e,e3,10,94,
6d,8f,2b,59,31,8c,35,93,4c,e8,6d,2d,03,5e,b1,24,41,4a,f6,fb,32,9d,8b,e0,82,\
"??"=hex:0f,96,5a,b6,9c,27,42,72,4b,ae,2d,69,7c,1d,1c,2a
.
[HKEY_USERS\S-1-5-21-1275210071-1450960922-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:1f,ed,b7,1f,32,cd,9d,bd,a5,2f,ac,86,e3,e3,e9,4a,55,fd,b7,23,bf,
f4,bc,c3,25,2d,e2,4b,db,d5,56,20,01,c4,93,dc,45,78,05,84,a4,93,f3,06,56,a4,\
"rkeysecu"=hex:fc,18,cc,07,03,f7,94,c0,e2,80,cb,e7,4b,e8,e1,fb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c3,a4,f7,b1,89,cf,ad,a2,9b,7d,d9,9a,d8,4c,7e,d6,0b,5b,5a,ec,92,
df,31,f9,bb,04,72,a5,7a,0d,92,d2,dc,83,74,ae,8c,bf,ba,1f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):54,37,7c,dd,77,93,ad,54,19,2a,6e,31,24,ea,f1,2a,80,7e,b5,75,c3,
6b,cf,38,38,f4,78,2a,bc,e3,41,20,c0,a9,d8,fa,3d,1b,3a,46,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ae2345f2-230c-4bb8-bdc8-5aef1cb41404}]
@Denied: (Full) (Everyone)
"Model"=dword:00000064
"Therad"=dword:00000013
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b90d530c-906e-4baa-9fd4-7adc0fc63088}]
@Denied: (Full) (Everyone)
"Model"=dword:00000143
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="7BBBD570AEA5626CE0052DEFCA9BE840BA522422E6CF4DCAD1D9EE56C6EB3042B63F114C6A31814262C8309D5336C17998A5C6B98E321D732347A0F11CDD49E4D8C2A38F9863BD10F7CBF20444D837B8CC3AD09DCE538BA4AC9EE6D57B82CD303869C92C0B6047EE7DA35D8C866B34DDD834F6CEC67E60A7AFB3E43DD7A404787C5733B2AB12FDD99EE4CB41971858AD8C39E2EF25BB96AAC6DF300437D0E1F1A13700DAF228F830DDAB0F53844FF44F907730CC31DD5F3DDBFE53ADB45795B779374AFD711480359015E995F44290515E9C7050C3F89CD6AFF24B5FFC4E8049AA079B9DCA8B918FE1C494019F6AE5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555BA7FD869164D6794A2D97226D213B5550B220AF5F08153778C160D74805BBE97B4948327D68176084DE526BC59EFFB6C072F5FE2433569AA1A107F208D32AE2D788506046C2AE58091A974A0D826ACA8A3B7395AA69F15E51FE321013608A22F9985E13EAB95D985CF10AFD237E0DFA2B458E11F725CA5E21B35AC064B0F290DE15BE293FB27446A3921537C175B87A6F5822768221A2D877078DF13BF0A96EEFBA159346A5A572F6440DFBBBE645835857A5B61D49C827368770081AD5181AE79C89745A9BA8C8D4A9F5BA2975DCB0265D7D2294CBBBEF6AB50509BCDD1445A4D9076600C6A20EFC7C64DB82F3D1E75FB89E752F0E041184CF49E23818A7E36D192D1918C9E91772012C2F5390ED12E94CEF7644B8DAA103BAAB74A4D9215B6413908DA469F2474F5B04C49096DAAFA5CBC655A0D54E1CD520BED3BD80FAB093E41FCB0FBCC6271D3A7FD951B8E3361663B9422085B11F1CB06198F6FBD3188CBBE1A7C911517A9A7CC712F8A3738182A897021B1DEA6D0475A945881EE514A5319489A107FD18B434EC2E01CC14A8E0036E62C272E55F5C79EBC9A22078293208AF95C24A468BA5AA99269B21C3FE1A727E78EA6AC911DB43EF54E0BFC79DFE2A0A0871E32F00F883486F95B4A2F69C2156A87925196B9D9F4A5DC965E32DC30BF345474E74914C81546384260F82B588C674BF1A662EF66D6B7A9454CECEC809FB1F0C01D91897E477DBF3989BBE652ECDC7F6F4D37196DC71A86B9782A26AFC818FCBCBAAC62ED9CDF1DB5045E0A006E4CC0DAF79A4367013FBCBDAD3455FE1A6A8DCB3DC3C540379ED253A2893B9216BB1C276ED7302E921F083C4713769348B0AB71354290840F75D54F4AA9D2A143B395698B7BD4835D331745B4983D73D777D5574A59D1AAF09E928A76F05BA6A5C3A35E3D595B88957A8F0EFAD6110C264C7B4B33FB4D88FA5B650D3553977F427C32E40A8721C5C6F689EBB2248A2FDFC5823CBF63F9D7A271217E298BFAEF"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1156)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1212)
c:\windows\system32\idmmbc.dll
.
Completion time: 2011-05-19 01:20:45
ComboFix-quarantined-files.txt 2011-05-18 19:50
ComboFix2.txt 2011-05-15 18:26
.
Pre-Run: 3,064,684,544 bytes free
Post-Run: 3,049,353,216 bytes free
.
- - End Of File - - 3D0DDAD09296ECA70597B7ED1B69298C

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 PM

Posted 19 May 2011 - 03:19 PM

You didn't update to Service Pack 3, please install that first, then rerun Combofix (redownload it and do a simple run, without script) and post me the new log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:04 PM

Posted 20 May 2011 - 09:35 AM

Topic closed after PM conversation.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users