|
|
#1
22nd Apr 2009, 05:45
| |||
| |||
| Hey, I seem to have this virus detected by Avast. Avast keeps popping up with detection message every time I reboot and after randomly it seems. It is finding files in System32/drivers. But when I scan, it doesn't find it. I've tried scanning with other AV and spyware but no luck. I saw some removals on Google, but each site has different removal instructions or files to remove. Here is my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:43:58 AM, on 22/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\WINDOWS\Twain_32\Samsung\SCX4x28\Scan2pc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe C:\Documents and Settings\sundeep\sundeep.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhl.ca/ca/wfWebShipMain.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F3 - REG:win.ini: load= F3 - REG:win.ini: run= O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [4x28 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\SCX4x28\Scan2pc.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [sundeep] C:\Documents and Settings\sundeep\sundeep.exe /i O4 - HKCU\..\Run: [] C:\Documents and Settings\NetworkService\.exe /i O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Map Drive.bat O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Web Capture - C:\Program Files\SmarThru Office\WebCapture.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1192932319484 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192932290562 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: DHCP Client DhcpWebClient (DhcpWebClient) - Unknown owner - C:\WINDOWS\system32\advpacky.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MSInfo Framework Service (MSInfoFrv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\MSInfnd.exe (file missing) O23 - Service: Pervasive PSQL Workgroup Engine (psqlWGE) - Pervasive Software Inc. - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12458 bytes |
|
#2
22nd Apr 2009, 11:16
| |||
| |||
| Can you get the scans to run from this thread? http://www.computer-juice.com/forums...-posting-7476/ Post the 3 logs and a member of the malware team will assist in further instructions.
__________________  |
|
#3
23rd Apr 2009, 10:55
| |||
| |||
| Great, those scans found some stuff. SAS blue screened on my so ran MBAM after and it worked. After MBAM, I tried SAS again and it worked. Here are the logs: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/23/2009 at 12:40 PM Application Version : 4.26.1000 Core Rules Database Version : 3859 Trace Rules Database Version: 1811 Scan type : Complete Scan Total Scan Time : 00:45:57 Memory items scanned : 763 Memory threats detected : 0 Registry items scanned : 7847 Registry threats detected : 0 File items scanned : 23212 File threats detected : 28 Adware.Tracking Cookie C:\Documents and Settings\sundeep\Cookies\sundeep@secure.partyaccount[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@bizrate[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@247realmedia[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@pw[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@revsci[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@canadapost.112.2o7[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@specificclick[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@client[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@elong.122.2o7[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@insightexpressai[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@pc[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@traveladvertising[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@ads.adbrite[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@adopt.euroclick[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@tribalfusion[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@adbrite[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@iacas.adbureau[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@2o7[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@trvlnet.adbureau[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@click.highspeedbackbone[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@oasc11.247realmedia[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@partypoker[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@overture[1].txt C:\Documents and Settings\sundeep\Cookies\sundeep@umkxup22.unitedmedia[1].txt C:\Documents and Settings\sundeep\Local Settings\Temp\Cookies\sundeep@revsci[2].txt C:\Documents and Settings\sundeep\Local Settings\Temp\Cookies\sundeep@accounts[3].txt C:\Documents and Settings\sundeep\Local Settings\Temp\Cookies\sundeep@accounts[2].txt C:\Documents and Settings\sundeep\Cookies\sundeep@accounts[1].txt Malwarebytes' Anti-Malware 1.36 Database version: 2029 Windows 5.1.2600 Service Pack 3 23/04/2009 3:40:39 AM mbam-log-2009-04-23 (03-40-39).txt Scan type: Quick Scan Objects scanned: 78831 Time elapsed: 3 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 17 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digiwet.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\advpacky.exe (Trojan.Dropper) -> Delete on reboot. C:\Documents and Settings\sundeep\Local Settings\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BN61.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BN62.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BN98.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BNB0.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BNB3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BNB4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BNB5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BNBE.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BNC5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\sundeep\Local Settings\Temp\BNC6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\digiwet.dll (Trojan.Agent) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.36 Database version: 2029 Windows 5.1.2600 Service Pack 3 23/04/2009 6:13:18 AM mbam-log-2009-04-23 (06-13-18).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 180114 Time elapsed: 43 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{6159FBCE-FE83-4A49-87F8-5EFDECB8B25E}\RP578\A0146601.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{6159FBCE-FE83-4A49-87F8-5EFDECB8B25E}\RP580\A0146710.exe (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:49:55 PM, on 23/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\WINDOWS\Twain_32\Samsung\SCX4x28\Scan2pc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhl.ca/ca/wfWebShipMain.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F3 - REG:win.ini: load= F3 - REG:win.ini: run= O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [4x28 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\SCX4x28\Scan2pc.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [sundeep] C:\Documents and Settings\sundeep\sundeep.exe /i O4 - HKCU\..\Run: [] C:\Documents and Settings\NetworkService\.exe /i O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Map Drive.bat O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Web Capture - C:\Program Files\SmarThru Office\WebCapture.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1192932319484 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192932290562 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: DHCP Client DhcpWebClient (DhcpWebClient) - Unknown owner - C:\WINDOWS\system32\advpacky.exe (file missing) O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MSInfo Framework Service (MSInfoFrv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\MSInfnd.exe (file missing) O23 - Service: Pervasive PSQL Workgroup Engine (psqlWGE) - Pervasive Software Inc. - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12367 bytes |
|
#4
23rd Apr 2009, 11:34
| |||
| |||
| Disable Windows Defender We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
After all of the fixes are complete it is very important that you enable real-time protection again. ---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there)
Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Download Rooter.exe to your desktop * Double click Rooter.exe to start the tool.* A DOS window will appear and show the scan progress. * Once complete a notepad file containing the report will open. * Copy & paste the results in your next reply. * Close notepad and Rooter will close. A log will also save at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have Windows installed). ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix
__________________ |
|
#5
23rd Apr 2009, 14:54
| |||
| |||
| Hi here are the logs: Microsoft Windows XP Professional (5.1.2600) Service Pack 3 C:\ [Fixed] - NTFS - (Total:32310 Mo/Free:1946 Mo) D:\ [Fixed] - NTFS - (Total:61608 Mo/Free:2536 Mo) E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) S:\ [Network] (Total:275268 Mo/Free:292 Mo) 23/04/2009|17:25 ----------------------\\ Processes.. --Locked-- [System Process] ---------- System ---------- \SystemRoot\System32\smss.exe ---------- \??\C:\WINDOWS\system32\csrss.exe ---------- \??\C:\WINDOWS\system32\winlogon.exe ---------- C:\WINDOWS\system32\services.exe ---------- C:\WINDOWS\system32\lsass.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\Program Files\Windows Defender\MsMpEng.exe ---------- C:\WINDOWS\System32\svchost.exe ---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe ---------- C:\WINDOWS\system32\svchost.exe --Locked-- vsmon.exe ---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe ---------- C:\WINDOWS\system32\spoolsv.exe ---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe ---------- C:\WINDOWS\system32\cisvc.exe ---------- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe ---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe ---------- C:\Program Files\Hamachi\hamachi.exe ---------- C:\Program Files\Java\jre6\bin\jqs.exe ---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe ---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE ---------- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe ---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe ---------- C:\WINDOWS\system32\svchost.exe ---------- C:\WINDOWS\system32\tlntsvr.exe ---------- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe ---------- C:\WINDOWS\system32\SearchIndexer.exe ---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe ---------- C:\WINDOWS\system32\fxssvc.exe ---------- C:\WINDOWS\Explorer.EXE ---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe ---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ---------- C:\WINDOWS\System32\alg.exe ---------- C:\Program Files\Dell\QuickSet\Quickset.exe ---------- C:\WINDOWS\system32\hkcmd.exe ---------- C:\WINDOWS\system32\igfxpers.exe ---------- C:\WINDOWS\system32\igfxsrvc.exe ---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ---------- C:\WINDOWS\system32\wbem\wmiprvse.exe ---------- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ---------- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe --Locked-- zlclient.exe ---------- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ---------- C:\WINDOWS\Twain_32\Samsung\SCX4x28\Scan2pc.exe ---------- C:\Program Files\Java\jre6\bin\jusched.exe ---------- C:\WINDOWS\system32\ctfmon.exe ---------- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe ---------- C:\Program Files\Microsoft ActiveSync\wcescomm.exe ---------- C:\PROGRA~1\MI3AA1~1\rapimgr.exe ---------- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe ---------- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe ---------- C:\Program Files\Hamachi\hamachi.exe ---------- C:\Program Files\Windows Desktop Search\WindowsSearch.exe ---------- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe ---------- C:\WINDOWS\system32\cidaemon.exe ---------- C:\WINDOWS\system32\rundll32.exe ---------- C:\WINDOWS\system32\taskmgr.exe ---------- C:\Program Files\Mozilla Firefox\firefox.exe ---------- C:\WINDOWS\system32\cidaemon.exe ---------- C:\Program Files\uTorrent\utorrent.exe ---------- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE ---------- C:\WINDOWS\system32\wuauclt.exe ---------- C:\WINDOWS\system32\cmd.exe ---------- C:\WINDOWS\system32\SearchProtocolHost.exe ---------- C:\WINDOWS\system32\SearchFilterHost.exe ---------- C:\Rooter$\RK.exe ----------------------\\ Search.. ----------------------\\ ROOTKIT !! 1 - "C:\Rooter$\Rooter_1.txt" - 23/04/2009|17:26 ComboFix 09-04-23.A3 - sundeep 23/04/2009 17:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2038.1261 [GMT -4:00] Running from: c:\documents and settings\sundeep\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090423-0] *On-access scanning disabled* (Updated) FW: ZoneAlarm Firewall *enabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\sundeep\Application Data\inst.exe c:\windows\IE4 Error Log.txt c:\windows\napapye.dll c:\windows\system32\winsusrm.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DHCPWEBCLIENT -------\Legacy_MSINFOFRV -------\Service_DhcpWebClient -------\Service_MSInfoFrv ((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 ))))))))))))))))))))))))))))))) . 2009-04-23 21:25 . 2009-04-23 21:26 -------- d-----w C:\Rooter$ 2009-04-23 17:54 . 2009-04-23 17:54 -------- d-----w c:\windows\system32\KB905474 2009-04-23 17:54 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-04-23 17:54 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe 2009-04-23 17:54 . 2009-02-09 22:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\documents and settings\sundeep\Application Data\Malwarebytes 2009-04-23 07:12 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-23 07:12 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-23 07:11 . 2009-04-23 07:11 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-22 11:49 . 2009-04-22 12:33 -------- d-----w c:\program files\Exterminate It! 2009-04-22 05:19 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys 2009-04-22 05:19 . 2009-04-22 05:19 -------- d-----w c:\program files\Panda Security 2009-04-22 04:18 . 2009-04-22 04:18 93 ----a-w c:\windows\wininit.ini 2009-04-22 00:26 . 2009-04-22 00:36 32 --s-a-w c:\windows\system32\1416566482.dat 2009-04-15 23:43 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 23:43 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 23:43 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 23:43 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 23:43 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 23:43 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 23:43 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 23:43 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 23:43 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 23:42 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 23:42 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-15 23:42 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-02 15:28 . 2009-04-02 16:30 3 ----a-w c:\windows\Twain001.Mtx 2009-04-02 15:28 . 2009-04-02 15:30 156 ----a-w c:\windows\Twunk001.MTX 2009-04-02 15:28 . 2009-04-02 15:28 0 ----a-w c:\windows\Twunk002.MTX 2009-04-01 22:01 . 2009-04-01 22:05 -------- d-----w c:\documents and settings\sundeep\Local Settings\Application Data\S2PC 2009-04-01 22:00 . 2008-05-29 05:36 512000 ----a-w c:\windows\system32\ssmgr.cpl 2009-04-01 21:59 . 2007-11-15 06:09 41984 ------r c:\windows\system32\drivers\DgivEcpXP.sys 2009-04-01 21:59 . 2007-11-15 06:11 36864 ------r c:\windows\system32\SvcMan.exe 2009-04-01 21:59 . 2009-04-02 17:57 -------- d-----w c:\documents and settings\sundeep\Application Data\Samsung 2009-04-01 21:59 . 2009-04-02 13:25 -------- d--h--w c:\documents and settings\All Users\Application Data\catalog.wci 2009-04-01 21:58 . 2008-06-12 02:04 126976 ----a-w c:\windows\system32\STOFaxPort.dll 2009-04-01 21:55 . 2008-05-30 02:24 479232 ----a-w c:\windows\ssndii.exe 2009-04-01 21:55 . 2007-11-15 05:18 21776 ----a-w c:\windows\system32\msxml2a.dll 2009-04-01 21:55 . 2007-11-15 05:18 44544 ----a-w c:\windows\system32\msxml4a.dll 2009-04-01 21:54 . 2006-11-22 00:40 65536 ----a-w c:\windows\system32\smf428ci.dll 2009-04-01 21:54 . 2006-11-20 21:22 151552 ----a-w c:\windows\system32\smf428ci.exe 2009-04-01 21:52 . 2007-11-19 04:59 22723 ----a-w c:\windows\system32\sss2ml3.dll 2009-04-01 21:52 . 2007-11-19 04:57 151552 ----a-w c:\windows\system32\sss2mci.exe 2009-04-01 21:52 . 2007-11-19 04:57 65536 ----a-w c:\windows\system32\sss2mci.dll 2009-04-01 21:52 . 2007-11-16 03:25 11502 ------w c:\windows\Dr. Printer Icon.ico 2009-04-01 21:52 . 2007-11-15 06:11 172032 ------r c:\windows\system32\SecSNMP.dll 2009-04-01 21:52 . 2007-11-02 18:07 361 ----a-w c:\windows\system32\SSS2Ml3.SMT 2009-04-01 21:51 . 2007-11-15 05:26 110592 ----a-r c:\windows\WiaInst.exe 2009-04-01 21:51 . 2007-11-15 06:36 49152 ----a-w c:\windows\system32\Ssusbpn.dll 2009-04-01 21:51 . 2008-01-05 00:43 87040 ----a-w c:\windows\system32\WIASTIIO.dll 2009-04-01 21:51 . 2008-01-05 00:43 139776 ----a-w c:\windows\system32\WIAEH.dll 2009-04-01 21:51 . 2008-01-05 00:43 116736 ----a-w c:\windows\system32\WIAIPH.dll 2009-04-01 21:51 . 2008-01-05 00:43 265216 ----a-w c:\windows\system32\Sswiadrv.dll 2009-04-01 21:51 . 2008-01-05 00:43 138240 ----a-w c:\windows\system32\Ssuiext.dll 2009-04-01 21:51 . 2007-12-14 08:29 81920 ------r c:\windows\system32\ssdevm.dll 2009-04-01 21:51 . 2007-11-16 04:22 7409 ----a-w c:\windows\system32\WIAUISTR.loc 2009-04-01 21:50 . 2009-04-01 21:50 -------- d-----w c:\windows\system32\drivers\Samsung 2009-04-01 21:50 . 2007-11-16 03:26 41984 ------w c:\windows\system32\drivers\DGIVECP.SYS 2009-04-01 21:50 . 2009-04-01 21:50 -------- d-----w c:\program files\Samsung 2009-04-01 15:18 . 1998-01-21 22:15 66560 ----a-w c:\windows\system32\S2DTCONV.DLL 2009-04-01 15:18 . 1997-05-20 17:41 22016 ----a-w c:\windows\system32\sbtrvd32.dll 2009-04-01 15:10 . 2009-04-01 15:10 -------- d-----w c:\program files\Pervasive Software 2009-04-01 15:10 . 2009-04-01 15:10 -------- d-----w c:\documents and settings\All Users\Application Data\Pervasive Software 2009-04-01 14:30 . 2009-04-01 14:30 2664 ----a-w c:\windows\system32\config.pu_ 2009-03-28 02:41 . 2009-03-28 02:41 -------- d-----w c:\documents and settings\All Users\Application Data\ALM 2009-03-28 00:40 . 2009-03-28 00:40 -------- d-----w c:\documents and settings\sundeep\Application Data\Foxit 2009-03-26 15:40 . 2009-03-26 15:40 -------- d-----w c:\documents and settings\sundeep\Application Data\Winamp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-23 21:46 . 2007-05-07 23:43 -------- d-----w c:\documents and settings\sundeep\Application Data\Hamachi 2009-04-23 21:38 . 2007-05-12 19:49 -------- d-----w c:\documents and settings\sundeep\Application Data\uTorrent 2009-04-23 21:26 . 2009-04-23 21:26 4206 ----a-w C:\Rooter.txt 2009-04-23 16:27 . 2008-09-22 21:10 -------- d-----w c:\documents and settings\sundeep\Application Data\Skype 2009-04-23 07:32 . 2009-04-23 07:33 68608 ----a-w c:\windows\Internet Logs\xDB16.tmp 2009-04-23 07:12 . 2008-01-19 12:49 -------- d-----w c:\documents and settings\sundeep\Application Data\SUPERAntiSpyware.com 2009-04-22 15:11 . 2009-04-22 21:43 460288 ----a-w c:\windows\Internet Logs\xDB15.tmp 2009-04-22 15:10 . 2008-04-22 20:39 -------- d-----w c:\program files\mIRC 2009-04-22 05:44 . 2009-04-22 05:45 72192 ----a-w c:\windows\Internet Logs\xDB14.tmp 2009-04-22 03:54 . 2009-04-22 03:55 822784 ----a-w c:\windows\Internet Logs\xDB13.tmp 2009-04-22 03:47 . 2008-01-19 21:10 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-22 00:44 . 2007-05-04 22:08 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-22 00:43 . 2008-07-24 19:41 -------- d-----w c:\program files\Java 2009-04-22 00:36 . 2008-01-31 03:19 14100722 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-04-21 18:52 . 2007-09-11 05:06 -------- d-----w c:\documents and settings\sundeep\Application Data\FileZilla 2009-04-19 15:05 . 2007-05-05 04:00 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-17 20:37 . 2009-04-17 20:38 2722304 ----a-w c:\windows\Internet Logs\xDB12.tmp 2009-04-17 19:55 . 2008-08-22 19:31 -------- d-----w c:\program files\MK PowerTools 2009-04-06 16:53 . 2007-05-07 05:23 -------- d-----w c:\program files\Foxit Software 2009-04-03 21:33 . 2009-01-15 02:13 -------- d-----w c:\program files\SopCast 2009-04-03 21:33 . 2008-03-18 21:46 -------- d-----w c:\program files\VCD 2009-04-03 21:33 . 2007-05-08 00:25 -------- d-----w c:\program files\Winamp 2009-04-03 21:33 . 2008-10-04 16:20 -------- d-----w c:\program files\QuickTime 2009-04-03 21:33 . 2007-05-08 19:43 -------- d-----w c:\program files\PokerStars 2009-04-03 21:33 . 2007-05-10 23:06 -------- d-----w c:\program files\Poker Clock Pro 2009-04-03 21:33 . 2007-05-14 13:24 -------- d-----w c:\program files\DivX 2009-04-03 21:33 . 2007-05-05 16:54 -------- d-----w c:\program files\Google 2009-04-03 21:30 . 2007-09-03 03:00 -------- d-----w c:\program files\Microsoft ActiveSync 2009-04-03 03:52 . 2008-06-13 15:31 35594 ----a-w C:\dlci.log 2009-04-01 15:10 . 2008-04-08 00:03 -------- d-----w c:\program files\Common Files\Pervasive Software Shared 2009-03-27 21:54 . 2007-08-26 17:43 -------- d-----w c:\program files\Common Files\Adobe 2009-03-26 14:06 . 2008-01-21 21:20 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-03-11 18:54 . 2008-02-11 01:13 -------- d-----w c:\documents and settings\sundeep\Application Data\Vso 2009-03-10 08:56 . 2009-03-10 08:57 319488 ----a-w c:\windows\Internet Logs\xDB11.tmp 2009-03-09 09:19 . 2009-01-10 15:00 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-01 23:57 . 2008-08-07 21:53 -------- d-----w c:\documents and settings\sundeep\Application Data\Unyte 2009-03-01 12:05 . 2009-03-01 12:05 -------- d-----w c:\program files\uTorrent 2009-02-20 08:10 . 2004-08-04 12:00 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2004-08-04 12:00 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-16 04:10 . 2009-01-31 17:52 1221512 ----a-w c:\windows\system32\zpeng25.dll 2009-02-15 08:03 . 2009-02-15 14:27 2554368 ----a-w c:\windows\Internet Logs\xDB10.tmp 2009-02-15 08:03 . 2009-02-15 14:27 27648 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-02-14 02:18 . 2009-02-15 07:44 1043968 ----a-w c:\windows\Internet Logs\xDBE.tmp 2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:06 . 2004-08-04 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-05 19:33 . 2008-08-22 20:04 154 ----a-w C:\DSNSetup.txt 2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-24 02:34 . 2009-01-12 04:41 162816 ----a-w c:\windows\system32\fmod.dll 2009-01-15 19:14 . 2007-05-04 16:55 275680 ----a-w c:\documents and settings\sundeep\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-08-24 23:19 . 2008-08-24 23:17 200932511 ----a-w c:\documents and settings\All Users\SPL1.tmp 2008-08-24 23:00 . 2008-08-24 23:00 3710857 ----a-w c:\documents and settings\All Users\SPL138.tmp 2008-08-24 22:57 . 2008-08-24 22:57 41090953 ----a-w c:\documents and settings\All Users\SPL137.tmp 2008-07-23 18:26 . 2008-07-23 18:26 61224 ----a-w c:\documents and settings\sundeep\GoToAssistDownloadHelper.exe 2008-04-08 13:47 . 2008-04-08 13:47 630784 ----a-w c:\documents and settings\sundeep\GoToAssist_chat2way__317_en.exe 2008-04-08 13:01 . 2008-04-08 00:02 190 ----a-w c:\program files\Common Files\psasetup.log 2008-03-28 03:52 . 2008-02-11 01:13 47360 ----a-w c:\documents and settings\sundeep\Application Data\pcouffin.sys 2008-03-11 16:01 . 2008-03-11 16:01 56912 ----a-w c:\documents and settings\sundeep\g2mdlhlpx.exe 2007-12-07 07:29 . 2007-12-07 07:29 212712 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2007-11-21 03:25 . 2007-11-21 03:25 130 ----a-w c:\documents and settings\sundeep\Local Settings\Application Data\fusioncache.dat 2007-07-03 19:50 . 2007-07-03 19:50 0 ----a-w c:\program files\gditst 2008-12-11 20:2008-12-11 20:22 22:05 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2007-09-02 14:49 . 2007-09-02 14:49 24 --sh--w c:\windows\S5648DF7E.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-11 30192] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-07-31 536576] "4x28 Scan2PC"="c:\windows\Twain_32\Samsung\SCX4x28\Scan2pc.exe" [2008-09-29 495616] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\sundeep\Start Menu\Programs\Startup\ Map Drive.bat [2008-7-30 42] SyncBack.lnk - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-11-10 2936064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176] Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] Hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-5-7 625952] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 01000000 "NoRecentDocsNetHood"= 01000000 "NoSMMyDocs"= 01000000 "NoSMMyPictures"= 01000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "StartMenuLogOff"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli napapye.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Documents and Settings\\sundeep\\Application Data\\SopCast\\adv\\SopAdver.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\SCX4x28\\Sscan2io.exe"= "c:\\WINDOWS\\system32\\WgaTray.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\Program Files\\Dell\\QuickSet\\quickset.exe"= "c:\\WINDOWS\\system32\\hkcmd.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "c:\\WINDOWS\\system32\\igfxpers.exe"= "c:\\Program Files\\Windows Defender\\MSASCui.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\WINDOWS\\Samsung\\PanelMgr\\SSMMgr.exe"= "c:\\WINDOWS\\Twain_32\\Samsung\\SCX4x28\\Scan2pc.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ENABLE "c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ENABLE "c:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTStackServer.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\excelcnv.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\WINDOWS\\system32\\calc.exe"= "c:\\Program Files\\Foxit Software\\Foxit Reader\\Foxit Reader.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\SearchProtocolHost.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 SSPORT;SSPORT; [x] R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-11 30192] R3 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-01-18 10624] R3 qcmdmxp;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\DRIVERS\qcmdmxp.sys [2006-12-27 92800] R3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\DRIVERS\qcserxp.sys [2006-12-27 92800] R3 RkPavproc1;RkPavproc1; [x] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544] S1 aswSP;avast! Self Protection; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944] S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 20:51 13560] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [2008-08-19 625952] S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2008-06-06 435488] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##fcaserver#x] \Shell\Auto\command - Z:\MSInfnd.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##homesatveena#storage] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##WHSERVER#EXTERNAL] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN \Shell\configure\command - F:\SETUP.EXE \Shell\install\command - F:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{030b198d-ab92-11dc-9be8-0015c561167d}] \Shell\Auto\command - F:\MSInfnd.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c4afbd-f1f0-11dc-ac3b-0015c561167d}] \Shell\Auto\command - RavMon.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28d21ede-985f-11dd-ac8d-0015c561167d}] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77b77314-0098-11dc-9b92-0015c561167d}] \Shell\Auto\command - MSInfnd.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c012e78-2097-11dc-9bad-0015c561167d}] \Shell\AutoRun\command - wscript.exe VirusRemoval.vbs \Shell\open\Command - wscript.exe VirusRemoval.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe8e804-0b51-11dd-ac55-001302c24880}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-04-23 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2009-04-23 c:\windows\Tasks\SyncBack LAPTOPSUNDEEP Local.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-11-10 16:19] 2009-04-23 c:\windows\Tasks\SyncToy FCA Documents with Server.job - c:\program files\SyncToy 2.0\SyncToyCmd.exe [2008-08-12 19:07] 2009-04-23 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 02:18] . - - - - ORPHANS REMOVED - - - - HKCU-Run-SetDefaultMIDI - MIDIDef.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.dhl.ca/ca/wfWebShipMain.aspx uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Web Capture - c:\program files\SmarThru Office\WebCapture.dll Trusted Zone: neteller.com\www FF - ProfilePath - c:\documents and settings\sundeep\Application Data\Mozilla\Firefox\Profiles\lgylea2b.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.fcagroup.com/ FF - prefs.js: keyword.URL - about:neterror?e=query&u= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPunyte.dll . . ------- File Associations ------- . txtfile=c:\windows\NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-23 17:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL] @Denied: ) (Everyone) @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(992) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\netprovcredman.dll - - - - - - - > 'explorer.exe'(8108) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\btmmhook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\netprovcredman.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\tlntsvr.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\searchindexer.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\fxssvc.exe c:\windows\system32\igfxsrvc.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Completion time: 2009-04-23 17:51 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-23 21:51 ComboFix2.txt 2008-02-26 03:55 Pre-Run: 2,274,762,752 bytes free Post-Run: 2,184,888,320 bytes free Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4 430 --- E O F --- 2009-04-23 20:23 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:53:48 PM, on 23/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\WINDOWS\Twain_32\Samsung\SCX4x28\Scan2pc.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhl.ca/ca/wfWebShipMain.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [4x28 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\SCX4x28\Scan2pc.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Map Drive.bat O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Web Capture - C:\Program Files\SmarThru Office\WebCapture.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1192932319484 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192932290562 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pervasive PSQL Workgroup Engine (psqlWGE) - Pervasive Software Inc. - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11693 bytes |
|
#6
23rd Apr 2009, 15:22
| |||
| |||
| Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: KillAll::
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##fcaserver#x]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##homesatveena#storage]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##WHSERVER#EXTERNAL]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{030b198d-ab92-11dc-9be8-0015c561167d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c4afbd-f1f0-11dc-ac3b-0015c561167d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28d21ede-985f-11dd-ac8d-0015c561167d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77b77314-0098-11dc-9b92-0015c561167d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c012e78-2097-11dc-9bad-0015c561167d}]
4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!  ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Download the Norton Removal Tool (SymNRT) to your Desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart.
__________________ |
|
#7
23rd Apr 2009, 16:37
| |||
| |||
| Here is the combo fix log. But which Norton Removal Tool should I download?
ComboFix 09-04-23.A3 - sundeep 23/04/2009 19:02.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2038.1179 [GMT -4:00] Running from: c:\documents and settings\sundeep\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\sundeep\Desktop\cfscript.txt AV: avast! antivirus 4.8.1335 [VPS 090423-0] *On-access scanning disabled* (Updated) FW: ZoneAlarm Firewall *enabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-4-23 ))))))))))))))))))))))))))))))) . 2009-04-23 21:25 . 2009-04-23 21:26 -------- d-----w C:\Rooter$ 2009-04-23 17:54 . 2009-04-23 17:54 -------- d-----w c:\windows\system32\KB905474 2009-04-23 17:54 . 2009-03-11 02:26 1403264 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe 2009-04-23 17:54 . 2009-03-11 02:18 453512 ----a-w c:\windows\system32\KB905474\wgasetup.exe 2009-04-23 17:54 . 2009-02-09 22:51 12490 ----a-w c:\windows\system32\KB905474\wga_eula.txt 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\documents and settings\sundeep\Application Data\Malwarebytes 2009-04-23 07:12 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-23 07:12 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-23 07:11 . 2009-04-23 07:11 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-22 11:49 . 2009-04-22 12:33 -------- d-----w c:\program files\Exterminate It! 2009-04-22 05:19 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys 2009-04-22 05:19 . 2009-04-22 05:19 -------- d-----w c:\program files\Panda Security 2009-04-22 04:18 . 2009-04-22 04:18 93 ----a-w c:\windows\wininit.ini 2009-04-22 00:26 . 2009-04-22 00:36 32 --s-a-w c:\windows\system32\1416566482.dat 2009-04-15 23:43 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 23:43 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 23:43 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 23:43 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 23:43 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 23:43 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 23:43 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 23:43 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 23:43 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 23:42 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 23:42 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-15 23:42 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-02 15:28 . 2009-04-02 16:30 3 ----a-w c:\windows\Twain001.Mtx 2009-04-02 15:28 . 2009-04-02 15:30 156 ----a-w c:\windows\Twunk001.MTX 2009-04-02 15:28 . 2009-04-02 15:28 0 ----a-w c:\windows\Twunk002.MTX 2009-04-01 22:01 . 2009-04-01 22:05 -------- d-----w c:\documents and settings\sundeep\Local Settings\Application Data\S2PC 2009-04-01 22:00 . 2008-05-29 05:36 512000 ----a-w c:\windows\system32\ssmgr.cpl 2009-04-01 21:59 . 2007-11-15 06:09 41984 ------r c:\windows\system32\drivers\DgivEcpXP.sys 2009-04-01 21:59 . 2007-11-15 06:11 36864 ------r c:\windows\system32\SvcMan.exe 2009-04-01 21:59 . 2009-04-02 17:57 -------- d-----w c:\documents and settings\sundeep\Application Data\Samsung 2009-04-01 21:59 . 2009-04-02 13:25 -------- d--h--w c:\documents and settings\All Users\Application Data\catalog.wci 2009-04-01 21:58 . 2008-06-12 02:04 126976 ----a-w c:\windows\system32\STOFaxPort.dll 2009-04-01 21:55 . 2008-05-30 02:24 479232 ----a-w c:\windows\ssndii.exe 2009-04-01 21:55 . 2007-11-15 05:18 21776 ----a-w c:\windows\system32\msxml2a.dll 2009-04-01 21:55 . 2007-11-15 05:18 44544 ----a-w c:\windows\system32\msxml4a.dll 2009-04-01 21:54 . 2006-11-22 00:40 65536 ----a-w c:\windows\system32\smf428ci.dll 2009-04-01 21:54 . 2006-11-20 21:22 151552 ----a-w c:\windows\system32\smf428ci.exe 2009-04-01 21:52 . 2007-11-19 04:59 22723 ----a-w c:\windows\system32\sss2ml3.dll 2009-04-01 21:52 . 2007-11-19 04:57 151552 ----a-w c:\windows\system32\sss2mci.exe 2009-04-01 21:52 . 2007-11-19 04:57 65536 ----a-w c:\windows\system32\sss2mci.dll 2009-04-01 21:52 . 2007-11-16 03:25 11502 ------w c:\windows\Dr. Printer Icon.ico 2009-04-01 21:52 . 2007-11-15 06:11 172032 ------r c:\windows\system32\SecSNMP.dll 2009-04-01 21:52 . 2007-11-02 18:07 361 ----a-w c:\windows\system32\SSS2Ml3.SMT 2009-04-01 21:51 . 2007-11-15 05:26 110592 ----a-r c:\windows\WiaInst.exe 2009-04-01 21:51 . 2007-11-15 06:36 49152 ----a-w c:\windows\system32\Ssusbpn.dll 2009-04-01 21:51 . 2008-01-05 00:43 87040 ----a-w c:\windows\system32\WIASTIIO.dll 2009-04-01 21:51 . 2008-01-05 00:43 139776 ----a-w c:\windows\system32\WIAEH.dll 2009-04-01 21:51 . 2008-01-05 00:43 116736 ----a-w c:\windows\system32\WIAIPH.dll 2009-04-01 21:51 . 2008-01-05 00:43 265216 ----a-w c:\windows\system32\Sswiadrv.dll 2009-04-01 21:51 . 2008-01-05 00:43 138240 ----a-w c:\windows\system32\Ssuiext.dll 2009-04-01 21:51 . 2007-12-14 08:29 81920 ------r c:\windows\system32\ssdevm.dll 2009-04-01 21:51 . 2007-11-16 04:22 7409 ----a-w c:\windows\system32\WIAUISTR.loc 2009-04-01 21:50 . 2009-04-01 21:50 -------- d-----w c:\windows\system32\drivers\Samsung 2009-04-01 21:50 . 2007-11-16 03:26 41984 ------w c:\windows\system32\drivers\DGIVECP.SYS 2009-04-01 21:50 . 2009-04-01 21:50 -------- d-----w c:\program files\Samsung 2009-04-01 15:18 . 1998-01-21 22:15 66560 ----a-w c:\windows\system32\S2DTCONV.DLL 2009-04-01 15:18 . 1997-05-20 17:41 22016 ----a-w c:\windows\system32\sbtrvd32.dll 2009-04-01 15:10 . 2009-04-01 15:10 -------- d-----w c:\program files\Pervasive Software 2009-04-01 15:10 . 2009-04-01 15:10 -------- d-----w c:\documents and settings\All Users\Application Data\Pervasive Software 2009-04-01 14:30 . 2009-04-01 14:30 2664 ----a-w c:\windows\system32\config.pu_ 2009-03-28 02:41 . 2009-03-28 02:41 -------- d-----w c:\documents and settings\All Users\Application Data\ALM 2009-03-28 00:40 . 2009-03-28 00:40 -------- d-----w c:\documents and settings\sundeep\Application Data\Foxit 2009-03-26 15:40 . 2009-03-26 15:40 -------- d-----w c:\documents and settings\sundeep\Application Data\Winamp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-23 23:08 . 2007-05-07 23:43 -------- d-----w c:\documents and settings\sundeep\Application Data\Hamachi 2009-04-23 22:57 . 2007-05-12 19:49 -------- d-----w c:\documents and settings\sundeep\Application Data\uTorrent 2009-04-23 21:26 . 2009-04-23 21:26 4206 ----a-w C:\Rooter.txt 2009-04-23 16:27 . 2008-09-22 21:10 -------- d-----w c:\documents and settings\sundeep\Application Data\Skype 2009-04-23 07:32 . 2009-04-23 07:33 68608 ----a-w c:\windows\Internet Logs\xDB16.tmp 2009-04-23 07:12 . 2008-01-19 12:49 -------- d-----w c:\documents and settings\sundeep\Application Data\SUPERAntiSpyware.com 2009-04-22 15:11 . 2009-04-22 21:43 460288 ----a-w c:\windows\Internet Logs\xDB15.tmp 2009-04-22 15:10 . 2008-04-22 20:39 -------- d-----w c:\program files\mIRC 2009-04-22 05:44 . 2009-04-22 05:45 72192 ----a-w c:\windows\Internet Logs\xDB14.tmp 2009-04-22 03:54 . 2009-04-22 03:55 822784 ----a-w c:\windows\Internet Logs\xDB13.tmp 2009-04-22 03:47 . 2008-01-19 21:10 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-22 00:44 . 2007-05-04 22:08 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-22 00:43 . 2008-07-24 19:41 -------- d-----w c:\program files\Java 2009-04-22 00:36 . 2008-01-31 03:19 14100722 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-04-21 18:52 . 2007-09-11 05:06 -------- d-----w c:\documents and settings\sundeep\Application Data\FileZilla 2009-04-19 15:05 . 2007-05-05 04:00 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-17 20:37 . 2009-04-17 20:38 2722304 ----a-w c:\windows\Internet Logs\xDB12.tmp 2009-04-17 19:55 . 2008-08-22 19:31 -------- d-----w c:\program files\MK PowerTools 2009-04-06 16:53 . 2007-05-07 05:23 -------- d-----w c:\program files\Foxit Software 2009-04-03 21:33 . 2009-01-15 02:13 -------- d-----w c:\program files\SopCast 2009-04-03 21:33 . 2008-03-18 21:46 -------- d-----w c:\program files\VCD 2009-04-03 21:33 . 2007-05-08 00:25 -------- d-----w c:\program files\Winamp 2009-04-03 21:33 . 2008-10-04 16:20 -------- d-----w c:\program files\QuickTime 2009-04-03 21:33 . 2007-05-08 19:43 -------- d-----w c:\program files\PokerStars 2009-04-03 21:33 . 2007-05-10 23:06 -------- d-----w c:\program files\Poker Clock Pro 2009-04-03 21:33 . 2007-05-14 13:24 -------- d-----w c:\program files\DivX 2009-04-03 21:33 . 2007-05-05 16:54 -------- d-----w c:\program files\Google 2009-04-03 21:30 . 2007-09-03 03:00 -------- d-----w c:\program files\Microsoft ActiveSync 2009-04-03 03:52 . 2008-06-13 15:31 35594 ----a-w C:\dlci.log 2009-04-01 15:10 . 2008-04-08 00:03 -------- d-----w c:\program files\Common Files\Pervasive Software Shared 2009-03-27 21:54 . 2007-08-26 17:43 -------- d-----w c:\program files\Common Files\Adobe 2009-03-26 14:06 . 2008-01-21 21:20 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-03-11 18:54 . 2008-02-11 01:13 -------- d-----w c:\documents and settings\sundeep\Application Data\Vso 2009-03-10 08:56 . 2009-03-10 08:57 319488 ----a-w c:\windows\Internet Logs\xDB11.tmp 2009-03-09 09:19 . 2009-01-10 15:00 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-01 23:57 . 2008-08-07 21:53 -------- d-----w c:\documents and settings\sundeep\Application Data\Unyte 2009-03-01 12:05 . 2009-03-01 12:05 -------- d-----w c:\program files\uTorrent 2009-02-20 08:10 . 2004-08-04 12:00 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2004-08-04 12:00 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-16 04:10 . 2009-01-31 17:52 1221512 ----a-w c:\windows\system32\zpeng25.dll 2009-02-15 08:03 . 2009-02-15 14:27 2554368 ----a-w c:\windows\Internet Logs\xDB10.tmp 2009-02-15 08:03 . 2009-02-15 14:27 27648 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-02-14 02:18 . 2009-02-15 07:44 1043968 ----a-w c:\windows\Internet Logs\xDBE.tmp 2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:06 . 2004-08-04 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-05 19:33 . 2008-08-22 20:04 154 ----a-w C:\DSNSetup.txt 2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-24 02:34 . 2009-01-12 04:41 162816 ----a-w c:\windows\system32\fmod.dll 2009-01-15 19:14 . 2007-05-04 16:55 275680 ----a-w c:\documents and settings\sundeep\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-08-24 23:19 . 2008-08-24 23:17 200932511 ----a-w c:\documents and settings\All Users\SPL1.tmp 2008-08-24 23:00 . 2008-08-24 23:00 3710857 ----a-w c:\documents and settings\All Users\SPL138.tmp 2008-08-24 22:57 . 2008-08-24 22:57 41090953 ----a-w c:\documents and settings\All Users\SPL137.tmp 2008-07-23 18:26 . 2008-07-23 18:26 61224 ----a-w c:\documents and settings\sundeep\GoToAssistDownloadHelper.exe 2008-04-08 13:47 . 2008-04-08 13:47 630784 ----a-w c:\documents and settings\sundeep\GoToAssist_chat2way__317_en.exe 2008-04-08 13:01 . 2008-04-08 00:02 190 ----a-w c:\program files\Common Files\psasetup.log 2008-03-28 03:52 . 2008-02-11 01:13 47360 ----a-w c:\documents and settings\sundeep\Application Data\pcouffin.sys 2008-03-11 16:01 . 2008-03-11 16:01 56912 ----a-w c:\documents and settings\sundeep\g2mdlhlpx.exe 2007-12-07 07:29 . 2007-12-07 07:29 212712 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2007-11-21 03:25 . 2007-11-21 03:25 130 ----a-w c:\documents and settings\sundeep\Local Settings\Application Data\fusioncache.dat 2007-07-03 19:50 . 2007-07-03 19:50 0 ----a-w c:\program files\gditst 2008-12-11 20:2008-12-11 20:22 22:05 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2007-09-02 14:49 . 2007-09-02 14:49 24 --sh--w c:\windows\S5648DF7E.tmp . ((((((((((((((((((((((((((((( SnapShot@2009-04-23_21.47.18 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-23 23:07 . 2009-04-23 23:07 16384 c:\windows\Temp\Perflib_Perfdata_550.dat + 2009-04-23 23:07 . 2009-04-23 23:07 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-11 30192] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-07-31 536576] "4x28 Scan2PC"="c:\windows\Twain_32\Samsung\SCX4x28\Scan2pc.exe" [2008-09-29 495616] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\sundeep\Start Menu\Programs\Startup\ Map Drive.bat [2008-7-30 42] SyncBack.lnk - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-11-10 2936064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176] Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] Hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-5-7 625952] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 01000000 "NoRecentDocsNetHood"= 01000000 "NoSMMyDocs"= 01000000 "NoSMMyPictures"= 01000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "StartMenuLogOff"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Documents and Settings\\sundeep\\Application Data\\SopCast\\adv\\SopAdver.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\SCX4x28\\Sscan2io.exe"= "c:\\WINDOWS\\system32\\WgaTray.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\Program Files\\Dell\\QuickSet\\quickset.exe"= "c:\\WINDOWS\\system32\\hkcmd.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "c:\\WINDOWS\\system32\\igfxpers.exe"= "c:\\Program Files\\Windows Defender\\MSASCui.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\WINDOWS\\Samsung\\PanelMgr\\SSMMgr.exe"= "c:\\WINDOWS\\Twain_32\\Samsung\\SCX4x28\\Scan2pc.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ENABLE "c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ENABLE "c:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTStackServer.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\excelcnv.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\WINDOWS\\system32\\calc.exe"= "c:\\Program Files\\Foxit Software\\Foxit Reader\\Foxit Reader.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\SearchProtocolHost.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 SSPORT;SSPORT; [x] R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-11 30192] R3 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-01-18 10624] R3 qcmdmxp;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\DRIVERS\qcmdmxp.sys [2006-12-27 92800] R3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\DRIVERS\qcserxp.sys [2006-12-27 92800] R3 RkPavproc1;RkPavproc1; [x] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544] S1 aswSP;avast! Self Protection; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944] S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 20:51 13560] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [2008-08-19 625952] S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2008-06-06 435488] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##fcaserver#x] \Shell\Auto\command - Z:\MSInfnd.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##homesatveena#storage] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##WHSERVER#EXTERNAL] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN \Shell\configure\command - F:\SETUP.EXE \Shell\install\command - F:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{030b198d-ab92-11dc-9be8-0015c561167d}] \Shell\Auto\command - F:\MSInfnd.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c4afbd-f1f0-11dc-ac3b-0015c561167d}] \Shell\Auto\command - RavMon.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28d21ede-985f-11dd-ac8d-0015c561167d}] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77b77314-0098-11dc-9b92-0015c561167d}] \Shell\Auto\command - MSInfnd.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c012e78-2097-11dc-9bad-0015c561167d}] \Shell\AutoRun\command - wscript.exe VirusRemoval.vbs \Shell\open\Command - wscript.exe VirusRemoval.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe8e804-0b51-11dd-ac55-001302c24880}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-04-23 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2009-04-23 c:\windows\Tasks\SyncBack LAPTOPSUNDEEP Local.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-11-10 16:19] 2009-04-23 c:\windows\Tasks\SyncToy FCA Documents with Server.job - c:\program files\SyncToy 2.0\SyncToyCmd.exe [2008-08-12 19:07] 2009-04-23 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-23 02:18] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.dhl.ca/ca/wfWebShipMain.aspx uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Web Capture - c:\program files\SmarThru Office\WebCapture.dll Trusted Zone: neteller.com\www FF - ProfilePath - c:\documents and settings\sundeep\Application Data\Mozilla\Firefox\Profiles\lgylea2b.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.fcagroup.com/ FF - prefs.js: keyword.URL - about:neterror?e=query&u= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPunyte.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-23 19:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL] @Denied: ) (Everyone) @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(992) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\netprovcredman.dll - - - - - - - > 'explorer.exe'(7708) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\btmmhook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\netprovcredman.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\tlntsvr.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\searchindexer.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\fxssvc.exe c:\windows\system32\igfxsrvc.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Completion time: 2009-04-23 19:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-23 23:13 ComboFix2.txt 2009-04-23 21:51 ComboFix3.txt 2008-02-26 03:55 Pre-Run: 2,141,777,920 bytes free Post-Run: 2,091,499,520 bytes free Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4 415 --- E O F --- 2009-04-23 20:23 |
|
#8
23rd Apr 2009, 16:40
| |||
| |||
| Use this. Norton Removal Tool Please go back to the prior post and run the ComboFix instructions again. I messed them up and it didn't work. They are fixed now.
__________________ |
|
#9
24th Apr 2009, 13:47
| |||
| |||
| ComboFix 09-04-23.A3 - sundeep 24/04/2009 16:31.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2038.1227 [GMT -4:00] Running from: c:\documents and settings\sundeep\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\sundeep\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090423-0] *On-access scanning disabled* (Updated) FW: ZoneAlarm Firewall *enabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 ))))))))))))))))))))))))))))))) . 2009-04-24 00:27 . 2009-04-24 00:27 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller 2009-04-23 21:25 . 2009-04-23 21:26 -------- d-----w C:\Rooter$ 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\documents and settings\sundeep\Application Data\Malwarebytes 2009-04-23 07:12 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-23 07:12 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-23 07:11 . 2009-04-23 07:11 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-22 11:49 . 2009-04-22 12:33 -------- d-----w c:\program files\Exterminate It! 2009-04-22 05:19 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys 2009-04-22 05:19 . 2009-04-22 05:19 -------- d-----w c:\program files\Panda Security 2009-04-22 04:18 . 2009-04-22 04:18 93 ----a-w c:\windows\wininit.ini 2009-04-22 00:26 . 2009-04-22 00:36 32 --s-a-w c:\windows\system32\1416566482.dat 2009-04-15 23:43 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 23:43 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 23:43 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 23:43 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 23:43 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 23:43 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 23:43 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 23:43 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 23:43 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 23:42 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 23:42 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-15 23:42 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-02 15:28 . 2009-04-02 16:30 3 ----a-w c:\windows\Twain001.Mtx 2009-04-02 15:28 . 2009-04-02 15:30 156 ----a-w c:\windows\Twunk001.MTX 2009-04-02 15:28 . 2009-04-02 15:28 0 ----a-w c:\windows\Twunk002.MTX 2009-04-01 22:01 . 2009-04-01 22:05 -------- d-----w c:\documents and settings\sundeep\Local Settings\Application Data\S2PC 2009-04-01 22:00 . 2008-05-29 05:36 512000 ----a-w c:\windows\system32\ssmgr.cpl 2009-04-01 21:59 . 2007-11-15 06:09 41984 ------r c:\windows\system32\drivers\DgivEcpXP.sys 2009-04-01 21:59 . 2007-11-15 06:11 36864 ------r c:\windows\system32\SvcMan.exe 2009-04-01 21:59 . 2009-04-02 17:57 -------- d-----w c:\documents and settings\sundeep\Application Data\Samsung 2009-04-01 21:59 . 2009-04-02 13:25 -------- d--h--w c:\documents and settings\All Users\Application Data\catalog.wci 2009-04-01 21:58 . 2008-06-12 02:04 126976 ----a-w c:\windows\system32\STOFaxPort.dll 2009-04-01 21:55 . 2008-05-30 02:24 479232 ----a-w c:\windows\ssndii.exe 2009-04-01 21:55 . 2007-11-15 05:18 21776 ----a-w c:\windows\system32\msxml2a.dll 2009-04-01 21:55 . 2007-11-15 05:18 44544 ----a-w c:\windows\system32\msxml4a.dll 2009-04-01 21:54 . 2006-11-22 00:40 65536 ----a-w c:\windows\system32\smf428ci.dll 2009-04-01 21:54 . 2006-11-20 21:22 151552 ----a-w c:\windows\system32\smf428ci.exe 2009-04-01 21:52 . 2007-11-19 04:59 22723 ----a-w c:\windows\system32\sss2ml3.dll 2009-04-01 21:52 . 2007-11-19 04:57 151552 ----a-w c:\windows\system32\sss2mci.exe 2009-04-01 21:52 . 2007-11-19 04:57 65536 ----a-w c:\windows\system32\sss2mci.dll 2009-04-01 21:52 . 2007-11-16 03:25 11502 ------w c:\windows\Dr. Printer Icon.ico 2009-04-01 21:52 . 2007-11-15 06:11 172032 ------r c:\windows\system32\SecSNMP.dll 2009-04-01 21:52 . 2007-11-02 18:07 361 ----a-w c:\windows\system32\SSS2Ml3.SMT 2009-04-01 21:51 . 2007-11-15 05:26 110592 ----a-r c:\windows\WiaInst.exe 2009-04-01 21:51 . 2007-11-15 06:36 49152 ----a-w c:\windows\system32\Ssusbpn.dll 2009-04-01 21:51 . 2008-01-05 00:43 87040 ----a-w c:\windows\system32\WIASTIIO.dll 2009-04-01 21:51 . 2008-01-05 00:43 139776 ----a-w c:\windows\system32\WIAEH.dll 2009-04-01 21:51 . 2008-01-05 00:43 116736 ----a-w c:\windows\system32\WIAIPH.dll 2009-04-01 21:51 . 2008-01-05 00:43 265216 ----a-w c:\windows\system32\Sswiadrv.dll 2009-04-01 21:51 . 2008-01-05 00:43 138240 ----a-w c:\windows\system32\Ssuiext.dll 2009-04-01 21:51 . 2007-12-14 08:29 81920 ------r c:\windows\system32\ssdevm.dll 2009-04-01 21:51 . 2007-11-16 04:22 7409 ----a-w c:\windows\system32\WIAUISTR.loc 2009-04-01 21:50 . 2009-04-01 21:50 -------- d-----w c:\windows\system32\drivers\Samsung 2009-04-01 21:50 . 2007-11-16 03:26 41984 ------w c:\windows\system32\drivers\DGIVECP.SYS 2009-04-01 21:50 . 2009-04-01 21:50 -------- d-----w c:\program files\Samsung 2009-04-01 15:18 . 1998-01-21 22:15 66560 ----a-w c:\windows\system32\S2DTCONV.DLL 2009-04-01 15:18 . 1997-05-20 17:41 22016 ----a-w c:\windows\system32\sbtrvd32.dll 2009-04-01 15:10 . 2009-04-01 15:10 -------- d-----w c:\program files\Pervasive Software 2009-04-01 15:10 . 2009-04-01 15:10 -------- d-----w c:\documents and settings\All Users\Application Data\Pervasive Software 2009-04-01 14:30 . 2009-04-01 14:30 2664 ----a-w c:\windows\system32\config.pu_ 2009-03-28 02:41 . 2009-03-28 02:41 -------- d-----w c:\documents and settings\All Users\Application Data\ALM 2009-03-28 00:40 . 2009-03-28 00:40 -------- d-----w c:\documents and settings\sundeep\Application Data\Foxit 2009-03-26 15:40 . 2009-03-26 15:40 -------- d-----w c:\documents and settings\sundeep\Application Data\Winamp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-24 20:37 . 2007-05-07 23:43 -------- d-----w c:\documents and settings\sundeep\Application Data\Hamachi 2009-04-24 20:27 . 2007-05-12 19:49 -------- d-----w c:\documents and settings\sundeep\Application Data\uTorrent 2009-04-24 01:23 . 2008-09-22 21:10 -------- d-----w c:\documents and settings\sundeep\Application Data\Skype 2009-04-23 21:26 . 2009-04-23 21:26 4206 ----a-w C:\Rooter.txt 2009-04-23 07:32 . 2009-04-23 07:33 68608 ----a-w c:\windows\Internet Logs\xDB16.tmp 2009-04-23 07:12 . 2008-01-19 12:49 -------- d-----w c:\documents and settings\sundeep\Application Data\SUPERAntiSpyware.com 2009-04-22 15:11 . 2009-04-22 21:43 460288 ----a-w c:\windows\Internet Logs\xDB15.tmp 2009-04-22 15:10 . 2008-04-22 20:39 -------- d-----w c:\program files\mIRC 2009-04-22 05:44 . 2009-04-22 05:45 72192 ----a-w c:\windows\Internet Logs\xDB14.tmp 2009-04-22 03:54 . 2009-04-22 03:55 822784 ----a-w c:\windows\Internet Logs\xDB13.tmp 2009-04-22 03:47 . 2008-01-19 21:10 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-22 00:44 . 2007-05-04 22:08 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-22 00:43 . 2008-07-24 19:41 -------- d-----w c:\program files\Java 2009-04-22 00:36 . 2008-01-31 03:19 14100722 ----a-w c:\windows\Internet Logs\tvDebug.zip 2009-04-21 18:52 . 2007-09-11 05:06 -------- d-----w c:\documents and settings\sundeep\Application Data\FileZilla 2009-04-19 15:05 . 2007-05-05 04:00 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-17 20:37 . 2009-04-17 20:38 2722304 ----a-w c:\windows\Internet Logs\xDB12.tmp 2009-04-17 19:55 . 2008-08-22 19:31 -------- d-----w c:\program files\MK PowerTools 2009-04-06 16:53 . 2007-05-07 05:23 -------- d-----w c:\program files\Foxit Software 2009-04-03 21:33 . 2009-01-15 02:13 -------- d-----w c:\program files\SopCast 2009-04-03 21:33 . 2008-03-18 21:46 -------- d-----w c:\program files\VCD 2009-04-03 21:33 . 2007-05-08 00:25 -------- d-----w c:\program files\Winamp 2009-04-03 21:33 . 2008-10-04 16:20 -------- d-----w c:\program files\QuickTime 2009-04-03 21:33 . 2007-05-08 19:43 -------- d-----w c:\program files\PokerStars 2009-04-03 21:33 . 2007-05-10 23:06 -------- d-----w c:\program files\Poker Clock Pro 2009-04-03 21:33 . 2007-05-14 13:24 -------- d-----w c:\program files\DivX 2009-04-03 21:33 . 2007-05-05 16:54 -------- d-----w c:\program files\Google 2009-04-03 21:30 . 2007-09-03 03:00 -------- d-----w c:\program files\Microsoft ActiveSync 2009-04-03 03:52 . 2008-06-13 15:31 35594 ----a-w C:\dlci.log 2009-04-01 15:10 . 2008-04-08 00:03 -------- d-----w c:\program files\Common Files\Pervasive Software Shared 2009-03-27 21:54 . 2007-08-26 17:43 -------- d-----w c:\program files\Common Files\Adobe 2009-03-26 14:06 . 2008-01-21 21:20 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-03-11 18:54 . 2008-02-11 01:13 -------- d-----w c:\documents and settings\sundeep\Application Data\Vso 2009-03-10 08:56 . 2009-03-10 08:57 319488 ----a-w c:\windows\Internet Logs\xDB11.tmp 2009-03-09 09:19 . 2009-01-10 15:00 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-01 23:57 . 2008-08-07 21:53 -------- d-----w c:\documents and settings\sundeep\Application Data\Unyte 2009-03-01 12:05 . 2009-03-01 12:05 -------- d-----w c:\program files\uTorrent 2009-02-20 08:10 . 2004-08-04 12:00 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2004-08-04 12:00 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-16 04:10 . 2009-01-31 17:52 1221512 ----a-w c:\windows\system32\zpeng25.dll 2009-02-15 08:03 . 2009-02-15 14:27 2554368 ----a-w c:\windows\Internet Logs\xDB10.tmp 2009-02-15 08:03 . 2009-02-15 14:27 27648 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-02-14 02:18 . 2009-02-15 07:44 1043968 ----a-w c:\windows\Internet Logs\xDBE.tmp 2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:06 . 2004-08-04 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-05 19:33 . 2008-08-22 20:04 154 ----a-w C:\DSNSetup.txt 2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-15 19:14 . 2007-05-04 16:55 275680 ----a-w c:\documents and settings\sundeep\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-08-24 23:19 . 2008-08-24 23:17 200932511 ----a-w c:\documents and settings\All Users\SPL1.tmp 2008-08-24 23:00 . 2008-08-24 23:00 3710857 ----a-w c:\documents and settings\All Users\SPL138.tmp 2008-08-24 22:57 . 2008-08-24 22:57 41090953 ----a-w c:\documents and settings\All Users\SPL137.tmp 2008-07-23 18:26 . 2008-07-23 18:26 61224 ----a-w c:\documents and settings\sundeep\GoToAssistDownloadHelper.exe 2008-04-08 13:47 . 2008-04-08 13:47 630784 ----a-w c:\documents and settings\sundeep\GoToAssist_chat2way__317_en.exe 2008-04-08 13:01 . 2008-04-08 00:02 190 ----a-w c:\program files\Common Files\psasetup.log 2008-03-28 03:52 . 2008-02-11 01:13 47360 ----a-w c:\documents and settings\sundeep\Application Data\pcouffin.sys 2008-03-11 16:01 . 2008-03-11 16:01 56912 ----a-w c:\documents and settings\sundeep\g2mdlhlpx.exe 2007-12-07 07:29 . 2007-12-07 07:29 212712 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2007-11-21 03:25 . 2007-11-21 03:25 130 ----a-w c:\documents and settings\sundeep\Local Settings\Application Data\fusioncache.dat 2007-07-03 19:50 . 2007-07-03 19:50 0 ----a-w c:\program files\gditst 2008-12-11 20:2008-12-11 20:22 22:05 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2007-09-02 14:49 . 2007-09-02 14:49 24 --sh--w c:\windows\S5648DF7E.tmp . ((((((((((((((((((((((((((((( SnapShot@2009-04-23_21.47.18 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-24 20:36 . 2009-04-24 20:36 16384 c:\windows\Temp\Perflib_Perfdata_74c.dat + 2009-04-24 20:36 . 2009-04-24 20:36 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat + 2009-04-24 20:35 . 2009-04-24 20:35 16384 c:\windows\Temp\Perflib_Perfdata_150.dat + 2007-04-10 19:01 . 2009-03-11 02:18 934792 c:\windows\system32\WgaTray.exe + 2007-04-10 19:00 . 2009-03-11 02:18 239496 c:\windows\system32\WgaLogon.dll + 2007-04-10 19:01 . 2009-03-11 02:18 934792 c:\windows\system32\dllcache\WgaTray.exe + 2007-04-10 19:00 . 2009-03-11 02:18 239496 c:\windows\system32\dllcache\wgaLogon.dll + 2006-05-17 15:23 . 2009-03-11 02:18 1482112 c:\windows\system32\LegitCheckControl.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-11 30192] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-07-31 536576] "4x28 Scan2PC"="c:\windows\Twain_32\Samsung\SCX4x28\Scan2pc.exe" [2008-09-29 495616] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\sundeep\Start Menu\Programs\Startup\ Map Drive.bat [2008-7-30 42] SyncBack.lnk - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-11-10 2936064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176] Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288] Hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-5-7 625952] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 01000000 "NoRecentDocsNetHood"= 01000000 "NoSMMyDocs"= 01000000 "NoSMMyPictures"= 01000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "StartMenuLogOff"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Documents and Settings\\sundeep\\Application Data\\SopCast\\adv\\SopAdver.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"= "c:\\WINDOWS\\twain_32\\Samsung\\SCX4x28\\Sscan2io.exe"= "c:\\WINDOWS\\system32\\WgaTray.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"= "c:\\Program Files\\Dell\\QuickSet\\quickset.exe"= "c:\\WINDOWS\\system32\\hkcmd.exe"= "c:\\WINDOWS\\system32\\igfxsrvc.exe"= "c:\\WINDOWS\\system32\\igfxpers.exe"= "c:\\Program Files\\Windows Defender\\MSASCui.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\ZCfgSvc.exe"= "c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"= "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"= "c:\\WINDOWS\\Samsung\\PanelMgr\\SSMMgr.exe"= "c:\\WINDOWS\\Twain_32\\Samsung\\SCX4x28\\Scan2pc.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ENABLE "c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ENABLE "c:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTStackServer.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\excelcnv.exe"= "c:\\WINDOWS\\system32\\netsh.exe"= "c:\\WINDOWS\\system32\\calc.exe"= "c:\\Program Files\\Foxit Software\\Foxit Reader\\Foxit Reader.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\SearchProtocolHost.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 SSPORT;SSPORT; [x] R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-11 30192] R3 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-01-18 10624] R3 qcmdmxp;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\DRIVERS\qcmdmxp.sys [2006-12-27 92800] R3 qcserxp;HTC Diagnostic Port (PID 0B03);c:\windows\system32\DRIVERS\qcserxp.sys [2006-12-27 92800] R3 RkPavproc1;RkPavproc1; [x] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544] S1 aswSP;avast! Self Protection; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944] S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 20:51 13560] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [2008-08-19 625952] S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2008-06-06 435488] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##homesatveena#storage] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##WHSERVER#EXTERNAL] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN \Shell\configure\command - F:\SETUP.EXE \Shell\install\command - F:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{030b198d-ab92-11dc-9be8-0015c561167d}] \Shell\Auto\command - F:\MSInfnd.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c4afbd-f1f0-11dc-ac3b-0015c561167d}] \Shell\Auto\command - RavMon.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28d21ede-985f-11dd-ac8d-0015c561167d}] \Shell\Auto\command - auto.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77b77314-0098-11dc-9b92-0015c561167d}] \Shell\Auto\command - MSInfnd.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSInfnd.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c012e78-2097-11dc-9bad-0015c561167d}] \Shell\AutoRun\command - wscript.exe VirusRemoval.vbs \Shell\open\Command - wscript.exe VirusRemoval.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efe8e804-0b51-11dd-ac55-001302c24880}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-04-24 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2009-04-24 c:\windows\Tasks\SyncBack LAPTOPSUNDEEP Local.job - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2008-11-10 16:19] 2009-04-23 c:\windows\Tasks\SyncToy FCA Documents with Server.job - c:\program files\SyncToy 2.0\SyncToyCmd.exe [2008-08-12 19:07] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.dhl.ca/ca/wfWebShipMain.aspx uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Web Capture - c:\program files\SmarThru Office\WebCapture.dll Trusted Zone: neteller.com\www FF - ProfilePath - c:\documents and settings\sundeep\Application Data\Mozilla\Firefox\Profiles\lgylea2b.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.fcagroup.com/ FF - prefs.js: keyword.URL - about:neterror?e=query&u= FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPunyte.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-24 16:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL] @Denied: ) (Everyone) @="" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(992) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\netprovcredman.dll - - - - - - - > 'explorer.exe'(8104) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\btmmhook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\tlntsvr.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\searchindexer.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\fxssvc.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\wscntfy.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\windows\system32\searchprotocolhost.exe . ************************************************************************** . Completion time: 2009-04-24 16:41 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-24 20:41 ComboFix2.txt 2009-04-23 23:13 ComboFix3.txt 2009-04-23 21:51 ComboFix4.txt 2008-02-26 03:55 Pre-Run: 1,921,806,336 bytes free Post-Run: 1,936,281,600 bytes free Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4 411 --- E O F --- 2009-04-23 20:23 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:47:19 PM, on 24/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\tlntsvr.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\WINDOWS\Twain_32\Samsung\SCX4x28\Scan2pc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Hamachi\hamachi.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dhl.ca/ca/wfWebShipMain.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [4x28 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\SCX4x28\Scan2pc.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Map Drive.bat O4 - Startup: SyncBack.lnk = C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Web Capture - C:\Program Files\SmarThru Office\WebCapture.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1192932319484 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192932290562 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pervasive PSQL Workgroup Engine (psqlWGE) - Pervasive Software Inc. - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 11578 bytes |
|
#10
24th Apr 2009, 13:59
| |||
| |||
| Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##fcaserver#x]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##homesatveena#storage]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##WHSERVER#EXTERNAL]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{030b198d-ab92-11dc-9be8-0015c561167d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12c4afbd-f1f0-11dc-ac3b-0015c561167d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28d21ede-985f-11dd-ac8d-0015c561167d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77b77314-0098-11dc-9b92-0015c561167d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c012e78-2097-11dc-9bad-0015c561167d}]
Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work. Delete the fixme.reg from the Desktop. ----------
---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
Note that your system will run slower for a reboot or two after having used this tool so don't panic. ---------- This scanner works with Internet Explorer only! Scan with the BitDefender Online Scanner Click I Agree to the license and then install the ActiveX control. Please DO NOT change the Scanning Options. That will make your logs huge and we don't need to see clean files. Select Start Scan to begin. This scan can take a while so please be patient and let it complete. Once BitDefender completes the scan: Click-on the Detected Problems tab. Then select Click here to export the scan report  This will save a file named bdscan.html I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later) You will have to upload the file online. The forums will not accept HTML. Go to File Dropper Click Upload Locate the file and double click it. Copy the link below Share This Link: and post it back here.
__________________ |
 |
 |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Unable to Remove Virus | avz10 | Virus, Spyware & Security | 1 | 15th Oct 2009 09:09 |
| Iexplore.exe Virus Please Help Me Remove | dmx434343 | Virus, Spyware & Security | 9 | 1st Mar 2009 12:19 |
| Virus thing... | VNani | Virus, Spyware & Security | 1 | 7th Apr 2008 10:14 |
| Nid help! ~I can't remove this adware/virus! | jomm43point67 | Virus, Spyware & Security | 10 | 16th Jan 2008 08:38 |
| AVG cant remove virus | TomIsFat | Virus, Spyware & Security | 6 | 30th Dec 2007 16:11 |
| Thread Tools | |
| |
