I got the virus alert problem today.
After reading through some topics of this forum, I see that I can have the solution here.
So, I start this new topic and hope you can help me.
Virus alert in system tray [RESOLVED]
Started by
Kim Bach
, Aug 09 2008 09:35 AM
-
This topic is locked
#1
Posted 09 August 2008 - 09:35 AM
Kim Bach
-
- Member
-
- 6 posts
New Member
I got the virus alert problem today.
After reading through some topics of this forum, I see that I can have the solution here.
So, I start this new topic and hope you can help me.
#2
Posted 09 August 2008 - 11:47 AM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Welcome to GTG.
Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
#3
Posted 10 August 2008 - 03:17 AM
Kim Bach
- Topic Starter
-
- Member
-
- 6 posts
New Member
Thanks greyknight17,
Following is Malwarebytes's log and combofix's log.
Malwarebytes's log:
Malwarebytes' Anti-Malware 1.24
Database version: 1036
Windows 5.1.2600 Service Pack 2
13:20:39 2008-08-10
mbam-log-8-10-2008 (13-20-22).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 142819
Time elapsed: 37 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 54
Registry Values Infected: 11
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 47
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{6d0111e3-3060-4d23-b2bc-42ed86cbe9a3} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{72a128e0-2240-40c8-9e92-5387d64f839e} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72a128e0-2240-40c8-9e92-5387d64f839e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xmllib.xmldp (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xmllib.xmldp.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0c7c23ef-a848-485b-873c-0ed954731014} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c7c23ef-a848-485b-873c-0ed954731014} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{669751ed-d558-49ae-b01a-3b374cc7910e} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a57e074f-56d8-4a33-8112-aac9693aa909} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{28bef2b7-c54c-4551-a96d-e6f2c864dd98} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c5759d2-38ba-4a3a-a71c-8a89a7390c5a} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5eb5b996-45b1-49f7-a5a7-d7c52b85c338} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9b2603f4-8ea7-4889-a2a2-7ee7fbf9670b} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0d414d29-38f3-4b84-ae81-9890d15a4ab7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7db01184-5f86-4cfe-a017-90c26f7be6d0} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad4b4918-636f-46a0-83a6-9a53174d2180} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e35fa112-d185-4a85-b345-43de36026c03} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ff6b70aa-84cf-4da0-bbf9-b25b1d1bc94b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c9a33814-2219-48e6-b609-869e5653f73d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f111361e-ebf9-458c-81c3-20783a38200d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{60ab0558-ac7f-4ce8-97da-9a88e7e170e6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ce8d2101-86b5-47ad-b571-29a7d3c2b1ca} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ffd7591b-1874-479f-9ad6-f4a1a6b3b829} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e255106-18cd-4806-89f6-98990f32e3e6} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e255106-18cd-4806-89f6-98990f32e3e6} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bgrqfetx.bove (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bgrqfetx.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0c7c23ef-a848-485b-873c-0ed954731014} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{669751ed-d558-49ae-b01a-3b374cc7910e} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{a57e074f-56d8-4a33-8112-aac9693aa909} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xokvrpwg (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\tfnslopk (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f111361e-ebf9-458c-81c3-20783a38200d} (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarerefer...=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76492-OEM-0011903-00100) -> No action taken.
Folders Infected:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\whInstall (Adware.WebHancer) -> No action taken.
Files Infected:
C:\WINDOWS\xml2u32h.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\ewdx.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\xokvrpwg.dll (Trojan.Zlob) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER\Local Settings\Temp\5871 (Trojan.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\whInstall\whInstaller.ini (Adware.WebHancer) -> No action taken.
C:\Program Files\whInstall\whAgent.inf (Adware.WebHancer) -> No action taken.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
C:\WINDOWS\tfnslopk.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\lnvegaow.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\bgrqfetx.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\wnlmdakqmqa.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\デスクトップ\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\デスクトップ\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\デスクトップ\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) ->
combofix's log.
ComboFix 08-08-09.03 - USER 2008-08-10 13:22:19.1 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.310 [GMT 9:00]
Running from: C:\Documents and Settings\USER\デスクトップ\ComboFix.exe
Command switches used :: F:\Setup\Windows\XP-Home-Package 2\WindowsXP-KB310994-SP2-Home-BootDisk-JPN.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\USER\Favorites\Error Cleaner.url
C:\Documents and Settings\USER\Favorites\Privacy Protector.url
C:\Documents and Settings\USER\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\USER\デスクトップ\Error Cleaner.url
C:\Documents and Settings\USER\デスクトップ\Privacy Protector.url
C:\Documents and Settings\USER\デスクトップ\Spyware&Malware Protection.url
C:\Program Files\Need2Find
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\WINDOWS\bgrqfetx.dll
C:\WINDOWS\cdmxtras
C:\WINDOWS\ewdx.exe
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\lnvegaow.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\tfnslopk.dll
C:\WINDOWS\wnlmdakqmqa.dll
C:\WINDOWS\xml2u32h.dll
C:\WINDOWS\xokvrpwg.dll
----- BITS: Possible infected sites -----
http://pornotube8.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_TDSSSERV
-------\Service_NPF
-------\Service_tdssserv
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 12:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 00:47 . 2008-08-10 00:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 23:58 . 2008-08-09 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-09 23:49 . 2008-08-07 16:28 <DIR> d-------- C:\SDFix
2008-08-09 21:26 . 2008-08-09 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-04 01:37 . 2008-08-04 01:37 <DIR> d--hs---- C:\FOUND.015
2008-08-02 10:33 . 2008-08-02 10:33 <DIR> d-------- C:\Program Files\Jhoos
2008-08-02 10:33 . 2008-08-02 10:33 <DIR> d-------- C:\Program Files\AdVantage
2008-08-02 10:33 . 2003-10-06 22:39 26,694 --a------ C:\WINDOWS\system32\customercare.ico
2008-08-02 10:33 . 2003-10-06 22:37 26,694 --a------ C:\WINDOWS\system32\about.ico
2008-07-19 22:37 . 2008-07-19 22:37 <DIR> d-------- C:\Documents and Settings\USER\Contacts
2008-07-11 19:06 . 2008-07-11 19:06 <DIR> d--hs---- C:\FOUND.014
2008-07-11 18:55 . 2008-07-11 18:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-10 19:47 . 2006-08-16 20:59 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 13:58 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 13:58 --------- d-----w C:\Program Files\Windows Live
2008-07-06 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 09:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 09:48 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 09:48 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 17:39 243,200 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 243,200 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 13:53 --------- d-----w C:\Program Files\AVG
2008-06-18 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-15 23:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 22:37 4,506 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnnotatedJpgOverlay]
@="{846F1C20-3769-4659-BFDC-088B51FBFBD8}"
[HKEY_CLASSES_ROOT\CLSID\{846F1C20-3769-4659-BFDC-088B51FBFBD8}]
2008-02-14 18:43 368640 --a------ C:\Program Files\FotoTagger\FotoTaggerToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-02-18 00:24 890624]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 16:48 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 03:17 58488]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-11-22 17:53 2785256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 20:50 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 18:49 1232152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\USER\My Documents\atarashikotoba.html
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\USER\デスクトップ\Hoc tieng Nhat bang Yansan.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^pccmsi.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\pccmsi.lnk
backup=C:\WINDOWS\pss\pccmsi.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Adobe Gamma.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^hamachi.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^officexp.exe]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\officexp.exe
backup=C:\WINDOWS\pss\officexp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Tencent QQ.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2008-07-14 11:52 883992 C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-08-25 14:21 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
--a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-14 03:17 58488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-03-17 15:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eNMTray.exe]
--a------ 2006-03-21 11:06 225280 C:\Acer\Empowering Technology\eNet\eNMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
--a------ 2006-04-04 18:08 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-02-12 22:54 157696 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-02-18 00:24 890624 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-28 13:52 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-28 13:55 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jhoos]
--a------ 2008-04-03 17:54 33280 C:\Program Files\Jhoos\Jhoos.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-04-06 19:00 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-04-06 19:06 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-04-06 19:22 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2005-11-07 17:12 1540003 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-05-17 19:04 151552 C:\Program Files\Acer\Acer Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-03 16:48 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Softany Monitor Control]
--a------ 2007-02-13 23:01 1257472 C:\Program Files\Softany\Monitor Control\MonitorControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-01-08 07:16 692315 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-01-08 07:17 102491 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 20:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Share\\EMPIRESX.EXE"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"C:\\Program Files\\Vypress Chat\\VyChat.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 18:48]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 18:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 18:48]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 18:49]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 03:46]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2006-07-21 12:12]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2006-07-21 12:13]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2006-07-21 12:13]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2006-07-21 12:14]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2006-07-21 12:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8761a4a-f8a9-11db-87c1-0016365a7d4a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
.
Contents of the 'Scheduled Tasks' folder
2008-06-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{F111361E-EBF9-458C-81C3-20783A38200D} - C:\WINDOWS\bgrqfetx.dll
MSConfigStartUp-Antivirus - C:\Program Files\VAV\vav.exe
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
MSConfigStartUp-Blaero Start Orb - C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
MSConfigStartUp-LClock - C:\Program Files\LClock\LClock.exe
MSConfigStartUp-LManager - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSConfigStartUp-My Web Search Bar - C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-P2P Networking - C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
MSConfigStartUp-Run - C:\Documents and Settings\USER\Application Data\Adobe\Manager.exe
MSConfigStartUp-stup - C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll
MSConfigStartUp-Styler - C:\Program Files\Styler\Styler.exe
MSConfigStartUp-updateMgr - c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Vista Sidebar - C:\Program Files\Vista Sidebar\sidebar.exe
MSConfigStartUp-VisualTooltip - C:\Program Files\VisualTooltip\VisualToolTip.exe
MSConfigStartUp-WhenUSave - C:\Program Files\Save\Save.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\ont1fj4o.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\PROGRA~1\YAHOO!\COMMON\npyaxmpb.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30226.2\npctrl.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 18:03:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 32768 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Completion time: 2008-08-10 18:07:14 - machine was rebooted [USER]
ComboFix-quarantined-files.txt 2008-08-10 09:06:56
Pre-Run: 5,888,114,688 バイトの空き領域
Post-Run: 5,165,940,736 バイトの空き領域
WindowsXP-KB310994-SP2-Home-BootDisk-JPN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
408 --- E O F --- 2008-07-30 10:03:13
Please help me to fix this problem.
Cheers,
SeeS
Following is Malwarebytes's log and combofix's log.
Malwarebytes's log:
Malwarebytes' Anti-Malware 1.24
Database version: 1036
Windows 5.1.2600 Service Pack 2
13:20:39 2008-08-10
mbam-log-8-10-2008 (13-20-22).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 142819
Time elapsed: 37 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 54
Registry Values Infected: 11
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 47
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{6d0111e3-3060-4d23-b2bc-42ed86cbe9a3} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{72a128e0-2240-40c8-9e92-5387d64f839e} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72a128e0-2240-40c8-9e92-5387d64f839e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xmllib.xmldp (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xmllib.xmldp.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0c7c23ef-a848-485b-873c-0ed954731014} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c7c23ef-a848-485b-873c-0ed954731014} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{669751ed-d558-49ae-b01a-3b374cc7910e} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a57e074f-56d8-4a33-8112-aac9693aa909} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{28bef2b7-c54c-4551-a96d-e6f2c864dd98} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c5759d2-38ba-4a3a-a71c-8a89a7390c5a} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5eb5b996-45b1-49f7-a5a7-d7c52b85c338} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9b2603f4-8ea7-4889-a2a2-7ee7fbf9670b} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0d414d29-38f3-4b84-ae81-9890d15a4ab7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7db01184-5f86-4cfe-a017-90c26f7be6d0} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad4b4918-636f-46a0-83a6-9a53174d2180} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e35fa112-d185-4a85-b345-43de36026c03} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ff6b70aa-84cf-4da0-bbf9-b25b1d1bc94b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c9a33814-2219-48e6-b609-869e5653f73d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f111361e-ebf9-458c-81c3-20783a38200d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{60ab0558-ac7f-4ce8-97da-9a88e7e170e6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ce8d2101-86b5-47ad-b571-29a7d3c2b1ca} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ffd7591b-1874-479f-9ad6-f4a1a6b3b829} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e255106-18cd-4806-89f6-98990f32e3e6} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e255106-18cd-4806-89f6-98990f32e3e6} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bgrqfetx.bove (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bgrqfetx.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0c7c23ef-a848-485b-873c-0ed954731014} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{669751ed-d558-49ae-b01a-3b374cc7910e} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{a57e074f-56d8-4a33-8112-aac9693aa909} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{db8b2393-7a6c-4c76-88ce-6b1f6ff6ffe9} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xokvrpwg (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\tfnslopk (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f111361e-ebf9-458c-81c3-20783a38200d} (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarerefer...=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76492-OEM-0011903-00100) -> No action taken.
Folders Infected:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\whInstall (Adware.WebHancer) -> No action taken.
Files Infected:
C:\WINDOWS\xml2u32h.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\ewdx.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\xokvrpwg.dll (Trojan.Zlob) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\USER\Local Settings\Temp\5871 (Trojan.Agent) -> No action taken.
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\whInstall\whInstaller.ini (Adware.WebHancer) -> No action taken.
C:\Program Files\whInstall\whAgent.inf (Adware.WebHancer) -> No action taken.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
C:\WINDOWS\tfnslopk.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\lnvegaow.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\bgrqfetx.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\wnlmdakqmqa.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\USER\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\デスクトップ\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\デスクトップ\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\デスクトップ\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\USER\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) ->
combofix's log.
ComboFix 08-08-09.03 - USER 2008-08-10 13:22:19.1 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.310 [GMT 9:00]
Running from: C:\Documents and Settings\USER\デスクトップ\ComboFix.exe
Command switches used :: F:\Setup\Windows\XP-Home-Package 2\WindowsXP-KB310994-SP2-Home-BootDisk-JPN.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\USER\Favorites\Error Cleaner.url
C:\Documents and Settings\USER\Favorites\Privacy Protector.url
C:\Documents and Settings\USER\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\USER\デスクトップ\Error Cleaner.url
C:\Documents and Settings\USER\デスクトップ\Privacy Protector.url
C:\Documents and Settings\USER\デスクトップ\Spyware&Malware Protection.url
C:\Program Files\Need2Find
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\7.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\WINDOWS\bgrqfetx.dll
C:\WINDOWS\cdmxtras
C:\WINDOWS\ewdx.exe
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\lnvegaow.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\tfnslopk.dll
C:\WINDOWS\wnlmdakqmqa.dll
C:\WINDOWS\xml2u32h.dll
C:\WINDOWS\xokvrpwg.dll
----- BITS: Possible infected sites -----
http://pornotube8.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_TDSSSERV
-------\Service_NPF
-------\Service_tdssserv
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 12:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 00:47 . 2008-08-10 00:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 23:58 . 2008-08-09 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-09 23:49 . 2008-08-07 16:28 <DIR> d-------- C:\SDFix
2008-08-09 21:26 . 2008-08-09 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-04 01:37 . 2008-08-04 01:37 <DIR> d--hs---- C:\FOUND.015
2008-08-02 10:33 . 2008-08-02 10:33 <DIR> d-------- C:\Program Files\Jhoos
2008-08-02 10:33 . 2008-08-02 10:33 <DIR> d-------- C:\Program Files\AdVantage
2008-08-02 10:33 . 2003-10-06 22:39 26,694 --a------ C:\WINDOWS\system32\customercare.ico
2008-08-02 10:33 . 2003-10-06 22:37 26,694 --a------ C:\WINDOWS\system32\about.ico
2008-07-19 22:37 . 2008-07-19 22:37 <DIR> d-------- C:\Documents and Settings\USER\Contacts
2008-07-11 19:06 . 2008-07-11 19:06 <DIR> d--hs---- C:\FOUND.014
2008-07-11 18:55 . 2008-07-11 18:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-10 19:47 . 2006-08-16 20:59 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 13:58 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 13:58 --------- d-----w C:\Program Files\Windows Live
2008-07-06 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 09:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 09:48 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 09:48 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 17:39 243,200 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 243,200 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 13:53 --------- d-----w C:\Program Files\AVG
2008-06-18 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-15 23:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 22:37 4,506 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnnotatedJpgOverlay]
@="{846F1C20-3769-4659-BFDC-088B51FBFBD8}"
[HKEY_CLASSES_ROOT\CLSID\{846F1C20-3769-4659-BFDC-088B51FBFBD8}]
2008-02-14 18:43 368640 --a------ C:\Program Files\FotoTagger\FotoTaggerToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-02-18 00:24 890624]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 16:48 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 03:17 58488]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-11-22 17:53 2785256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 20:50 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 18:49 1232152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\USER\My Documents\atarashikotoba.html
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\USER\デスクトップ\Hoc tieng Nhat bang Yansan.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^pccmsi.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\pccmsi.lnk
backup=C:\WINDOWS\pss\pccmsi.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Adobe Gamma.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^hamachi.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^officexp.exe]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\officexp.exe
backup=C:\WINDOWS\pss\officexp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Tencent QQ.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2008-07-14 11:52 883992 C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-08-25 14:21 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
--a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-14 03:17 58488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-03-17 15:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eNMTray.exe]
--a------ 2006-03-21 11:06 225280 C:\Acer\Empowering Technology\eNet\eNMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
--a------ 2006-04-04 18:08 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-02-12 22:54 157696 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-02-18 00:24 890624 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-28 13:52 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-28 13:55 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jhoos]
--a------ 2008-04-03 17:54 33280 C:\Program Files\Jhoos\Jhoos.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-04-06 19:00 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-04-06 19:06 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-04-06 19:22 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2005-11-07 17:12 1540003 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-05-17 19:04 151552 C:\Program Files\Acer\Acer Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-03 16:48 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Softany Monitor Control]
--a------ 2007-02-13 23:01 1257472 C:\Program Files\Softany\Monitor Control\MonitorControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-01-08 07:16 692315 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-01-08 07:17 102491 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 20:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Share\\EMPIRESX.EXE"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"C:\\Program Files\\Vypress Chat\\VyChat.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 18:48]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 18:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 18:48]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 18:49]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 03:46]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2006-07-21 12:12]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2006-07-21 12:13]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2006-07-21 12:13]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2006-07-21 12:14]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2006-07-21 12:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8761a4a-f8a9-11db-87c1-0016365a7d4a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
.
Contents of the 'Scheduled Tasks' folder
2008-06-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{F111361E-EBF9-458C-81C3-20783A38200D} - C:\WINDOWS\bgrqfetx.dll
MSConfigStartUp-Antivirus - C:\Program Files\VAV\vav.exe
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
MSConfigStartUp-Blaero Start Orb - C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
MSConfigStartUp-LClock - C:\Program Files\LClock\LClock.exe
MSConfigStartUp-LManager - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
MSConfigStartUp-My Web Search Bar - C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-P2P Networking - C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
MSConfigStartUp-Run - C:\Documents and Settings\USER\Application Data\Adobe\Manager.exe
MSConfigStartUp-stup - C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll
MSConfigStartUp-Styler - C:\Program Files\Styler\Styler.exe
MSConfigStartUp-updateMgr - c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Vista Sidebar - C:\Program Files\Vista Sidebar\sidebar.exe
MSConfigStartUp-VisualTooltip - C:\Program Files\VisualTooltip\VisualToolTip.exe
MSConfigStartUp-WhenUSave - C:\Program Files\Save\Save.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\ont1fj4o.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\PROGRA~1\YAHOO!\COMMON\npyaxmpb.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30226.2\npctrl.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 18:03:20
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 32768 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Completion time: 2008-08-10 18:07:14 - machine was rebooted [USER]
ComboFix-quarantined-files.txt 2008-08-10 09:06:56
Pre-Run: 5,888,114,688 バイトの空き領域
Post-Run: 5,165,940,736 バイトの空き領域
WindowsXP-KB310994-SP2-Home-BootDisk-JPN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
408 --- E O F --- 2008-07-30 10:03:13
Please help me to fix this problem.
Cheers,
SeeS
#4
Posted 10 August 2008 - 11:03 AM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Uninstall Jhoos and Advantage via the Add/Remove Programs panel if found.
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not click on combofix's window while it's running. That may cause it to stall.
How is it running so far?
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Save this as CFScript.txt in the same location as the ComboFix.exe tool.File::
C:\WINDOWS\system32\customercare.ico
C:\WINDOWS\system32\about.ico
Folder::
C:\FOUND.015
C:\Program Files\Jhoos
C:\Program Files\AdVantage
C:\FOUND.014
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jhoos]
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not click on combofix's window while it's running. That may cause it to stall.
How is it running so far?
#5
Posted 10 August 2008 - 05:03 PM
Kim Bach
- Topic Starter
-
- Member
-
- 6 posts
New Member
Hi greyknight17,
ComboFix had run well until I got the log file. But after that, I could not open the start bar, and could not see the task bar
. So, I pressed the power button to restart my computer. The following is the log.
ComboFix 08-08-09.03 - USER 2008-08-11 7:33:04.2 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.337 [GMT 9:00]
Running from: C:\Documents and Settings\USER\デスクトップ\ComboFix.exe
Command switches used :: F:\Check virus\CFScript.txt
FILE ::
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\customercare.ico
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\USER\デスクトップ\Vista Antivirus 2008.lnk
C:\FOUND.014
C:\FOUND.014\FILE0000.CHK
C:\FOUND.014\FILE0001.CHK
C:\FOUND.014\FILE0002.CHK
C:\FOUND.014\FILE0003.CHK
C:\FOUND.014\FILE0004.CHK
C:\FOUND.014\FILE0005.CHK
C:\FOUND.014\FILE0006.CHK
C:\FOUND.014\FILE0007.CHK
C:\FOUND.014\FILE0008.CHK
C:\FOUND.014\FILE0009.CHK
C:\FOUND.014\FILE0010.CHK
C:\FOUND.014\FILE0011.CHK
C:\FOUND.014\FILE0012.CHK
C:\FOUND.014\FILE0013.CHK
C:\FOUND.014\FILE0014.CHK
C:\FOUND.014\FILE0015.CHK
C:\FOUND.014\FILE0016.CHK
C:\FOUND.014\FILE0017.CHK
C:\FOUND.014\FILE0018.CHK
C:\FOUND.014\FILE0019.CHK
C:\FOUND.014\FILE0020.CHK
C:\FOUND.014\FILE0021.CHK
C:\FOUND.014\FILE0022.CHK
C:\FOUND.014\FILE0023.CHK
C:\FOUND.014\FILE0024.CHK
C:\FOUND.014\FILE0025.CHK
C:\FOUND.014\FILE0026.CHK
C:\FOUND.014\FILE0027.CHK
C:\FOUND.014\FILE0028.CHK
C:\FOUND.014\FILE0029.CHK
C:\FOUND.014\FILE0030.CHK
C:\FOUND.015
C:\FOUND.015\FILE0000.CHK
C:\FOUND.015\FILE0001.CHK
C:\FOUND.015\FILE0002.CHK
C:\FOUND.015\FILE0003.CHK
C:\FOUND.015\FILE0004.CHK
C:\FOUND.015\FILE0005.CHK
C:\FOUND.015\FILE0006.CHK
C:\FOUND.015\FILE0007.CHK
C:\FOUND.015\FILE0008.CHK
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\customercare.ico
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 12:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 00:47 . 2008-08-10 00:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 23:58 . 2008-08-09 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-09 23:49 . 2008-08-07 16:28 <DIR> d-------- C:\SDFix
2008-08-09 21:26 . 2008-08-09 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-19 22:37 . 2008-07-19 22:37 <DIR> d-------- C:\Documents and Settings\USER\Contacts
2008-07-11 18:55 . 2008-07-11 18:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-10 19:47 . 2006-08-16 20:59 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 04:25 20 ----a-w C:\sccfg.sys
2008-07-06 13:58 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 13:58 --------- d-----w C:\Program Files\Windows Live
2008-07-06 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 09:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 09:48 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 09:48 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 17:39 243,200 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 243,200 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 13:53 --------- d-----w C:\Program Files\AVG
2008-06-18 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-15 23:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 22:37 4,506 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnnotatedJpgOverlay]
@="{846F1C20-3769-4659-BFDC-088B51FBFBD8}"
[HKEY_CLASSES_ROOT\CLSID\{846F1C20-3769-4659-BFDC-088B51FBFBD8}]
2008-02-14 18:43 368640 --a------ C:\Program Files\FotoTagger\FotoTaggerToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-02-18 00:24 890624]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 16:48 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 03:17 58488]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-11-22 17:53 2785256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 20:50 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 18:49 1232152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\USER\デスクトップ\Hoc tieng Nhat bang Yansan.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^pccmsi.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\pccmsi.lnk
backup=C:\WINDOWS\pss\pccmsi.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Adobe Gamma.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^hamachi.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^officexp.exe]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\officexp.exe
backup=C:\WINDOWS\pss\officexp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Tencent QQ.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-08-25 14:21 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
--a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-14 03:17 58488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-03-17 15:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eNMTray.exe]
--a------ 2006-03-21 11:06 225280 C:\Acer\Empowering Technology\eNet\eNMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
--a------ 2006-04-04 18:08 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-02-12 22:54 157696 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-02-18 00:24 890624 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-28 13:52 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-28 13:55 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-04-06 19:00 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-04-06 19:06 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-04-06 19:22 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2005-11-07 17:12 1540003 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-05-17 19:04 151552 C:\Program Files\Acer\Acer Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-03 16:48 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Softany Monitor Control]
--a------ 2007-02-13 23:01 1257472 C:\Program Files\Softany\Monitor Control\MonitorControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-01-08 07:16 692315 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-01-08 07:17 102491 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 20:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Share\\EMPIRESX.EXE"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"C:\\Program Files\\Vypress Chat\\VyChat.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 18:48]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 18:48]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 18:48]
S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 18:49]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
S2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 03:46]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2006-07-21 12:12]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2006-07-21 12:13]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2006-07-21 12:13]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2006-07-21 12:14]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2006-07-21 12:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8761a4a-f8a9-11db-87c1-0016365a7d4a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-06-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 07:35:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-11 7:35:35
ComboFix-quarantined-files.txt 2008-08-10 22:35:34
ComboFix2.txt 2008-08-10 09:07:18
Pre-Run: 5,672,697,856 バイトの空き領域
Post-Run: 5,656,641,536 バイトの空き領域
306 --- E O F --- 2008-07-30 10:03:13
ComboFix had run well until I got the log file. But after that, I could not open the start bar, and could not see the task bar
. So, I pressed the power button to restart my computer. The following is the log.ComboFix 08-08-09.03 - USER 2008-08-11 7:33:04.2 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.337 [GMT 9:00]
Running from: C:\Documents and Settings\USER\デスクトップ\ComboFix.exe
Command switches used :: F:\Check virus\CFScript.txt
FILE ::
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\customercare.ico
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\USER\デスクトップ\Vista Antivirus 2008.lnk
C:\FOUND.014
C:\FOUND.014\FILE0000.CHK
C:\FOUND.014\FILE0001.CHK
C:\FOUND.014\FILE0002.CHK
C:\FOUND.014\FILE0003.CHK
C:\FOUND.014\FILE0004.CHK
C:\FOUND.014\FILE0005.CHK
C:\FOUND.014\FILE0006.CHK
C:\FOUND.014\FILE0007.CHK
C:\FOUND.014\FILE0008.CHK
C:\FOUND.014\FILE0009.CHK
C:\FOUND.014\FILE0010.CHK
C:\FOUND.014\FILE0011.CHK
C:\FOUND.014\FILE0012.CHK
C:\FOUND.014\FILE0013.CHK
C:\FOUND.014\FILE0014.CHK
C:\FOUND.014\FILE0015.CHK
C:\FOUND.014\FILE0016.CHK
C:\FOUND.014\FILE0017.CHK
C:\FOUND.014\FILE0018.CHK
C:\FOUND.014\FILE0019.CHK
C:\FOUND.014\FILE0020.CHK
C:\FOUND.014\FILE0021.CHK
C:\FOUND.014\FILE0022.CHK
C:\FOUND.014\FILE0023.CHK
C:\FOUND.014\FILE0024.CHK
C:\FOUND.014\FILE0025.CHK
C:\FOUND.014\FILE0026.CHK
C:\FOUND.014\FILE0027.CHK
C:\FOUND.014\FILE0028.CHK
C:\FOUND.014\FILE0029.CHK
C:\FOUND.014\FILE0030.CHK
C:\FOUND.015
C:\FOUND.015\FILE0000.CHK
C:\FOUND.015\FILE0001.CHK
C:\FOUND.015\FILE0002.CHK
C:\FOUND.015\FILE0003.CHK
C:\FOUND.015\FILE0004.CHK
C:\FOUND.015\FILE0005.CHK
C:\FOUND.015\FILE0006.CHK
C:\FOUND.015\FILE0007.CHK
C:\FOUND.015\FILE0008.CHK
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\customercare.ico
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 12:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 00:47 . 2008-08-10 00:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 23:58 . 2008-08-09 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-09 23:49 . 2008-08-07 16:28 <DIR> d-------- C:\SDFix
2008-08-09 21:26 . 2008-08-09 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-19 22:37 . 2008-07-19 22:37 <DIR> d-------- C:\Documents and Settings\USER\Contacts
2008-07-11 18:55 . 2008-07-11 18:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-10 19:47 . 2006-08-16 20:59 100,352 --------- C:\WINDOWS\system32\dllcache\6to4svc.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 04:25 20 ----a-w C:\sccfg.sys
2008-07-06 13:58 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 13:58 --------- d-----w C:\Program Files\Windows Live
2008-07-06 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 09:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 09:48 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 09:48 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 17:39 243,200 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 243,200 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 13:53 --------- d-----w C:\Program Files\AVG
2008-06-18 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-15 23:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 22:37 4,506 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnnotatedJpgOverlay]
@="{846F1C20-3769-4659-BFDC-088B51FBFBD8}"
[HKEY_CLASSES_ROOT\CLSID\{846F1C20-3769-4659-BFDC-088B51FBFBD8}]
2008-02-14 18:43 368640 --a------ C:\Program Files\FotoTagger\FotoTaggerToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-02-18 00:24 890624]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 16:48 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 03:17 58488]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-11-22 17:53 2785256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 20:50 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 18:49 1232152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\USER\デスクトップ\Hoc tieng Nhat bang Yansan.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^pccmsi.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\pccmsi.lnk
backup=C:\WINDOWS\pss\pccmsi.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Adobe Gamma.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^hamachi.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^officexp.exe]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\officexp.exe
backup=C:\WINDOWS\pss\officexp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Tencent QQ.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-08-25 14:21 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
--a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-14 03:17 58488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-03-17 15:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eNMTray.exe]
--a------ 2006-03-21 11:06 225280 C:\Acer\Empowering Technology\eNet\eNMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
--a------ 2006-04-04 18:08 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-02-12 22:54 157696 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-02-18 00:24 890624 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-28 13:52 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-28 13:55 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-04-06 19:00 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-04-06 19:06 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-04-06 19:22 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2005-11-07 17:12 1540003 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-05-17 19:04 151552 C:\Program Files\Acer\Acer Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-03 16:48 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Softany Monitor Control]
--a------ 2007-02-13 23:01 1257472 C:\Program Files\Softany\Monitor Control\MonitorControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-01-08 07:16 692315 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-01-08 07:17 102491 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 20:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Share\\EMPIRESX.EXE"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"C:\\Program Files\\Vypress Chat\\VyChat.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 18:48]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 18:48]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 18:48]
S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 18:49]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
S2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 03:46]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2006-07-21 12:12]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2006-07-21 12:13]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2006-07-21 12:13]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2006-07-21 12:14]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2006-07-21 12:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8761a4a-f8a9-11db-87c1-0016365a7d4a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-06-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 07:35:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-11 7:35:35
ComboFix-quarantined-files.txt 2008-08-10 22:35:34
ComboFix2.txt 2008-08-10 09:07:18
Pre-Run: 5,672,697,856 バイトの空き領域
Post-Run: 5,656,641,536 バイトの空き領域
306 --- E O F --- 2008-07-30 10:03:13
#6
Posted 10 August 2008 - 05:58 PM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not click on combofix's window while it's running. That may cause it to stall.
Is everything back to normal now? Can you access your computer in Normal Mode?
Save this as CFScript.txt in the same location as the ComboFix.exe tool.Rootkit::
C:\sccfg.sys
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not click on combofix's window while it's running. That may cause it to stall.
Is everything back to normal now? Can you access your computer in Normal Mode?
#7
Posted 11 August 2008 - 06:31 AM
Kim Bach
- Topic Starter
-
- Member
-
- 6 posts
New Member
Thanks greyknight17 so much.
My computer is back to normal now.
And here is the ComboFix's log file.
By the way, can you recommend me some of anti-spyware, malware programs?
ComboFix 08-08-09.03 - USER 2008-08-11 20:48:00.3 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.346 [GMT 9:00]
Running from: C:\Documents and Settings\USER\デスクトップ\ComboFix.exe
Command switches used :: C:\Documents and Settings\USER\デスクトップ\CFSCript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sccfg.sys
.
((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 12:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 00:47 . 2008-08-10 00:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 23:58 . 2008-08-09 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-09 23:49 . 2008-08-07 16:28 <DIR> d-------- C:\SDFix
2008-08-09 21:26 . 2008-08-09 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-19 22:37 . 2008-07-19 22:37 <DIR> d-------- C:\Documents and Settings\USER\Contacts
2008-07-11 18:55 . 2008-07-11 18:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 13:58 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 13:58 --------- d-----w C:\Program Files\Windows Live
2008-07-06 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 09:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 09:48 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 09:48 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 17:39 243,200 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 243,200 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 13:53 --------- d-----w C:\Program Files\AVG
2008-06-18 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-15 23:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 22:37 4,506 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( snapshot@2008-08-10_18.04.14.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-11 11:51:18 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_4e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnnotatedJpgOverlay]
@="{846F1C20-3769-4659-BFDC-088B51FBFBD8}"
[HKEY_CLASSES_ROOT\CLSID\{846F1C20-3769-4659-BFDC-088B51FBFBD8}]
2008-02-14 18:43 368640 --a------ C:\Program Files\FotoTagger\FotoTaggerToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-02-18 00:24 890624]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 16:48 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 03:17 58488]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-11-22 17:53 2785256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 20:50 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 18:49 1232152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\USER\デスクトップ\Hoc tieng Nhat bang Yansan.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^pccmsi.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\pccmsi.lnk
backup=C:\WINDOWS\pss\pccmsi.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Adobe Gamma.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^hamachi.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^officexp.exe]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\officexp.exe
backup=C:\WINDOWS\pss\officexp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Tencent QQ.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-08-25 14:21 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
--a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-14 03:17 58488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-03-17 15:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eNMTray.exe]
--a------ 2006-03-21 11:06 225280 C:\Acer\Empowering Technology\eNet\eNMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
--a------ 2006-04-04 18:08 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-02-12 22:54 157696 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-02-18 00:24 890624 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-28 13:52 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-28 13:55 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-04-06 19:00 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-04-06 19:06 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-04-06 19:22 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2005-11-07 17:12 1540003 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-05-17 19:04 151552 C:\Program Files\Acer\Acer Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-03 16:48 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Softany Monitor Control]
--a------ 2007-02-13 23:01 1257472 C:\Program Files\Softany\Monitor Control\MonitorControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-01-08 07:16 692315 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-01-08 07:17 102491 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 20:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Share\\EMPIRESX.EXE"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"C:\\Program Files\\Vypress Chat\\VyChat.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 18:48]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 18:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 18:48]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 18:49]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 03:46]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2006-07-21 12:12]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2006-07-21 12:13]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2006-07-21 12:13]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2006-07-21 12:14]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2006-07-21 12:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8761a4a-f8a9-11db-87c1-0016365a7d4a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
.
Contents of the 'Scheduled Tasks' folder
2008-06-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 20:52:00
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 32768 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\system32\conime.exe
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGEMC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Completion time: 2008-08-11 21:01:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-11 12:01:04
ComboFix3.txt 2008-08-10 09:07:18
ComboFix2.txt 2008-08-10 22:35:38
Pre-Run: 5,666,734,080 バイトの空き領域
Post-Run: 5,118,722,048 バイトの空き領域
294 --- E O F --- 2008-07-30 10:03:13
My computer is back to normal now.
And here is the ComboFix's log file.
By the way, can you recommend me some of anti-spyware, malware programs?
ComboFix 08-08-09.03 - USER 2008-08-11 20:48:00.3 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.346 [GMT 9:00]
Running from: C:\Documents and Settings\USER\デスクトップ\ComboFix.exe
Command switches used :: C:\Documents and Settings\USER\デスクトップ\CFSCript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sccfg.sys
.
((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 12:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 00:47 . 2008-08-10 00:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 23:58 . 2008-08-09 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-09 23:49 . 2008-08-07 16:28 <DIR> d-------- C:\SDFix
2008-08-09 21:26 . 2008-08-09 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-19 22:37 . 2008-07-19 22:37 <DIR> d-------- C:\Documents and Settings\USER\Contacts
2008-07-11 18:55 . 2008-07-11 18:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 13:58 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 13:58 --------- d-----w C:\Program Files\Windows Live
2008-07-06 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 09:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 09:48 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 09:48 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 17:39 243,200 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 243,200 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 13:53 --------- d-----w C:\Program Files\AVG
2008-06-18 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-15 23:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 22:37 4,506 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( snapshot@2008-08-10_18.04.14.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-11 11:51:18 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_4e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnnotatedJpgOverlay]
@="{846F1C20-3769-4659-BFDC-088B51FBFBD8}"
[HKEY_CLASSES_ROOT\CLSID\{846F1C20-3769-4659-BFDC-088B51FBFBD8}]
2008-02-14 18:43 368640 --a------ C:\Program Files\FotoTagger\FotoTaggerToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-02-18 00:24 890624]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 16:48 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 03:17 58488]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-11-22 17:53 2785256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 20:50 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 18:49 1232152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\USER\デスクトップ\Hoc tieng Nhat bang Yansan.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^pccmsi.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\pccmsi.lnk
backup=C:\WINDOWS\pss\pccmsi.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Adobe Gamma.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^hamachi.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^officexp.exe]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\officexp.exe
backup=C:\WINDOWS\pss\officexp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Tencent QQ.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-08-25 14:21 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
--a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-14 03:17 58488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-03-17 15:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eNMTray.exe]
--a------ 2006-03-21 11:06 225280 C:\Acer\Empowering Technology\eNet\eNMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
--a------ 2006-04-04 18:08 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-02-12 22:54 157696 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-02-18 00:24 890624 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-28 13:52 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-28 13:55 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-04-06 19:00 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-04-06 19:06 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-04-06 19:22 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2005-11-07 17:12 1540003 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-05-17 19:04 151552 C:\Program Files\Acer\Acer Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-03 16:48 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Softany Monitor Control]
--a------ 2007-02-13 23:01 1257472 C:\Program Files\Softany\Monitor Control\MonitorControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-01-08 07:16 692315 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-01-08 07:17 102491 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 20:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Share\\EMPIRESX.EXE"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"C:\\Program Files\\Vypress Chat\\VyChat.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 18:48]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 18:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 18:48]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 18:49]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 03:46]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2006-07-21 12:12]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2006-07-21 12:13]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2006-07-21 12:13]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2006-07-21 12:14]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2006-07-21 12:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8761a4a-f8a9-11db-87c1-0016365a7d4a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
.
Contents of the 'Scheduled Tasks' folder
2008-06-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 20:52:00
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 32768 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\system32\conime.exe
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGEMC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Completion time: 2008-08-11 21:01:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-11 12:01:04
ComboFix3.txt 2008-08-10 09:07:18
ComboFix2.txt 2008-08-10 22:35:38
Pre-Run: 5,666,734,080 バイトの空き領域
Post-Run: 5,118,722,048 バイトの空き領域
294 --- E O F --- 2008-07-30 10:03:13
#8
Posted 11 August 2008 - 07:08 PM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Seems to still be there....let's try this again:
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not click on combofix's window while it's running. That may cause it to stall.
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:
Save this as CFScript.txt in the same location as the ComboFix.exe tool.Rootkit::
C:\sccfg.sys
File::
C:\sccfg.sys
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.
Note: Do not click on combofix's window while it's running. That may cause it to stall.
#9
Posted 12 August 2008 - 07:26 AM
Kim Bach
- Topic Starter
-
- Member
-
- 6 posts
New Member
Hi Greyknight17,
My computer is still infected by spywares?
Here is the log again:
ComboFix 08-08-11.01 - USER 2008-08-12 22:08:50.4 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.320 [GMT 9:00]
Running from: C:\Documents and Settings\USER\デスクトップ\ComboFix.exe
Command switches used :: C:\Documents and Settings\USER\デスクトップ\CFScript.txt
FILE ::
C:\sccfg.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sccfg.sys
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 12:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 00:47 . 2008-08-10 00:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 23:58 . 2008-08-09 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-09 23:49 . 2008-08-07 16:28 <DIR> d-------- C:\SDFix
2008-08-09 21:26 . 2008-08-09 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-19 22:37 . 2008-07-19 22:37 <DIR> d-------- C:\Documents and Settings\USER\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 09:55 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-06 13:58 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 13:58 --------- d-----w C:\Program Files\Windows Live
2008-07-06 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 09:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 09:48 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 09:48 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 17:39 243,200 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 243,200 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 13:53 --------- d-----w C:\Program Files\AVG
2008-06-18 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-15 23:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 22:37 4,506 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( snapshot@2008-08-10_18.04.14.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-12 13:11:52 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_44c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnnotatedJpgOverlay]
@="{846F1C20-3769-4659-BFDC-088B51FBFBD8}"
[HKEY_CLASSES_ROOT\CLSID\{846F1C20-3769-4659-BFDC-088B51FBFBD8}]
2008-02-14 18:43 368640 --a------ C:\Program Files\FotoTagger\FotoTaggerToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-02-18 00:24 890624]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 16:48 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 03:17 58488]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-11-22 17:53 2785256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 20:50 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 18:49 1232152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\USER\デスクトップ\Hoc tieng Nhat bang Yansan.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^pccmsi.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\pccmsi.lnk
backup=C:\WINDOWS\pss\pccmsi.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Adobe Gamma.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^hamachi.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^officexp.exe]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\officexp.exe
backup=C:\WINDOWS\pss\officexp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Tencent QQ.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-08-25 14:21 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
--a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-14 03:17 58488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-03-17 15:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eNMTray.exe]
--a------ 2006-03-21 11:06 225280 C:\Acer\Empowering Technology\eNet\eNMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
--a------ 2006-04-04 18:08 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-02-12 22:54 157696 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-02-18 00:24 890624 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-28 13:52 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-28 13:55 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-04-06 19:00 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-04-06 19:06 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-04-06 19:22 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2005-11-07 17:12 1540003 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-05-17 19:04 151552 C:\Program Files\Acer\Acer Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-03 16:48 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Softany Monitor Control]
--a------ 2007-02-13 23:01 1257472 C:\Program Files\Softany\Monitor Control\MonitorControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-01-08 07:16 692315 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-01-08 07:17 102491 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 20:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Share\\EMPIRESX.EXE"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"C:\\Program Files\\Vypress Chat\\VyChat.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 18:48]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 18:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 18:48]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 18:49]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 03:46]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2006-07-21 12:12]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2006-07-21 12:13]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2006-07-21 12:13]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2006-07-21 12:14]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2006-07-21 12:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8761a4a-f8a9-11db-87c1-0016365a7d4a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
.
Contents of the 'Scheduled Tasks' folder
2008-06-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 22:12:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 32768 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGEMC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-08-12 22:19:24 - machine was rebooted [USER]
ComboFix-quarantined-files.txt 2008-08-12 13:19:18
ComboFix4.txt 2008-08-10 09:07:18
ComboFix3.txt 2008-08-10 22:35:38
ComboFix2.txt 2008-08-11 12:01:18
Pre-Run: 5,575,376,896 バイトの空き領域
Post-Run: 5,028,872,192 バイトの空き領域
296 --- E O F --- 2008-07-30 10:03:13
My computer is still infected by spywares?
Here is the log again:
ComboFix 08-08-11.01 - USER 2008-08-12 22:08:50.4 - FAT32x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.932.1.1041.18.320 [GMT 9:00]
Running from: C:\Documents and Settings\USER\デスクトップ\ComboFix.exe
Command switches used :: C:\Documents and Settings\USER\デスクトップ\CFScript.txt
FILE ::
C:\sccfg.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\sccfg.sys
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\USER\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 12:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 12:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 00:47 . 2008-08-10 00:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-09 23:58 . 2008-08-09 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-09 23:49 . 2008-08-07 16:28 <DIR> d-------- C:\SDFix
2008-08-09 21:26 . 2008-08-09 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-19 22:37 . 2008-07-19 22:37 <DIR> d-------- C:\Documents and Settings\USER\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 09:55 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-06 13:58 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 13:58 --------- d-----w C:\Program Files\Windows Live
2008-07-06 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 09:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 09:48 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 09:48 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 17:39 243,200 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 243,200 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 13:53 --------- d-----w C:\Program Files\AVG
2008-06-18 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:57 270,464 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-15 23:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-20 22:37 4,506 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((( snapshot@2008-08-10_18.04.14.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-12 13:11:52 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_44c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AnnotatedJpgOverlay]
@="{846F1C20-3769-4659-BFDC-088B51FBFBD8}"
[HKEY_CLASSES_ROOT\CLSID\{846F1C20-3769-4659-BFDC-088B51FBFBD8}]
2008-02-14 18:43 368640 --a------ C:\Program Files\FotoTagger\FotoTaggerToolbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-02-18 00:24 890624]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 16:48 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-14 03:17 58488]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-11-22 17:53 2785256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-25 20:50 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 18:49 1232152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\USER\デスクトップ\Hoc tieng Nhat bang Yansan.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Acer Empowering Technology.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Acer Empowering Technology.lnk
backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^pccmsi.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\pccmsi.lnk
backup=C:\WINDOWS\pss\pccmsi.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^スタート メニュー^プログラム^スタートアップ^Vypress Chat StartUp.lnk]
path=C:\Documents and Settings\All Users\スタート メニュー\プログラム\スタートアップ\Vypress Chat StartUp.lnk
backup=C:\WINDOWS\pss\Vypress Chat StartUp.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Adobe Gamma.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^hamachi.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^officexp.exe]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\officexp.exe
backup=C:\WINDOWS\pss\officexp.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^USER^スタート メニュー^プログラム^スタートアップ^Tencent QQ.lnk]
path=C:\Documents and Settings\USER\スタート メニュー\プログラム\スタートアップ\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
--a------ 2006-03-31 16:39 204800 C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-08-25 14:21 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
--a------ 2006-03-15 22:12 579584 C:\Acer\Empowering Technology\ePower\Boot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-08-14 03:17 58488 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2006-03-17 15:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eNMTray.exe]
--a------ 2006-03-21 11:06 225280 C:\Acer\Empowering Technology\eNet\eNMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
--a------ 2006-04-04 18:08 421888 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
--a------ 2006-04-28 16:43 401408 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-02-12 22:54 157696 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-02-18 00:24 890624 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-28 13:52 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-11-28 13:55 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageItEncrypt]
--a------ 2005-12-30 14:02 40960 C:\WINDOWS\system32\ImageItEncrypt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 05:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-04-06 19:00 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-04-06 19:06 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-04-06 19:22 225280 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-14 01:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 17:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2005-11-07 17:12 1540003 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2006-05-17 19:04 151552 C:\Program Files\Acer\Acer Arcade\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 05:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-03 16:48 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Softany Monitor Control]
--a------ 2007-02-13 23:01 1257472 C:\Program Files\Softany\Monitor Control\MonitorControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-01-08 07:16 692315 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-01-08 07:17 102491 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-25 20:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 13:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-02-27 17:28 16005120 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Kazaa\\kazaa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Share\\EMPIRESX.EXE"=
"C:\\WINDOWS\\System32\\dplaysvr.exe"=
"C:\\Program Files\\Vypress Chat\\VyChat.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 18:48]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 18:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 18:48]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 18:49]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-04-06 03:46]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 19:30]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 sssdbus;SAMSUNG WMC Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sssdbus.sys [2006-07-21 12:12]
S3 sssdmdfl;SAMSUNG Modem Filter;C:\WINDOWS\system32\DRIVERS\sssdmdfl.sys [2006-07-21 12:13]
S3 sssdmdm;SAMSUNG Modem Driver;C:\WINDOWS\system32\DRIVERS\sssdmdm.sys [2006-07-21 12:13]
S3 sssdmgmt;SAMSUNG AT command Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdmgmt.sys [2006-07-21 12:14]
S3 sssdobex;SAMSUNG OBEX Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sssdobex.sys [2006-07-21 12:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8761a4a-f8a9-11db-87c1-0016365a7d4a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
.
Contents of the 'Scheduled Tasks' folder
2008-06-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 22:12:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\sccfg.sys 32768 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGWDSVC.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGRSX.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAM FILES\AVG\AVG8\AVGEMC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-08-12 22:19:24 - machine was rebooted [USER]
ComboFix-quarantined-files.txt 2008-08-12 13:19:18
ComboFix4.txt 2008-08-10 09:07:18
ComboFix3.txt 2008-08-10 22:35:38
ComboFix2.txt 2008-08-11 12:01:18
Pre-Run: 5,575,376,896 バイトの空き領域
Post-Run: 5,028,872,192 バイトの空き領域
296 --- E O F --- 2008-07-30 10:03:13
Edited by Kim Bach, 12 August 2008 - 07:27 AM.
#10
Posted 12 August 2008 - 07:47 PM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Hi Kim, yes your log is clean. Was going in circles trying to remove that file earlier...it's not harmful. It belongs to a program called FolderLock 
Good job. Your log is clean.
To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.
Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
Good job. Your log is clean.
To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.
Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
#11
Posted 12 August 2008 - 08:12 PM
Kim Bach
- Topic Starter
-
- Member
-
- 6 posts
New Member
Thanks Grey Knight,
You're right. That file belongs to the program called Folder Lock. I used it quite long ago.
You did a great job to me.
Thank you so much for the tutorial too
Have a nice day
You're right. That file belongs to the program called Folder Lock. I used it quite long ago.
You did a great job to me
.Thank you so much for the tutorial too
Have a nice day
#12
Posted 13 August 2008 - 04:00 PM
greyknight17
-
- Visiting Consultant
-
- 16,560 posts
Malware Expert
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
