Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dialog Box when I start my computer [RESOLVED]

Started by 20LEGEND , Mar 19 2008 12:02 PM

  • This topic is locked This topic is locked

#1
20LEGEND
Posted 19 March 2008 - 12:02 PM

20LEGEND

    Member

  • Member
  • PipPip
  • 45 posts
My computer is working slower than usual.

My PC automatically started opening random sites.

There is a dialog box that opens when i start my computer and dissapears automatically after some time.

mrofinu1535.exe tried to access the internet. I have blocked it, butI do not know if its a virus or not.
  • 0

Advertisements

#2
20LEGEND
Posted 20 March 2008 - 08:17 AM

20LEGEND

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
p.s. my net speed is slower than usual too

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:47:50, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\spoolsv32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu1535.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wmiprvse.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Kunal Goel\Desktop\HiJackThis.exe
C:\Program Files\LimeWire\LimeWire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\spoolsv32.exe
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [40189738] rundll32.exe "C:\WINDOWS\system32\giphqimj.dll",b
O4 - HKLM\..\Run: [BM432ba4a4] Rundll32.exe "C:\WINDOWS\system32\adsfeekt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [winmgmt] C:\WINDOWS\system32\wmiprvse.exe
O4 - HKLM\..\Policies\Explorer\Run: [PolicyRun] C:\WINDOWS\system32\spoolsv32.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab50997.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab50997.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://arjungoel.spa...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab50997.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63BB790C-F5CF-4719-A350-51D952BD1D5D}: NameServer = 202.56.215.55,202.56.215.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{C48740A1-5038-44E4-99D7-116936BBD2B5}: NameServer = 203.94.243.70,203.94.227.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAAE1DA6-C0E1-4749-B5B8-B4C7557B40CD}: NameServer = 203.94.243.70,203.94.227.70
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14041 bytes
  • 0

#3
20LEGEND
Posted 23 March 2008 - 01:03 AM

20LEGEND

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
ComboFix Log:

ComboFix 08-03-22.1 - Kunal Goel 2008-03-23 10:29:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1465 [GMT 5.5:30]
Running from: C:\Documents and Settings\Kunal Goel\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM432ba4a4.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aqaocwtx.ini
C:\WINDOWS\system32\cqdsfpru.dll
C:\WINDOWS\system32\ffgqsxha.dll
C:\WINDOWS\system32\gygslhon.dll
C:\WINDOWS\system32\hcokbgtk.dll
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\oiugfxrx.dll
C:\WINDOWS\system32\pyrmdjap.dll
C:\WINDOWS\system32\qacfnlkx.dll
C:\WINDOWS\system32\rppcinmk.dll
C:\WINDOWS\system32\trljknli.dll
C:\WINDOWS\system32\xtwcoaqa.dll

----- BITS: Possible infected sites -----

hxxp://flyvideonetwork.com
hxxp://flycodecs.com
hxxp://flycsodecs.com
.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 03:06 . 2008-03-23 03:08 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-03-23 03:05 . 2008-03-23 03:06 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-23 03:05 . 2008-03-23 10:08 31,767 --ah----- C:\WINDOWS\system32\vsconfig.xml
2008-03-23 02:48 . 2008-03-23 10:09 <DIR> d-------- C:\Documents and Settings\Kunal Goel\Application Data\AVG7
2008-03-23 02:47 . 2008-03-23 02:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-23 02:47 . 2008-03-23 02:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-23 02:47 . 2008-03-23 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-23 02:29 . 2008-03-23 02:29 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-23 02:23 . 2008-03-23 03:12 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-23 02:06 . 2008-03-23 02:06 <DIR> d-------- C:\Documents and Settings\Administrator\Bluetooth Software
2008-03-22 21:01 . 2008-03-22 23:09 1,254 --ahs---- C:\WINDOWS\system32\mlbfbwmc.ini
2008-03-21 21:00 . 2008-03-22 21:01 1,134 --ahs---- C:\WINDOWS\system32\hncxbxgo.ini
2008-03-18 21:19 . 2008-03-21 20:55 1,014 --ahs---- C:\WINDOWS\system32\jmiqhpig.ini
2008-03-18 21:08 . 2008-03-18 21:12 2 --a------ C:\1075353495
2008-03-14 22:10 . 2008-03-14 22:10 173,518 --ah----- C:\WINDOWS\system32\BITF.tmp
2008-03-14 22:10 . 2008-03-14 22:10 173,518 --ah----- C:\WINDOWS\system32\BITE.tmp
2008-03-13 06:37 . 2008-03-18 20:57 <DIR> d-------- C:\Program Files\Sega
2008-03-12 12:51 . 2008-03-12 12:51 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-12 06:09 . 2008-03-12 06:09 <DIR> d-------- C:\Documents and Settings\Kunal Goel\Application Data\DAEMON Tools
2008-03-09 03:55 . 2008-03-12 04:36 10 --a------ C:\WINDOWS\popcinfo.dat
2008-03-09 03:43 . 2008-03-09 03:44 <DIR> d-------- C:\Program Files\Zuma Deluxe
2008-03-09 01:44 . 2007-10-25 21:45 88,440 -rahs---- C:\WINDOWS\system32\mgrShell.exe
2008-03-08 01:56 . 2008-03-21 19:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-08 00:54 . 2008-03-09 17:35 <DIR> d-------- C:\Program Files\Opera
2008-03-07 10:46 . 2008-03-07 10:47 <DIR> d-------- C:\Program Files\Windows Live
2008-03-07 10:46 . 2008-03-07 10:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-07 10:46 . 2008-03-07 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-03 01:43 . 2008-03-23 10:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-03 01:43 . 2008-03-03 01:43 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 21:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-22 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-22 21:08 --------- d-----w C:\Program Files\Symantec
2008-03-22 20:34 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\uTorrent
2008-03-21 13:41 --------- d-----w C:\Program Files\SpywareBlaster
2008-03-20 14:17 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\LimeWire
2008-03-13 01:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 00:39 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-08 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-03-02 20:40 --------- d-----w C:\Program Files\iTunes
2008-03-02 20:40 --------- d-----w C:\Program Files\iPod
2008-03-02 20:38 --------- d-----w C:\Program Files\QuickTime
2008-02-23 18:54 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\Xfire
2008-02-23 18:51 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\Hamachi
2008-02-23 18:48 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-22 17:26 --------- d-----w C:\Program Files\Xfire
2008-02-18 19:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-18 19:39 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\AdobeUM
2008-02-02 20:09 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\dvdcss
2007-06-14 13:43 0 ----a-w C:\Documents and Settings\Kunal Goel\Application Data\wklnhst.dat
2005-09-24 08:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-05-28 23:40 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-10-25 16:15 88,440 --sha-r C:\WINDOWS\system32\mgrShell.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A38ACE89-5C15-41AA-A174-0E7A008E2D74}]
C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF26FAC0-7D4E-46D8-AE64-B277B11443AC}]
C:\WINDOWS\system32\iesearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:30 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 19:52 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 10:26 64512]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 02:20 729178]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-08 00:26 409600]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-02 03:56 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 23:53 1187840]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 10:35 344064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-23 02:47 579072]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-08-29 19:09 980736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54 1694208]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-18 02:18 439872]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-23 02:47 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 20:30 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"PolicyRun"= C:\WINDOWS\system32\spoolsv32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhgff]
jkkhgff.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kunal Goel^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Kunal Goel\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kunal Goel^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Kunal Goel\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 04:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nxpclient]
--a------ 2007-01-11 12:19 192512 C:\Program Files\Airtel\NetXpert Agent\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-08-18 02:18 439872 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-13 01:09 94208 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-11 02:33 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-06 19:52 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 14:36]
S3 iComp;HP Analog TV Tuner;C:\WINDOWS\system32\DRIVERS\p2usbwdm.sys [2006-01-17 13:07]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-05-01 17:26]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-05-01 17:27]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-05-01 17:27]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-05-01 17:28]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-05-01 17:26]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-05-01 17:29]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-05-01 17:26]
S3 USB_RNDIS_51;USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-10 20:30]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 10:34:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-03-23 10:39:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 05:09:32
.
2008-03-12 21:34:25 --- E O F ---
  • 0

#4
Tigger93
Posted 23 March 2008 - 04:33 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome to Geekstogo! :)

Sorry for the delay.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\mlbfbwmc.ini
C:\WINDOWS\system32\hncxbxgo.ini
C:\WINDOWS\system32\jmiqhpig.ini
C:\WINDOWS\popcinfo.dat
C:\WINDOWS\system32\mgrShell.exe
C:\WINDOWS\Fonts\RandFont.dll
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\iesearch.dll
C:\WINDOWS\system32\spoolsv32.exe

Folder::
C:\1075353495\
C:\Documents and Settings\All Users\Application Data\TEMP\

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A38ACE89-5C15-41AA-A174-0E7A008E2D74}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF26FAC0-7D4E-46D8-AE64-B277B11443AC}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkhgff]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#5
20LEGEND
Posted 24 March 2008 - 02:50 AM

20LEGEND

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
ComboFix 08-03-22.1 - Kunal Goel 2008-03-24 14:13:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1445 [GMT 5.5:30]
Running from: C:\Documents and Settings\Kunal Goel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kunal Goel\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Fonts\RandFont.dll
C:\WINDOWS\popcinfo.dat
C:\WINDOWS\system32\hncxbxgo.ini
C:\WINDOWS\system32\iesearch.dll
C:\WINDOWS\system32\jmiqhpig.ini
C:\WINDOWS\system32\mgrShell.exe
C:\WINDOWS\system32\mlbfbwmc.ini
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\spoolsv32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\TEMP\
C:\WINDOWS\Fonts\RandFont.dll
C:\WINDOWS\popcinfo.dat
C:\WINDOWS\system32\hncxbxgo.ini
C:\WINDOWS\system32\jmiqhpig.ini
C:\WINDOWS\system32\mlbfbwmc.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-23 13:50 . 2008-03-24 14:18 3,483,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-23 13:50 . 2008-03-24 00:36 8,252 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-23 12:43 . 2008-03-23 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-23 12:43 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-03-23 12:43 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-23 12:42 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-03-23 03:06 . 2008-03-23 12:45 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-23 03:05 . 2008-03-23 13:50 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-23 03:05 . 2008-03-24 02:45 353,365 --ah----- C:\WINDOWS\system32\vsconfig.xml
2008-03-23 02:48 . 2008-03-24 08:00 <DIR> d-------- C:\Documents and Settings\Kunal Goel\Application Data\AVG7
2008-03-23 02:47 . 2008-03-23 02:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-23 02:47 . 2008-03-23 02:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-23 02:47 . 2008-03-23 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-23 02:29 . 2008-03-23 02:29 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-23 02:23 . 2008-03-24 14:02 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-23 02:06 . 2008-03-23 02:06 <DIR> d-------- C:\Documents and Settings\Administrator\Bluetooth Software
2008-03-18 21:08 . 2008-03-18 21:12 2 --a------ C:\1075353495
2008-03-13 06:37 . 2008-03-18 20:57 <DIR> d-------- C:\Program Files\Sega
2008-03-12 12:51 . 2008-03-12 12:51 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-12 06:09 . 2008-03-12 06:09 <DIR> d-------- C:\Documents and Settings\Kunal Goel\Application Data\DAEMON Tools
2008-03-09 03:43 . 2008-03-09 03:44 <DIR> d-------- C:\Program Files\Zuma Deluxe
2008-03-08 00:54 . 2008-03-09 17:35 <DIR> d-------- C:\Program Files\Opera
2008-03-07 10:46 . 2008-03-07 10:47 <DIR> d-------- C:\Program Files\Windows Live
2008-03-07 10:46 . 2008-03-07 10:47 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-07 10:46 . 2008-03-07 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-03 01:43 . 2008-03-24 02:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-03 01:43 . 2008-03-03 01:43 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 08:43 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\uTorrent
2008-03-24 00:47 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\LimeWire
2008-03-23 13:48 --------- d-----w C:\Program Files\SpywareBlaster
2008-03-23 07:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-23 07:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-13 01:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-12 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 00:39 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-08 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-03-02 20:40 --------- d-----w C:\Program Files\iTunes
2008-03-02 20:40 --------- d-----w C:\Program Files\iPod
2008-03-02 20:38 --------- d-----w C:\Program Files\QuickTime
2008-02-23 18:54 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\Xfire
2008-02-23 18:51 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\Hamachi
2008-02-23 18:48 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-22 17:26 --------- d-----w C:\Program Files\Xfire
2008-02-18 19:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-18 19:39 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\AdobeUM
2008-02-02 20:09 --------- d-----w C:\Documents and Settings\Kunal Goel\Application Data\dvdcss
2008-01-31 02:02 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 13:43 0 ----a-w C:\Documents and Settings\Kunal Goel\Application Data\wklnhst.dat
2006-05-28 23:40 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-23_10.39.20.70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-19 09:40:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-11-14 10:34:46 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2005-08-29 13:38:34 83,712 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-11-14 10:34:52 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
- 2005-08-29 13:38:38 368,256 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-11-14 10:35:16 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
- 2005-08-29 13:38:46 141,056 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-11-14 10:34:52 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
- 2005-08-29 13:38:54 104,192 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-11-14 10:34:52 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
- 2005-08-29 13:38:58 227,072 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-11-14 10:34:52 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
- 2005-08-29 13:39:02 71,424 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-11-14 10:34:52 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
- 2005-08-29 13:39:14 382,720 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-11-14 10:34:54 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-11-14 10:34:54 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
- 2005-08-29 13:39:22 100,096 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2007-11-14 10:34:54 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2005-08-29 13:39:42 79,616 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-11-14 10:34:56 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
- 2005-08-29 13:39:46 71,424 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-11-14 10:34:56 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-11-14 10:34:44 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-05-30 18:33:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 09:17:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 18:33:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 18:33:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 18:33:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 18:33:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 09:40:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 09:40:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-30 18:33:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 09:40:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-30 18:33:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-19 17:42:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-09-11 15:39:16 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 12:43:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 18:33:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 18:33:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 18:33:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 18:33:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-09-11 15:39:16 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 12:43:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
- 2005-08-29 13:18:28 87,808 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2007-11-14 10:34:44 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2007-11-14 10:34:46 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-11-14 10:34:46 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-11-14 10:34:46 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-11-14 10:35:18 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-11-14 10:35:18 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-11-14 10:35:18 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-11-14 10:35:18 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-11-14 10:35:20 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-11-14 10:36:34 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-11-14 10:36:36 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
- 2005-07-04 17:59:58 689,928 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-10-18 14:48:38 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
- 2005-07-04 17:59:58 648,968 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-10-18 14:48:38 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
- 2005-08-29 13:37:52 149,248 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-11-14 10:34:48 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
- 2005-08-14 22:59:46 566,294 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-01-11 05:42:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
- 2005-07-04 17:59:58 1,382,152 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-10-18 14:48:40 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-10-18 14:48:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
- 2005-08-29 13:38:04 452,352 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-11-14 10:34:50 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-11-14 10:36:36 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-11-14 10:36:36 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2006-09-04 15:29:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-10-11 11:20:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-11-14 10:35:06 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-01-11 12:01:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
- 2005-08-29 13:38:30 104,192 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-11-14 10:34:52 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
- 2005-08-29 13:38:42 79,616 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-11-14 10:34:52 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
- 2005-08-29 13:38:50 1,677,056 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-11-14 10:35:06 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-11-14 10:34:52 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
- 2005-08-29 13:39:06 1,124,096 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-11-14 10:34:54 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
- 2005-08-29 13:39:18 239,360 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-11-14 10:34:54 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-01-11 05:42:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
- 2005-08-29 13:39:58 177,920 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-11-14 10:34:56 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
- 2005-08-29 13:40:02 71,432 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-11-14 10:34:56 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
- 2005-08-29 13:40:14 259,840 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-11-14 10:34:58 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-11-14 10:34:58 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:30 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 19:52 68856]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe" [2006-11-10 04:16 190072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 10:26 64512]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 02:20 729178]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-08 00:26 409600]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-02 03:56 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 23:53 1187840]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45 507904]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 10:35 344064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-23 02:47 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54 1694208]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-08-18 02:18 439872]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-23 02:47 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 20:30 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"PolicyRun"= C:\WINDOWS\system32\spoolsv32.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kunal Goel^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Kunal Goel\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kunal Goel^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Kunal Goel\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 04:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nxpclient]
--a------ 2007-01-11 12:19 192512 C:\Program Files\Airtel\NetXpert Agent\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-08-18 02:18 439872 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-13 01:09 94208 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-11 02:33 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-06 19:52 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 14:36]
S3 iComp;HP Analog TV Tuner;C:\WINDOWS\system32\DRIVERS\p2usbwdm.sys [2006-01-17 13:07]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE31bus.sys [2006-05-01 17:26]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE31mdfl.sys [2006-05-01 17:27]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE31mdm.sys [2006-05-01 17:27]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE31mgmt.sys [2006-05-01 17:28]
S3 se31nd5;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (NDIS);C:\WINDOWS\system32\DRIVERS\se31nd5.sys [2006-05-01 17:26]
S3 SE31obex;Sony Ericsson Device 049 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE31obex.sys [2006-05-01 17:29]
S3 se31unic;Sony Ericsson Device 049 USB Ethernet Emulation SEMC49 (WDM);C:\WINDOWS\system32\DRIVERS\se31unic.sys [2006-05-01 17:26]
S3 USB_RNDIS_51;USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-10 20:30]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 14:18:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-24 14:19:19
ComboFix-quarantined-files.txt 2008-03-24 08:49:15
ComboFix2.txt 2008-03-23 05:09:36
.
2008-03-12 21:34:25 --- E O F ---
  • 0

#6
20LEGEND
Posted 24 March 2008 - 02:50 AM

20LEGEND

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:22:03, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kunal Goel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [PolicyRun] C:\WINDOWS\system32\spoolsv32.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab50997.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab50997.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://arjungoel.spa...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab50997.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab50997.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63BB790C-F5CF-4719-A350-51D952BD1D5D}: NameServer = 202.56.215.55,202.56.215.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{C48740A1-5038-44E4-99D7-116936BBD2B5}: NameServer = 203.94.243.70,203.94.227.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAAE1DA6-C0E1-4749-B5B8-B4C7557B40CD}: NameServer = 203.94.243.70,203.94.227.70
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11702 bytes
  • 0

#7
Tigger93
Posted 24 March 2008 - 12:20 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Everything looks good now. :) Still having any problems?
  • 0

#8
20LEGEND
Posted 24 March 2008 - 11:40 PM

20LEGEND

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
No. Thanks a lot. :)
  • 0

#9
20LEGEND
Posted 25 March 2008 - 11:50 AM

20LEGEND

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
How do I uninstall Combofix?
  • 0

#10
Tigger93
Posted 25 March 2008 - 05:05 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

  • When shown the disclaimer, Select "2"

Edited by Tigger93, 25 March 2008 - 05:05 PM.

  • 0

#11
Tigger93
Posted 06 April 2008 - 04:19 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP