Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

regedit, task manager disabled by abministrator... [RESOLVED]


  • This topic is locked This topic is locked

#1
uptown hunk

uptown hunk

    Member

  • Member
  • PipPip
  • 51 posts
Hi,
my pc started behaving oddy off late..like i'm no longer able to access registry editing thru the run menu n also Ctrl+Alt+DEL doesnt show up the task manager instead it gives the warning that task manager has been disabled by ur administrator..Funny coz i thought i was the administrator of my pc...None the less i'm really surprised that malware has managed to sneak into my pc..considering the fact the i have been cautious enough owing to my previous experiences... Whatever now i have Windows Defender and Kaspersky Anti virus..Both are updated..A complete scan with both reveals nothin..!!!!! So here is the HJT log for u experts to interpret.... :)
Do lemme know how we shd proceed with this...thanks in advance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33, on 2008-04-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ErrorSmart\ErrorSmart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = G.O.D Saikoboy's Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKLM\..\Policies\Explorer\Run: [installed] present2
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] \svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201689790265
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CF357D0-23E5-4C16-B4A6-A43F82F2FAB7}: NameServer = 10.20.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8458 bytes
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
uptown hunk

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
ok dude thanks for the reply..the good news is that now i'm able to access reg edit n task manager..here is the log..

ComboFix 08-04-14.2 - younus 2008-04-15 10:47:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.482 [GMT 5.5:30]
Running from: C:\Documents and Settings\younus\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\Ultra.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-14 22:36 . 2008-04-14 22:36 <DIR> d-------- C:\Documents and Settings\younus\Application Data\KillProcess
2008-04-14 22:35 . 2008-04-14 22:35 <DIR> d-------- C:\Program Files\KillProcess
2008-04-13 21:21 . 2008-04-13 21:21 <DIR> d-------- C:\Documents and Settings\younus\Application Data\TVU networks
2008-04-13 21:21 . 2008-04-13 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-04-13 21:20 . 2008-04-13 21:21 <DIR> d-------- C:\Program Files\TVUPlayer
2008-04-13 19:58 . 2008-04-13 19:58 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-13 14:14 . 2008-04-13 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-12 23:30 . 2008-04-12 23:30 <DIR> d-------- C:\Program Files\uTorrent
2008-04-12 23:29 . 2008-04-12 23:29 <DIR> d-------- C:\kav
2008-04-12 21:04 . 2008-04-12 23:29 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-12 16:29 . 2008-04-12 23:30 <DIR> d-------- C:\Program Files\ErrorSmart
2008-04-12 16:29 . 2008-04-12 23:29 <DIR> d-------- C:\Documents and Settings\younus\Application Data\ErrorSmart
2008-04-12 15:33 . 2008-04-12 15:33 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-12 15:33 . 2008-04-15 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 15:33 . 2008-04-15 10:51 3,379,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-12 15:33 . 2008-04-12 15:33 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-12 15:33 . 2008-04-12 15:33 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-12 15:33 . 2008-04-15 10:50 66,592 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-12 15:33 . 2008-04-15 10:50 54,668 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-12 15:33 . 2008-04-15 10:50 9,356 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 22:08 . 2008-03-31 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 17:42 . 2008-03-31 17:42 <DIR> d--hs---- C:\CONFIG
2008-03-28 18:28 . 2008-04-12 16:19 <DIR> d-------- C:\movies2
2008-03-26 21:35 . 2008-03-26 21:35 <DIR> d-------- C:\Documents and Settings\younus\Application Data\vlc
2008-03-26 21:31 . 2008-03-26 21:31 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-25 23:26 . 2008-04-13 18:29 <DIR> d-------- C:\Documents and Settings\younus\G-Force
2008-03-23 16:16 . 2008-03-23 16:20 477 --a------ C:\WINDOWS\mgutil_reg.ini
2008-03-23 16:16 . 2008-03-23 16:19 44 --a------ C:\WINDOWS\mgutil_win.ini
2008-03-23 16:14 . 2008-03-23 16:20 <DIR> d-------- C:\Program Files\Mgutil
2008-03-21 16:39 . 2008-03-21 16:39 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-21 16:39 . 2008-03-21 16:39 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-20 15:44 . 2008-04-15 10:28 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-16 19:46 . 2008-03-20 15:22 <DIR> d-------- C:\Program Files\DNA
2008-03-16 16:24 . 2008-03-16 17:27 <DIR> d-------- C:\Documents and Settings\younus\Application Data\Azureus
2008-03-16 16:24 . 2008-03-16 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-16 16:11 . 2008-04-15 10:26 <DIR> d-------- C:\Documents and Settings\younus\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 10:13 1424648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16:24 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 15:34 2879488 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 12:05 7634944]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"installed"= present2
"winlogon"= \svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-13 19:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-12-17 17:13 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-29 23:46]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-23 23:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a3a61a-fcb7-11dc-a3dc-001a4d7eb4cd}]
\Shell\AutoRun\command - b.com
\Shell\explore\Command - b.com
\Shell\open\Command - b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c2b707-d4a6-11dc-a253-001a4d7eb4cd}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c2b708-d4a6-11dc-a253-001a4d7eb4cd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TunerSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5eb83c2-dbe2-11dc-a294-001a4d7eb4cd}]
\Shell\Auto\command - TunerSetup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TunerSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ece8adba-e929-11dc-a325-001a4d7eb4cd}]
\Shell\AutoRun\command - H:\m9j.com
\Shell\explore\Command - H:\m9j.com
\Shell\open\Command - H:\m9j.com

.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 05:21:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-14 22:00:05 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.younus+Runs ErrorSmart to optimize your registry.
"2008-04-15 05:24:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-15 05:21:08 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-05 17:44:05 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-31 18:47:43 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-20 18:38:17 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-12 09:15:56 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 10:51:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2008-04-15 10:55:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 05:25:29

Pre-Run: 26,595,459,072 bytes free
Post-Run: 26,487,898,112 bytes free
.
2008-04-14 21:31:45 --- E O F ---

Edited by uptown hunk, 14 April 2008 - 11:32 PM.

  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Uninstall ErrorSmart via the Add/Remove Programs panel.

Download and run the Flash Disinfector. You will need to plug in your flash drive...it's been infected and needs to be disisnfected. If you want, you can backup your files on it first before running...I don't think it will wipe it out though...just disinfect.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job

Folder::
C:\Program Files\ErrorSmart
C:\Documents and Settings\younus\Application Data\ErrorSmart

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"installed"=-
"winlogon"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#5
uptown hunk

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
ok now i did jus as u said..here is the log...how does it look now...????


ComboFix 08-04-15.4 - younus 2008-04-16 14:21:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.513 [GMT 5.5:30]
Running from: C:\Documents and Settings\younus\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-14 22:36 . 2008-04-14 22:36 <DIR> d-------- C:\Documents and Settings\younus\Application Data\KillProcess
2008-04-14 22:35 . 2008-04-14 22:35 <DIR> d-------- C:\Program Files\KillProcess
2008-04-13 21:21 . 2008-04-13 21:21 <DIR> d-------- C:\Documents and Settings\younus\Application Data\TVU networks
2008-04-13 21:21 . 2008-04-13 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-04-13 21:20 . 2008-04-13 21:21 <DIR> d-------- C:\Program Files\TVUPlayer
2008-04-13 19:58 . 2008-04-13 19:58 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-13 14:14 . 2008-04-13 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-12 23:30 . 2008-04-12 23:30 <DIR> d-------- C:\Program Files\uTorrent
2008-04-12 23:29 . 2008-04-12 23:29 <DIR> d-------- C:\kav
2008-04-12 21:04 . 2008-04-12 23:29 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-12 16:29 . 2008-04-12 23:29 <DIR> d-------- C:\Documents and Settings\younus\Application Data\ErrorSmart
2008-04-12 15:33 . 2008-04-12 15:33 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-12 15:33 . 2008-04-16 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 15:33 . 2008-04-16 14:22 3,555,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-12 15:33 . 2008-04-12 15:33 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-12 15:33 . 2008-04-12 15:33 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-12 15:33 . 2008-04-16 14:22 78,624 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-12 15:33 . 2008-04-16 11:54 56,300 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-12 15:33 . 2008-04-16 11:54 10,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 22:08 . 2008-03-31 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 17:42 . 2008-03-31 17:42 <DIR> d--hs---- C:\CONFIG
2008-03-28 18:28 . 2008-04-12 16:19 <DIR> d-------- C:\movies2
2008-03-26 21:35 . 2008-03-26 21:35 <DIR> d-------- C:\Documents and Settings\younus\Application Data\vlc
2008-03-26 21:31 . 2008-03-26 21:31 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-25 23:26 . 2008-04-13 18:29 <DIR> d-------- C:\Documents and Settings\younus\G-Force
2008-03-23 16:16 . 2008-03-23 16:20 477 --a------ C:\WINDOWS\mgutil_reg.ini
2008-03-23 16:16 . 2008-03-23 16:19 44 --a------ C:\WINDOWS\mgutil_win.ini
2008-03-23 16:14 . 2008-03-23 16:20 <DIR> d-------- C:\Program Files\Mgutil
2008-03-21 16:39 . 2008-03-21 16:39 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-21 16:39 . 2008-03-21 16:39 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-20 15:44 . 2008-04-15 16:47 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-16 19:46 . 2008-03-20 15:22 <DIR> d-------- C:\Program Files\DNA
2008-03-16 16:24 . 2008-03-16 17:27 <DIR> d-------- C:\Documents and Settings\younus\Application Data\Azureus
2008-03-16 16:24 . 2008-03-16 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-16 16:11 . 2008-04-15 16:31 <DIR> d-------- C:\Documents and Settings\younus\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 11:11 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-13 14:28 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-13 14:28 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-13 14:28 --------- d-----w C:\Program Files\Common Files\Real
2008-04-12 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-04-12 15:16 --------- d-----w C:\Documents and Settings\younus\Application Data\Registry Booster
2008-04-12 10:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-12 10:45 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-12 09:35 --------- d-----w C:\Program Files\Real
2008-04-12 09:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 10:55 --------- d-----w C:\Documents and Settings\younus\Application Data\TypingMaster7
2008-03-23 18:22 --------- d-----w C:\Documents and Settings\younus\Application Data\SoundSpectrum
2008-03-23 18:17 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-22 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 13:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 19:36 --------- d-----w C:\Program Files\TweakNow RegCleaner Professional
2008-03-09 10:42 171,520 ----a-w C:\WINDOWS\system32\cncs32.dll
2008-03-07 20:01 --------- d-----w C:\Program Files\Athan
2008-03-07 20:00 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-07 01:46 --------- d-----w C:\Program Files\SoftwareDoctor
2008-03-05 17:46 --------- d-----w C:\Program Files\RegCure
2008-03-05 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SRSLabs
2008-03-05 17:12 --------- d-----w C:\Program Files\SRSLabs
2008-03-05 17:12 --------- d-----w C:\Program Files\Common Files\SRS
2008-03-02 10:21 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 06:27 --------- d-----r C:\Program Files\TypingMaster
2008-02-29 15:23 --------- d-----w C:\Documents and Settings\younus\Application Data\TuneUp Software
2008-02-29 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-27 07:45 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2008-02-26 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2008-02-26 02:49 --------- d-----w C:\Program Files\DFX
2008-02-25 14:32 --------- d-----w C:\Program Files\DivX
2008-02-24 14:36 --------- d-----w C:\Program Files\Opera
2008-02-23 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-23 15:08 --------- d-----w C:\Program Files\Islamasoft Solutions
2008-02-23 14:48 --------- d-----w C:\Program Files\Google
2008-02-23 11:27 --------- d-----w C:\Program Files\Trend Micro
2008-02-21 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-21 02:24 --------- d-----w C:\Program Files\Uniblue
2008-02-21 02:24 --------- d-----w C:\Documents and Settings\younus\Application Data\Uniblue
2008-02-20 18:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 15:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 13:07 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-05 11:43 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-01-29 18:16 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-01-29 18:14 315,392 ----a-w C:\WINDOWS\HideWin.exe
.

((((((((((((((((((((((((((((( [email protected]_10.55.10.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 05:20:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 08:27:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 14:16:58 5,408 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{5DDB8CCD-CDFE-4D9F-A566-4148EA3D812F}.bin
+ 2008-04-15 05:10:06 10,808 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{8E99D268-5955-4F6A-8ADE-4A2A97C70E18}.bin
- 2008-04-13 12:47:56 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-16 06:23:57 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-13 12:47:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-16 06:23:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 10:13 1424648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-14 21:19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16:24 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 15:34 2879488 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 12:05 7634944]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-13 19:58 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"installed"= present2
"winlogon"= \svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-13 19:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-12-17 17:13 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-29 23:46]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-23 23:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a3a61a-fcb7-11dc-a3dc-001a4d7eb4cd}]
\Shell\AutoRun\command - b.com
\Shell\explore\Command - b.com
\Shell\open\Command - b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c2b707-d4a6-11dc-a253-001a4d7eb4cd}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c2b708-d4a6-11dc-a253-001a4d7eb4cd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TunerSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5eb83c2-dbe2-11dc-a294-001a4d7eb4cd}]
\Shell\Auto\command - TunerSetup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TunerSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ece8adba-e929-11dc-a325-001a4d7eb4cd}]
\Shell\AutoRun\command - H:\m9j.com
\Shell\explore\Command - H:\m9j.com
\Shell\open\Command - H:\m9j.com

.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 08:30:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-14 22:00:05 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.younus+Runs ErrorSmart to optimize your registry.
"2008-04-16 08:30:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-16 08:27:56 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-05 17:44:05 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-31 18:47:43 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-20 18:38:17 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-12 09:15:56 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 14:22:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
Completion time: 2008-04-16 14:23:46
ComboFix-quarantined-files.txt 2008-04-16 08:53:37
ComboFix2.txt 2008-04-15 05:25:37

Pre-Run: 26,023,477,248 bytes free
Post-Run: 26,007,949,312 bytes free
.
2008-04-16 08:31:09 --- E O F ---
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You did not run the script...please redo the step again. Create the CFScript.txt and copy/paste the information I gave you earlier in there. Save it and then drag and drop it into Combofix.exe
  • 0

#7
uptown hunk

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
i did the CFScript part too...like i copy-pasted the contents of the quote box to the notepad and saved it as CFscript.txt (same location as combofix.exe ie desktop) and then combofix seems to run and then nothing happens....the log i pasted be4 was when i ran combofix when nothing happened on doing the above.
Please clarify if i went wrong somewhere... :)
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Try it again. Make sure all the text into the quote box is in the CFScript.txt file. Close the file. Then drag the CFScript.txt file over the Combofix.exe tool. Make sure the Combox tool icon is highlighted in blue (once you hover over it, it should show up as blue). Then drop it (let go of the left click). It should run the script automatically.
  • 0

#9
uptown hunk

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Sorry dude ..as i said nothing happens when i drag and drop the CFScriot file (Combofix seems to run but in the end nothing happens... :) ANyways here is the scan after that...


ComboFix 08-04-15.4 - younus 2008-04-17 14:31:33.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.496 [GMT 5.5:30]
Running from: C:\Documents and Settings\younus\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-17 00:39 . 2008-04-17 00:39 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-17 00:21 . 2008-04-17 00:21 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-16 17:44 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-04-16 15:15 . 2008-04-16 15:15 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-14 22:36 . 2008-04-14 22:36 <DIR> d-------- C:\Documents and Settings\younus\Application Data\KillProcess
2008-04-14 22:35 . 2008-04-14 22:35 <DIR> d-------- C:\Program Files\KillProcess
2008-04-13 21:21 . 2008-04-13 21:21 <DIR> d-------- C:\Documents and Settings\younus\Application Data\TVU networks
2008-04-13 21:21 . 2008-04-13 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-04-13 21:20 . 2008-04-13 21:21 <DIR> d-------- C:\Program Files\TVUPlayer
2008-04-13 19:58 . 2008-04-13 19:58 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-13 14:14 . 2008-04-13 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-12 23:30 . 2008-04-12 23:30 <DIR> d-------- C:\Program Files\uTorrent
2008-04-12 23:29 . 2008-04-12 23:29 <DIR> d-------- C:\kav
2008-04-12 16:29 . 2008-04-12 23:29 <DIR> d-------- C:\Documents and Settings\younus\Application Data\ErrorSmart
2008-04-12 15:33 . 2008-04-12 15:33 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-12 15:33 . 2008-04-17 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 15:33 . 2008-04-17 14:36 3,992,608 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-12 15:33 . 2008-04-17 14:35 99,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-12 15:33 . 2008-04-12 15:33 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-12 15:33 . 2008-04-12 15:33 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-12 15:33 . 2008-04-17 10:28 60,308 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-12 15:33 . 2008-04-17 10:28 12,116 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 22:08 . 2008-03-31 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 17:42 . 2008-03-31 17:42 <DIR> d--hs---- C:\CONFIG
2008-03-28 18:28 . 2008-04-12 16:19 <DIR> d-------- C:\movies2
2008-03-26 21:35 . 2008-03-26 21:35 <DIR> d-------- C:\Documents and Settings\younus\Application Data\vlc
2008-03-26 21:31 . 2008-03-26 21:31 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-25 23:26 . 2008-04-13 18:29 <DIR> d-------- C:\Documents and Settings\younus\G-Force
2008-03-23 16:16 . 2008-03-23 16:20 477 --a------ C:\WINDOWS\mgutil_reg.ini
2008-03-23 16:16 . 2008-03-23 16:19 44 --a------ C:\WINDOWS\mgutil_win.ini
2008-03-23 16:14 . 2008-03-23 16:20 <DIR> d-------- C:\Program Files\Mgutil
2008-03-21 16:39 . 2008-03-21 16:39 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-21 16:39 . 2008-03-21 16:39 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-20 15:44 . 2008-04-17 10:05 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 12:20 --------- d-----w C:\Documents and Settings\younus\Application Data\uTorrent
2008-04-16 09:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 09:05 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-16 09:00 --------- d-----w C:\Documents and Settings\younus\Application Data\Registry Booster
2008-04-15 11:11 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-13 14:28 --------- d-----w C:\Program Files\Common Files\Real
2008-04-12 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-04-12 09:35 --------- d-----w C:\Program Files\Real
2008-04-12 09:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 10:55 --------- d-----w C:\Documents and Settings\younus\Application Data\TypingMaster7
2008-03-23 18:22 --------- d-----w C:\Documents and Settings\younus\Application Data\SoundSpectrum
2008-03-22 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-20 09:52 --------- d-----w C:\Program Files\DNA
2008-03-18 13:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 11:57 --------- d-----w C:\Documents and Settings\younus\Application Data\Azureus
2008-03-16 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-15 19:36 --------- d-----w C:\Program Files\TweakNow RegCleaner Professional
2008-03-07 20:01 --------- d-----w C:\Program Files\Athan
2008-03-07 20:00 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-07 01:46 --------- d-----w C:\Program Files\SoftwareDoctor
2008-03-05 17:46 --------- d-----w C:\Program Files\RegCure
2008-03-05 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SRSLabs
2008-03-05 17:12 --------- d-----w C:\Program Files\SRSLabs
2008-03-05 17:12 --------- d-----w C:\Program Files\Common Files\SRS
2008-03-02 10:21 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-01 06:27 --------- d-----r C:\Program Files\TypingMaster
2008-02-29 15:23 --------- d-----w C:\Documents and Settings\younus\Application Data\TuneUp Software
2008-02-29 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-26 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2008-02-26 02:49 --------- d-----w C:\Program Files\DFX
2008-02-25 14:32 --------- d-----w C:\Program Files\DivX
2008-02-24 14:36 --------- d-----w C:\Program Files\Opera
2008-02-23 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-23 15:08 --------- d-----w C:\Program Files\Islamasoft Solutions
2008-02-23 14:48 --------- d-----w C:\Program Files\Google
2008-02-23 11:27 --------- d-----w C:\Program Files\Trend Micro
2008-02-21 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-21 02:24 --------- d-----w C:\Program Files\Uniblue
2008-02-21 02:24 --------- d-----w C:\Documents and Settings\younus\Application Data\Uniblue
2008-02-20 18:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-05 11:43 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-01-29 18:16 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-01-29 18:14 315,392 ----a-w C:\WINDOWS\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 10:13 1424648]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 17:13 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16:24 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 15:34 2879488 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 12:05 7634944]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-13 19:58 185896]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"installed"= present2
"winlogon"= \svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
WgaLogon.dll 2007-04-10 14:00 236928 C:\WINDOWS\system32\WgaLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-02-14 21:19 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-13 19:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-12-17 17:13 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-29 23:46]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-23 23:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a3a61a-fcb7-11dc-a3dc-001a4d7eb4cd}]
\Shell\AutoRun\command - b.com
\Shell\explore\Command - b.com
\Shell\open\Command - b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c2b707-d4a6-11dc-a253-001a4d7eb4cd}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c2b708-d4a6-11dc-a253-001a4d7eb4cd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TunerSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5eb83c2-dbe2-11dc-a294-001a4d7eb4cd}]
\Shell\Auto\command - TunerSetup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TunerSetup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-17 08:30:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-14 22:00:05 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.younus+Runs ErrorSmart to optimize your registry.
"2008-04-17 06:55:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-17 06:52:37 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-05 17:44:05 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-31 18:47:43 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-20 18:38:17 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-12 09:15:56 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 14:35:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
Completion time: 2008-04-17 14:38:15
ComboFix-quarantined-files.txt 2008-04-17 09:08:09
ComboFix2.txt 2008-04-17 07:42:16
ComboFix3.txt 2008-04-16 08:58:06
ComboFix4.txt 2008-04-15 05:25:37

Pre-Run: 24,987,828,224 bytes free
Post-Run: 25,017,135,104 bytes free
.
2008-04-17 04:35:40 --- E O F ---
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you run the Flash Disinfector tool posted earlier? Did you plug in your flash drive (I assume you were using one before) and see if it disinfected anything?

Give this a try....

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
C:\Program Files\ErrorSmart
C:\Documents and Settings\younus\Application Data\ErrorSmart
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\installed
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\winlogon

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Run Combofix by double clicking on it and post the new log here.
  • 0

#11
uptown hunk

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
My flash drive isnt with me as of now...i'll run the disinfector as soon as i get hold of it..Neysa i went thru the OTmoveit2 thing...this one seemed to have worked :) ..Below r the logs u asked to furnish...


C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job moved successfully.
File/Folder C:\Program Files\ErrorSmart not found.
C:\Documents and Settings\younus\Application Data\ErrorSmart\Log moved successfully.
C:\Documents and Settings\younus\Application Data\ErrorSmart moved successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\installed >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\installed deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\winlogon >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\winlogon deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04182008_161336


ComboFix 08-04-17.1 - younus 2008-04-18 16:22:35.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.505 [GMT 5.5:30]
Running from: C:\Documents and Settings\younus\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\efcYPiGv.dll
C:\WINDOWS\system32\geBtTLby.dll
C:\WINDOWS\system32\ybLTtBeg.ini
C:\WINDOWS\system32\ybLTtBeg.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-18 16:13 . 2008-04-18 16:13 <DIR> d-------- C:\_OTMoveIt
2008-04-18 13:42 . 2008-04-18 13:43 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-04-17 23:27 . 2008-04-17 23:36 <DIR> d-------- C:\Program Files\Dream Aquarium
2008-04-17 22:32 . 2008-04-17 22:32 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-17 00:39 . 2008-04-17 00:39 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-17 00:21 . 2008-04-17 00:21 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-16 17:44 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-04-16 15:15 . 2008-04-16 15:15 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-14 22:36 . 2008-04-14 22:36 <DIR> d-------- C:\Documents and Settings\younus\Application Data\KillProcess
2008-04-14 22:35 . 2008-04-14 22:35 <DIR> d-------- C:\Program Files\KillProcess
2008-04-13 21:21 . 2008-04-13 21:21 <DIR> d-------- C:\Documents and Settings\younus\Application Data\TVU networks
2008-04-13 21:21 . 2008-04-13 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-04-13 21:20 . 2008-04-13 21:21 <DIR> d-------- C:\Program Files\TVUPlayer
2008-04-13 19:58 . 2008-04-13 19:58 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-13 14:14 . 2008-04-13 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-04-12 23:30 . 2008-04-12 23:30 <DIR> d-------- C:\Program Files\uTorrent
2008-04-12 23:29 . 2008-04-12 23:29 <DIR> d-------- C:\kav
2008-04-12 15:33 . 2008-04-12 15:33 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-12 15:33 . 2008-04-18 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 15:33 . 2008-04-18 16:26 4,429,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-12 15:33 . 2008-04-18 16:26 123,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-12 15:33 . 2008-04-17 18:56 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-12 15:33 . 2008-04-17 18:56 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-12 15:33 . 2008-04-18 16:25 68,732 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-12 15:33 . 2008-04-18 16:25 14,708 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 22:08 . 2008-03-31 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 17:42 . 2008-03-31 17:42 <DIR> d--hs---- C:\CONFIG
2008-03-28 18:28 . 2008-04-12 16:19 <DIR> d-------- C:\movies2
2008-03-26 21:35 . 2008-03-26 21:35 <DIR> d-------- C:\Documents and Settings\younus\Application Data\vlc
2008-03-26 21:31 . 2008-03-26 21:31 <DIR> d-------- C:\Program Files\VideoLAN
2008-03-25 23:26 . 2008-04-17 14:54 <DIR> d-------- C:\Documents and Settings\younus\G-Force
2008-03-23 16:16 . 2008-03-23 16:20 477 --a------ C:\WINDOWS\mgutil_reg.ini
2008-03-23 16:16 . 2008-03-23 16:19 44 --a------ C:\WINDOWS\mgutil_win.ini
2008-03-23 16:14 . 2008-03-23 16:20 <DIR> d-------- C:\Program Files\Mgutil
2008-03-21 16:39 . 2008-03-21 16:39 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-03-21 16:39 . 2008-03-21 16:39 <DIR> d-------- C:\Program Files\MSECACHE
2008-03-20 15:44 . 2008-04-18 12:17 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 08:54 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-17 18:00 --------- d-----w C:\Documents and Settings\younus\Application Data\uTorrent
2008-04-16 09:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 09:05 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-16 09:00 --------- d-----w C:\Documents and Settings\younus\Application Data\Registry Booster
2008-04-13 14:28 --------- d-----w C:\Program Files\Common Files\Real
2008-04-12 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-04-12 09:35 --------- d-----w C:\Program Files\Real
2008-04-12 09:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 10:55 --------- d-----w C:\Documents and Settings\younus\Application Data\TypingMaster7
2008-03-23 18:22 --------- d-----w C:\Documents and Settings\younus\Application Data\SoundSpectrum
2008-03-22 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-20 09:52 --------- d-----w C:\Program Files\DNA
2008-03-18 13:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 11:57 --------- d-----w C:\Documents and Settings\younus\Application Data\Azureus
2008-03-16 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-15 19:36 --------- d-----w C:\Program Files\TweakNow RegCleaner Professional
2008-03-07 20:01 --------- d-----w C:\Program Files\Athan
2008-03-07 20:00 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-07 01:46 --------- d-----w C:\Program Files\SoftwareDoctor
2008-03-05 17:46 --------- d-----w C:\Program Files\RegCure
2008-03-05 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\SRSLabs
2008-03-05 17:12 --------- d-----w C:\Program Files\SRSLabs
2008-03-05 17:12 --------- d-----w C:\Program Files\Common Files\SRS
2008-03-02 10:21 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-01 06:27 --------- d-----r C:\Program Files\TypingMaster
2008-02-29 15:23 --------- d-----w C:\Documents and Settings\younus\Application Data\TuneUp Software
2008-02-29 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-26 13:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2008-02-26 02:49 --------- d-----w C:\Program Files\DFX
2008-02-25 14:32 --------- d-----w C:\Program Files\DivX
2008-02-24 14:36 --------- d-----w C:\Program Files\Opera
2008-02-23 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-23 15:08 --------- d-----w C:\Program Files\Islamasoft Solutions
2008-02-23 14:48 --------- d-----w C:\Program Files\Google
2008-02-23 11:27 --------- d-----w C:\Program Files\Trend Micro
2008-02-21 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-21 02:24 --------- d-----w C:\Program Files\Uniblue
2008-02-21 02:24 --------- d-----w C:\Documents and Settings\younus\Application Data\Uniblue
2008-02-20 18:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-05 11:43 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-01-29 18:16 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-01-29 18:14 315,392 ----a-w C:\WINDOWS\HideWin.exe
.

((((((((((((((((((((((((((((( [email protected]_13.10.52.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-31 11:56:15 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB946501-v2\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946501-v2\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946501-v2\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946501-v2\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946501-v2\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946501-v2\update\updspapi.dll
- 2008-04-17 06:51:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-18 10:56:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-06-09 06:34:32 94,208 ----a-w C:\WINDOWS\Dream Aquarium.scr
+ 2007-08-13 13:09:20 71,680 -c--a-w C:\WINDOWS\ie8\admparse.dll
+ 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\ie8\advpack.dll
+ 2004-08-03 19:26:42 35,328 -c--a-w C:\WINDOWS\ie8\corpol.dll
+ 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\ie8\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\ie8\dxtrans.dll
+ 2007-08-13 12:48:02 60,416 -c--a-w C:\WINDOWS\ie8\hmmapi.dll
+ 2008-03-01 13:06:21 63,488 -c--a-w C:\WINDOWS\ie8\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\ie8\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\ie8\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\ie8\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\ie8\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c--a-w C:\WINDOWS\ie8\ieapfltr.dat
+ 2008-03-01 13:06:22 383,488 -c--a-w C:\WINDOWS\ie8\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\ie8\iedkcs32.dll
+ 2007-08-13 13:14:02 69,120 -c--a-w C:\WINDOWS\ie8\iedw.exe
+ 2007-08-13 13:15:18 78,336 -c--a-w C:\WINDOWS\ie8\ieencode.dll
+ 2008-03-01 13:06:24 6,066,176 -c--a-w C:\WINDOWS\ie8\ieframe.dll
+ 2007-08-13 13:24:10 191,488 -c--a-w C:\WINDOWS\ie8\iepeers.dll
+ 2007-08-13 13:24:10 287,744 -c--a-w C:\WINDOWS\ie8\ieproxy.dll
+ 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\ie8\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c--a-w C:\WINDOWS\ie8\iertutil.dll
+ 2007-08-13 13:09:12 55,296 -c--a-w C:\WINDOWS\ie8\iesetup.dll
+ 2007-08-13 13:24:10 180,736 -c--a-w C:\WINDOWS\ie8\ieui.dll
+ 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\ie8\iexplore.exe
+ 2007-08-13 13:06:06 36,352 -c--a-w C:\WINDOWS\ie8\imgutil.dll
+ 2007-08-13 13:09:02 92,672 -c--a-w C:\WINDOWS\ie8\inseng.dll
+ 2007-08-13 13:08:04 491,520 -c--a-w C:\WINDOWS\ie8\jscript.dll
+ 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\ie8\jsproxy.dll
+ 2007-08-13 13:14:18 40,960 -c--a-w C:\WINDOWS\ie8\licmgr10.dll
+ 2008-03-01 13:06:26 459,264 -c--a-w C:\WINDOWS\ie8\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c--a-w C:\WINDOWS\ie8\msfeedsbs.dll
+ 2007-08-13 13:06:40 12,288 -c--a-w C:\WINDOWS\ie8\msfeedssync.exe
+ 2007-08-13 13:02:30 45,568 -c--a-w C:\WINDOWS\ie8\mshta.exe
+ 2008-03-01 13:06:30 3,591,680 -c--a-w C:\WINDOWS\ie8\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\ie8\mshtmled.dll
+ 2007-08-13 12:31:12 48,128 -c--a-w C:\WINDOWS\ie8\mshtmler.dll
+ 2007-08-13 13:24:10 156,160 -c--a-w C:\WINDOWS\ie8\msls31.dll
+ 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\ie8\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\ie8\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\ie8\occache.dll
+ 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\ie8\pngfilt.dll
+ 2006-09-06 12:13:16 213,216 -c--a-w C:\WINDOWS\ie8\spuninst.exe
+ 2008-03-03 14:31:58 51,784 -c--a-w C:\WINDOWS\ie8\spuninst\iecustom.dll
+ 2008-01-11 06:05:36 213,216 -c--a-w C:\WINDOWS\ie8\spuninst\spuninst.exe
+ 2008-01-11 06:05:36 371,424 -c--a-w C:\WINDOWS\ie8\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\ie8\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\ie8\urlmon.dll
+ 2007-08-13 13:24:10 413,696 -c--a-w C:\WINDOWS\ie8\vbscript.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\ie8\vgx.dll
+ 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\ie8\webcheck.dll
+ 2007-08-13 13:15:16 206,336 -c--a-w C:\WINDOWS\ie8\winfxdocobj.exe
+ 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\ie8\wininet.dll
+ 2008-04-18 06:52:48 5,408 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{C412FFB6-DDA0-4308-95CD-07782EE0033A}.bin
- 2007-08-13 13:09:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2008-03-03 14:21:50 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-03 14:21:42 126,464 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-04-17 06:52:22 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-17 16:54:02 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-18 10:55:30 262,144 ---ha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2008-04-17 06:52:22 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-17 16:54:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-08-03 19:26:42 35,328 ------w C:\WINDOWS\system32\corpol.dll
+ 2008-03-03 14:22:20 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
- 2007-08-13 13:09:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-03-03 14:21:50 69,120 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-03 14:21:42 126,464 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-03 19:26:42 35,328 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2008-03-03 14:22:20 17,920 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
- 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-03 14:20:34 345,600 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-03 14:20:30 212,992 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 12:48:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-03-03 14:16:02 68,096 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-03 14:20:40 60,928 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-03-03 14:21:52 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-03 14:21:56 119,808 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-03 14:22:04 224,768 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-03-03 14:21:50 149,504 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-07-01 03:31:33 2,455,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-02-07 12:18:08 3,670,112 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dat
- 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-03 14:04:48 440,832 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-03 14:22:02 349,184 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-13 13:14:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-03-03 14:22:46 70,656 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-08-13 13:15:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2008-03-03 14:23:14 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-03 14:31:22 8,016,384 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-13 13:24:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-03-03 14:31:22 184,320 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-03 14:21:46 44,032 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-03 14:20:38 268,800 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-13 13:09:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-03-03 14:21:48 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-03-03 14:22:48 599,552 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 13:06:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2008-03-03 14:20:30 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-08-13 13:09:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-03-03 14:21:46 94,208 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-08-13 13:08:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-03-03 14:21:38 557,056 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-03 14:31:22 28,672 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-13 13:14:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2008-03-03 14:22:54 41,984 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2004-08-03 19:26:44 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2007-12-31 12:07:20 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-03 14:31:22 585,728 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-03 14:31:22 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-13 13:02:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2008-03-03 14:20:10 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-03-01 13:06:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-03 14:31:22 5,120,000 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-03 14:31:22 68,608 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 12:31:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2008-03-03 14:20:16 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2007-08-13 13:24:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2008-03-03 14:31:22 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-03 14:22:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-03 14:31:22 629,248 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-03 14:22:52 116,224 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-03 14:20:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-01-11 06:05:32 134,144 -c----w C:\WINDOWS\system32\dllcache\sqmapi.dll
- 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-03 14:22:54 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-03 14:31:22 1,188,352 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 13:24:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-03-03 14:31:22 434,176 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2008-03-03 14:31:22 755,200 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
- 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-03 14:31:22 233,984 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-03 14:31:22 830,464 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-03 14:20:34 345,600 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-03 14:20:30 212,992 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-03 14:20:40 60,928 ----a-w C:\WINDOWS\system32\icardie.dll
- 2006-06-29 02:35:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
+ 2008-01-11 06:05:16 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
- 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-03-03 14:21:52 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-03 14:21:56 119,808 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-03 14:22:04 224,768 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-03-03 14:21:50 149,504 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-02-07 12:18:08 3,670,112 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-03 14:04:48 440,832 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-03 14:22:02 349,184 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 13:15:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2008-03-03 14:23:14 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-03 14:31:22 8,016,384 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-13 13:24:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-03-03 14:31:22 184,320 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-03 14:21:46 44,032 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-03 14:20:38 268,800 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-03 14:31:22 142,848 ----a-w C:\WINDOWS\system32\IESetting.dll
- 2007-08-13 13:09:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-03-03 14:21:48 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-03-03 14:21:46 36,864 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-13 13:24:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
+ 2008-03-03 14:31:22 181,248 ----a-w C:\WINDOWS\system32\ieui.dll
- 2007-08-13 13:06:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2008-03-03 14:20:30 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-08-13 13:09:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-03-03 14:21:46 94,208 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-08-13 13:08:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-03-03 14:21:38 557,056 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-03 14:31:22 28,672 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-10-11 08:42:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-04-10 08:32:50 1,476,992 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2007-08-13 13:14:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2008-03-03 14:22:54 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-05 17:26:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-03 19:26:44 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2007-12-31 12:07:20 294,400 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-03 14:31:22 585,728 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-03 14:31:22 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 13:06:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
+ 2008-03-03 14:20:46 52,736 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2007-08-13 13:02:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2008-03-03 14:20:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-03-01 13:06:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-03 14:31:22 5,120,000 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-03 14:31:22 68,608 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-13 12:31:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2008-03-03 14:20:16 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2007-08-13 13:24:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2008-03-03 14:31:22 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2008-03-03 14:22:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-03-03 14:31:22 629,248 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-06-28 12:29:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2008-01-11 06:05:16 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
- 2006-06-29 02:35:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
+ 2008-01-11 06:05:16 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
- 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-03-03 14:22:52 116,224 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-03 14:20:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-03 14:22:54 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-03 14:31:22 1,188,352 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-13 13:24:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2008-03-03 14:31:22 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-03 14:31:22 233,984 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-13 13:15:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2008-03-03 14:23:08 208,384 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-03 14:31:22 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-01-11 06:05:38 121,856 ----a-w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 10:13 1424648]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 17:13 3810544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-14 21:19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16:24 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 15:34 2879488 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 12:05 7634944]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-13 19:58 185896]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-02-14 21:19 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-13 19:58 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-12-17 17:13 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"C:\\Program Files\\Dream Aquarium\\ErrorsAndUpdates.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-29 23:46]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-23 23:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a3a61a-fcb7-11dc-a3dc-001a4d7eb4cd}]
\Shell\AutoRun\command - b.com
\Shell\explore\Command - b.com
\Shell\open\Command - b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c2b707-d4a6-11dc-a253-001a4d7eb4cd}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66c2b708-d4a6-11dc-a253-001a4d7eb4cd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TunerSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5eb83c2-dbe2-11dc-a294-001a4d7eb4cd}]
\Shell\Auto\command - TunerSetup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TunerSetup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 10:56:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-18 10:59:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-18 10:56:24 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-05 17:44:05 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-31 18:47:43 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-20 18:38:17 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-12 09:15:56 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 16:26:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-04-18 16:31:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-18 11:01:22
ComboFix2.txt 2008-04-17 09:08:17
ComboFix3.txt 2008-04-17 07:42:16
ComboFix4.txt 2008-04-16 08:58:06
ComboFix5.txt 2008-04-15 05:25:37

Pre-Run: 25,956,634,624 bytes free
Post-Run: 25,943,023,616 bytes free
.
2008-04-18 06:54:18 --- E O F ---
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Aside from the flash drive infection (which you should try to run and disinfect as soon as possible), your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run and type in Combofix /u and hit OK to remove Combofix. You should be set to go.
  • 0

#13
uptown hunk

uptown hunk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
OK buddy..thanks a milion for ur help...the machine is running just fine... :) ...
Dude i would really appreciate it if u help me out in another problem...Its the infamous error 1606 Could not access memeory location...I have MS Office 2007 Enterprise edition installed onmy pc but lately everytime i try to use excel, groove, outlook, poweront and word i get the above error...Although i can use Office Tools, Access,One-note, info-path and publisher...On searching i came to know that its because of a wrong registry value but i rectified that and still i get the error..I even use a couple of registry repair tools but its of no use..
Kindly help me to atleast uninstall it...

Edited by uptown hunk, 18 April 2008 - 11:14 PM.

  • 0

#14
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem. Glad to help out :)

You should really post this in the Windows or Office boards instead. What is the exact error you are getting? See if the below links help out:

http://support.microsoft.com/kb/886549
http://forums.techgu...ror-1606-a.html

Post in the Windows or Office boards for more assistance in this issue.

I will mark this topic as resolved since the malware issues are now gone :)

Edited by greyknight17, 19 April 2008 - 02:34 PM.

  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP