Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I cant Find whats wrong with my PC........ [RESOLVED]


  • This topic is locked This topic is locked

#1
selva

selva

    Member

  • Member
  • PipPip
  • 81 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:58 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\YOUConnect\YOUConnect.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\TEMP\CEE.tmp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {6A461E64-E876-4EA7-B9E4-258B2669C4AF} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\SELVAK~1\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFA8C5C9-8800-404E-A90B-847C62DEF85B}: NameServer = 203.187.244.13 203.187.192.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: ddcCUlIA - ddcCUlIA.dll (file missing)
O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5987 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
selva

selva

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
My Combo Fix Log File...........

ComboFix 08-04-29.5 - selva kumar 2008-05-01 19:32:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.54 [GMT 5.5:30]
Running from: C:\Documents and Settings\selva kumar\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\selva kumar\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\WinData.cab . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 19:34 . 2008-05-01 19:34 9,728 --a------ C:\WINDOWS\system32\WinNt32.dll
2008-05-01 12:12 . 2008-05-01 12:12 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\Talkback
2008-04-30 23:55 . 2008-04-30 23:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 23:44 . 2008-04-30 23:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-30 23:44 . 2008-05-01 19:04 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-04-30 23:39 . 2008-05-01 15:56 326 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-30 23:06 . 2008-05-01 18:19 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
2008-04-30 15:58 . 2008-05-01 19:04 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-30 09:44 . 2008-04-30 09:44 <DIR> d-------- C:\Program Files\Yamicsoft
2008-04-30 08:18 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-29 23:33 . 2008-04-29 23:33 58,880 --a------ C:\WINDOWS\system32\qelv.exe
2008-04-29 23:30 . 2008-04-30 17:29 14,976 --a------ C:\WINDOWS\system32\drivers\Tyo14.sys
2008-04-29 23:30 . 2008-04-30 17:29 9,728 --a------ C:\WINDOWS\system32\WinData.cab
2008-04-29 23:16 . 2008-04-29 23:18 350 --a------ C:\WINDOWS\CRedit.INI
2008-04-29 19:33 . 2008-04-29 20:15 <DIR> d-------- C:\Program Files\Winamp
2008-04-29 19:33 . 2008-04-29 20:18 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\Winamp
2008-04-28 08:19 . 2008-04-28 08:19 <DIR> d-------- C:\WINDOWS\Sun
2008-04-28 08:17 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-28 07:51 . 2008-04-28 07:51 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-25 13:47 . 2008-04-25 13:47 0 --a------ C:\WINDOWS\autorun.INI
2008-04-25 13:33 . 2007-12-19 11:06 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-25 12:32 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-04-25 12:31 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-04-25 12:29 . 2007-12-19 11:40 147,456 --a------ C:\WINDOWS\system32\igfxCoIn_v4906.dll
2008-04-25 10:33 . 2008-04-25 10:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-25 08:51 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-04-25 08:51 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-04-25 08:51 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-04-24 23:08 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-24 23:08 . 2005-01-12 11:19 456,536 --a------ C:\WINDOWS\system32\XCEEDZIP.DLL
2008-04-24 21:11 . 2008-04-24 21:11 1,532 --a------ C:\WINDOWS\mozver.dat
2008-04-23 21:13 . 2008-04-23 21:13 <DIR> d-------- C:\Program Files\Common Files\Cosmi
2008-04-23 21:13 . 2008-04-23 21:13 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-04-23 21:13 . 1997-07-10 10:36 299,008 --a------ C:\WINDOWS\system32\SKY32V3C.DLL
2008-04-23 21:13 . 1996-05-07 19:59 47,104 --a------ C:\WINDOWS\system32\D2HTLS32.DLL
2008-04-23 21:13 . 1996-02-28 15:47 28,976 --a------ C:\WINDOWS\system32\D2HTOOLS.DLL
2008-04-23 21:13 . 2008-04-23 21:13 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-04-23 21:12 . 2008-04-23 21:12 <DIR> d-------- C:\Documents and Settings\selva kumar\WINDOWS
2008-04-23 21:12 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-23 17:42 . 2008-04-25 09:26 50 --a------ C:\WINDOWS\MegaManager.INI
2008-04-23 12:38 . 2008-04-23 12:38 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-23 12:37 . 2008-04-30 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-21 22:32 . 2008-04-21 22:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-21 22:30 . 2008-04-21 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-20 16:08 . 2008-04-20 16:08 <DIR> d-------- C:\Program Files\CyberLink
2008-04-19 17:10 . 2008-04-19 17:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-18 16:18 . 2008-04-18 16:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-18 13:56 . 2008-04-18 13:56 66 --a------ C:\WINDOWS\system32\wmpcsauth.bin
2008-04-18 10:08 . 2008-04-18 10:08 <DIR> d-------- C:\Program Files\CONEXANT
2008-04-18 00:22 . 2008-04-30 00:01 <DIR> d-------- C:\Program Files\uTorrent
2008-04-18 00:22 . 2008-05-01 00:42 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\uTorrent
2008-04-17 21:39 . 2008-04-21 11:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 21:38 . 2008-04-17 21:38 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-04-17 21:38 . 2008-04-17 21:38 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-04-17 21:38 . 2008-04-17 21:38 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-04-17 19:14 . 2008-04-17 19:14 144 --a------ C:\WINDOWS\Eudcedit.ini
2008-04-17 18:49 . 2008-04-23 16:33 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-04-17 18:49 . 2008-04-29 21:04 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\MegauploadToolbar
2008-04-17 18:26 . 2008-04-18 14:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-17 16:34 . 2008-04-17 18:19 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\Yahoo!
2008-04-17 16:22 . 2008-04-17 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-17 16:18 . 2008-04-17 18:19 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-17 15:54 . 2008-04-17 15:54 <DIR> d---s---- C:\Documents and Settings\selva kumar\UserData
2008-04-16 20:08 . 2008-04-17 15:44 <DIR> d-------- C:\Program Files\YOUConnect
2008-04-16 20:08 . 2006-05-27 12:11 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2008-04-16 20:08 . 2006-05-27 12:11 917,504 --a------ C:\WINDOWS\system32\Flash.ocx
2008-04-16 20:08 . 2006-05-27 12:11 798,773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
2008-04-16 20:08 . 2006-05-27 12:11 434,252 --a------ C:\WINDOWS\system32\msvcrtd.dll
2008-04-16 20:08 . 2006-05-27 12:11 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-04-16 20:08 . 2006-05-27 12:11 143,360 --a------ C:\WINDOWS\system32\Unzip32.dll
2008-04-16 20:08 . 2006-05-27 12:11 109,248 --a------ C:\WINDOWS\system32\MSWinSck.ocx
2008-04-16 19:51 . 2004-09-30 02:06 15,360 -rah----- C:\WINDOWS\system32\drivers\NetMotCM.sys
2008-04-15 16:55 . 2008-04-15 16:56 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-04-15 14:28 . 2008-04-30 18:09 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\dvdcss
2008-04-15 14:22 . 2008-04-21 20:46 <DIR> d-------- C:\Program Files\Total Video Converter
2008-04-15 09:23 . 2008-04-15 09:25 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-15 07:44 . 2008-04-15 07:44 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-15 07:44 . 2008-04-15 07:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-15 07:34 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-15 07:32 . 2008-04-15 07:32 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-15 07:31 . 2008-04-15 07:31 <DIR> d-------- C:\Program Files\MSBuild
2008-04-15 07:30 . 2008-04-15 07:30 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-15 07:28 . 2008-04-15 07:28 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-15 07:27 . 2008-04-15 07:31 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-15 07:26 . 2008-04-15 07:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 14:38 . 2008-04-14 14:38 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-14 14:34 . 2008-04-14 14:34 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-14 14:34 . 2008-04-14 14:34 96,256 --a------ C:\WINDOWS\system32\drivers\sptd8893.sys
2008-04-13 18:00 . 2008-04-13 18:00 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\CyberLink
2008-04-13 17:59 . 2008-04-13 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-13 17:58 . 2008-04-13 17:58 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\vlc
2008-04-13 17:55 . 2008-04-13 17:55 <DIR> d-------- C:\Program Files\SRS Labs
2008-04-13 17:55 . 2008-04-13 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-04-12 14:48 . 2008-04-12 14:48 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\ScanSoft
2008-04-12 14:48 . 2008-04-12 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-12 14:48 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-12 14:48 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-12 14:48 . 2008-04-12 14:48 416 --a------ C:\WINDOWS\MAXLINK.INI
2008-04-12 14:47 . 2008-04-12 14:47 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-04-12 14:47 . 2008-04-12 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-12 14:40 . 2008-04-12 14:40 <DIR> d-------- C:\Program Files\ArcSoft
2008-04-12 14:40 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-04-12 14:39 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-12 14:38 . 2008-04-12 14:38 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-04-12 14:38 . 2008-04-12 14:38 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-12 14:38 . 2006-07-20 21:21 1,298,432 --a------ C:\WINDOWS\system32\CNCC160.DLL
2008-04-12 14:38 . 2006-09-13 10:30 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2008-04-12 14:38 . 2006-05-26 16:24 135,168 --a------ C:\WINDOWS\system32\CNCL160.DLL
2008-04-12 14:38 . 2006-06-29 19:59 106,496 --a------ C:\WINDOWS\system32\cnco160.dll
2008-04-12 14:38 . 2006-07-20 21:21 57,344 --a------ C:\WINDOWS\system32\CNCI160.DLL
2008-04-12 14:37 . 2008-04-12 14:37 <DIR> d--h----- C:\Program Files\CanonBJ
2008-04-12 14:36 . 2008-04-12 14:39 <DIR> d-------- C:\Program Files\Canon
2008-04-12 14:34 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-12 14:34 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-12 14:34 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-12 14:34 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-12 10:14 . 2008-04-12 10:14 <DIR> d-------- C:\Program Files\Smart Projects
2008-04-12 06:15 . 2008-04-12 06:15 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-11 20:17 . 2008-04-11 20:18 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-04-11 20:12 . 2008-04-11 20:12 <DIR> d-------- C:\Program Files\Autodesk
2008-04-11 18:28 . 2008-04-11 20:22 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\Autodesk
2008-04-11 18:28 . 2008-04-11 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-11 18:26 . 2008-04-11 20:19 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-10 21:16 . 2007-05-22 11:02 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-10 21:12 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 11:03 4,707,328 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-10 15:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-10 11:22 16,861,184 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-04-02 03:57 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
.

((((((((((((((((((((((((((((( [email protected]_19.11.49.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-01 13:37:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 14:04:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2008-04-13 17:57 3158016]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 19:34 3084288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyo14.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 Tyo14;Tyo14;C:\WINDOWS\system32\Drivers\Tyo14.sys [2008-04-30 17:29]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 00:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 00:05]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf4656c2-0714-11dd-816c-a2b01ac0a9b1}]
\Shell\AutoRun\command - f.exe
\Shell\explore\Command - f.exe
\Shell\open\Command - f.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 18:43:00 C:\WINDOWS\Tasks\WinXP Manager Live Update.job"
- C:\Program Files\Yamicsoft\WinXP Manager\LiveUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 19:35:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-05-01 19:38:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 14:08:17
ComboFix2.txt 2008-05-01 13:42:06

Pre-Run: 4,597,854,208 bytes free
Post-Run: 4,572,155,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

231 --- E O F --- 2008-04-17 14:18:28
  • 0

#4
selva

selva

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
My Hijack This log file..............

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:32 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\YOUConnect\YOUConnect.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFA8C5C9-8800-404E-A90B-847C62DEF85B}: NameServer = 203.187.244.13 203.187.192.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5356 bytes
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\WinData.cab"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINDOWS\system32\WinData.cab

  • Click Open.
  • Click Post.
Thank you!




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\qelv.exe
C:\WINDOWS\system32\drivers\Tyo14.sys

Folder::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf4656c2-0714-11dd-816c-a2b01ac0a9b1}]

Driver::
Tyo14


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Reboot and post a new HijackThis log
  • 0

#6
selva

selva

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:29 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\YOUConnect\YOUConnect.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFA8C5C9-8800-404E-A90B-847C62DEF85B}: NameServer = 203.187.244.13 203.187.192.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5356 bytes
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix log
  • 0

#8
selva

selva

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
I think this should be the one.........Because i never saved the previous report.......


ComboFix 08-04-29.5 - selva kumar 2008-05-01 20:43:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.39 [GMT 5.5:30]
Running from: C:\Documents and Settings\selva kumar\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\selva kumar\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\drivers\Tyo14.sys
C:\WINDOWS\system32\qelv.exe
C:\WINDOWS\system32\WinData.cab
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\drivers\Tyo14.sys
C:\WINDOWS\system32\qelv.exe
C:\WINDOWS\system32\WinData.cab
C:\WINDOWS\system32\WinNt32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TYO14
-------\Service_Tyo14


((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 12:12 . 2008-05-01 12:12 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\Talkback
2008-04-30 23:55 . 2008-04-30 23:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 23:44 . 2008-04-30 23:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-30 23:44 . 2008-05-01 19:04 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-04-30 23:39 . 2008-05-01 15:56 326 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-30 15:58 . 2008-05-01 19:04 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-30 09:44 . 2008-04-30 09:44 <DIR> d-------- C:\Program Files\Yamicsoft
2008-04-30 08:18 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-29 23:16 . 2008-04-29 23:18 350 --a------ C:\WINDOWS\CRedit.INI
2008-04-29 19:33 . 2008-04-29 20:15 <DIR> d-------- C:\Program Files\Winamp
2008-04-29 19:33 . 2008-04-29 20:18 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\Winamp
2008-04-28 08:19 . 2008-04-28 08:19 <DIR> d-------- C:\WINDOWS\Sun
2008-04-28 08:17 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-28 07:51 . 2008-04-28 07:51 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-25 13:47 . 2008-04-25 13:47 0 --a------ C:\WINDOWS\autorun.INI
2008-04-25 13:33 . 2007-12-19 11:06 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-25 12:32 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-04-25 12:31 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-04-25 12:29 . 2007-12-19 11:40 147,456 --a------ C:\WINDOWS\system32\igfxCoIn_v4906.dll
2008-04-25 10:33 . 2008-04-25 10:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-25 08:51 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-04-25 08:51 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
2008-04-25 08:51 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-04-24 23:08 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-24 23:08 . 2005-01-12 11:19 456,536 --a------ C:\WINDOWS\system32\XCEEDZIP.DLL
2008-04-24 21:11 . 2008-04-24 21:11 1,532 --a------ C:\WINDOWS\mozver.dat
2008-04-23 21:13 . 2008-04-23 21:13 <DIR> d-------- C:\Program Files\Common Files\Cosmi
2008-04-23 21:13 . 2008-04-23 21:13 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-04-23 21:13 . 1997-07-10 10:36 299,008 --a------ C:\WINDOWS\system32\SKY32V3C.DLL
2008-04-23 21:13 . 1996-05-07 19:59 47,104 --a------ C:\WINDOWS\system32\D2HTLS32.DLL
2008-04-23 21:13 . 1996-02-28 15:47 28,976 --a------ C:\WINDOWS\system32\D2HTOOLS.DLL
2008-04-23 21:13 . 2008-04-23 21:13 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-04-23 21:12 . 2008-04-23 21:12 <DIR> d-------- C:\Documents and Settings\selva kumar\WINDOWS
2008-04-23 21:12 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-23 17:42 . 2008-04-25 09:26 50 --a------ C:\WINDOWS\MegaManager.INI
2008-04-23 12:38 . 2008-04-23 12:38 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-23 12:37 . 2008-04-30 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-21 22:32 . 2008-04-21 22:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-21 22:30 . 2008-04-21 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-20 16:08 . 2008-04-20 16:08 <DIR> d-------- C:\Program Files\CyberLink
2008-04-19 17:10 . 2008-04-19 17:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-18 16:18 . 2008-04-18 16:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-18 13:56 . 2008-04-18 13:56 66 --a------ C:\WINDOWS\system32\wmpcsauth.bin
2008-04-18 10:08 . 2008-04-18 10:08 <DIR> d-------- C:\Program Files\CONEXANT
2008-04-18 00:22 . 2008-04-30 00:01 <DIR> d-------- C:\Program Files\uTorrent
2008-04-18 00:22 . 2008-05-01 00:42 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\uTorrent
2008-04-17 21:39 . 2008-04-21 11:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 21:38 . 2008-04-17 21:38 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-04-17 21:38 . 2008-04-17 21:38 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-04-17 21:38 . 2008-04-17 21:38 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-04-17 19:14 . 2008-04-17 19:14 144 --a------ C:\WINDOWS\Eudcedit.ini
2008-04-17 18:49 . 2008-04-23 16:33 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-04-17 18:49 . 2008-04-29 21:04 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\MegauploadToolbar
2008-04-17 18:26 . 2008-04-18 14:02 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-17 16:34 . 2008-04-17 18:19 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\Yahoo!
2008-04-17 16:22 . 2008-04-17 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-17 16:18 . 2008-04-17 18:19 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-17 15:54 . 2008-04-17 15:54 <DIR> d---s---- C:\Documents and Settings\selva kumar\UserData
2008-04-16 20:08 . 2008-04-17 15:44 <DIR> d-------- C:\Program Files\YOUConnect
2008-04-16 20:08 . 2006-05-27 12:11 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2008-04-16 20:08 . 2006-05-27 12:11 917,504 --a------ C:\WINDOWS\system32\Flash.ocx
2008-04-16 20:08 . 2006-05-27 12:11 798,773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
2008-04-16 20:08 . 2006-05-27 12:11 434,252 --a------ C:\WINDOWS\system32\msvcrtd.dll
2008-04-16 20:08 . 2006-05-27 12:11 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-04-16 20:08 . 2006-05-27 12:11 143,360 --a------ C:\WINDOWS\system32\Unzip32.dll
2008-04-16 20:08 . 2006-05-27 12:11 109,248 --a------ C:\WINDOWS\system32\MSWinSck.ocx
2008-04-16 19:51 . 2004-09-30 02:06 15,360 -rah----- C:\WINDOWS\system32\drivers\NetMotCM.sys
2008-04-15 16:55 . 2008-04-15 16:56 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-04-15 14:28 . 2008-04-30 18:09 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\dvdcss
2008-04-15 14:22 . 2008-04-21 20:46 <DIR> d-------- C:\Program Files\Total Video Converter
2008-04-15 09:23 . 2008-04-15 09:25 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-15 07:44 . 2008-04-15 07:44 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-15 07:44 . 2008-04-15 07:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-15 07:34 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-15 07:32 . 2008-04-15 07:32 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-15 07:31 . 2008-04-15 07:31 <DIR> d-------- C:\Program Files\MSBuild
2008-04-15 07:30 . 2008-04-15 07:30 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-15 07:28 . 2008-04-15 07:28 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-15 07:27 . 2008-04-15 07:31 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-15 07:26 . 2008-04-15 07:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 14:38 . 2008-04-14 14:38 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-14 14:34 . 2008-04-14 14:34 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-14 14:34 . 2008-04-14 14:34 96,256 --a------ C:\WINDOWS\system32\drivers\sptd8893.sys
2008-04-13 18:00 . 2008-04-13 18:00 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\CyberLink
2008-04-13 17:59 . 2008-04-13 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-13 17:58 . 2008-04-13 17:58 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\vlc
2008-04-13 17:55 . 2008-04-13 17:55 <DIR> d-------- C:\Program Files\SRS Labs
2008-04-13 17:55 . 2008-04-13 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-04-12 14:48 . 2008-04-12 14:48 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\ScanSoft
2008-04-12 14:48 . 2008-04-12 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-12 14:48 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-12 14:48 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-12 14:48 . 2008-04-12 14:48 416 --a------ C:\WINDOWS\MAXLINK.INI
2008-04-12 14:47 . 2008-04-12 14:47 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-04-12 14:47 . 2008-04-12 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-12 14:40 . 2008-04-12 14:40 <DIR> d-------- C:\Program Files\ArcSoft
2008-04-12 14:40 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-04-12 14:39 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-12 14:38 . 2008-04-12 14:38 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-04-12 14:38 . 2008-04-12 14:38 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-04-12 14:38 . 2006-07-20 21:21 1,298,432 --a------ C:\WINDOWS\system32\CNCC160.DLL
2008-04-12 14:38 . 2006-09-13 10:30 197,632 --a------ C:\WINDOWS\system32\CNMLM83.DLL
2008-04-12 14:38 . 2006-05-26 16:24 135,168 --a------ C:\WINDOWS\system32\CNCL160.DLL
2008-04-12 14:38 . 2006-06-29 19:59 106,496 --a------ C:\WINDOWS\system32\cnco160.dll
2008-04-12 14:38 . 2006-07-20 21:21 57,344 --a------ C:\WINDOWS\system32\CNCI160.DLL
2008-04-12 14:37 . 2008-04-12 14:37 <DIR> d--h----- C:\Program Files\CanonBJ
2008-04-12 14:36 . 2008-04-12 14:39 <DIR> d-------- C:\Program Files\Canon
2008-04-12 14:34 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-12 14:34 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-12 14:34 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-12 14:34 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-12 10:14 . 2008-04-12 10:14 <DIR> d-------- C:\Program Files\Smart Projects
2008-04-12 06:15 . 2008-04-12 06:15 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-11 20:17 . 2008-04-11 20:18 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-04-11 20:12 . 2008-04-11 20:12 <DIR> d-------- C:\Program Files\Autodesk
2008-04-11 18:28 . 2008-04-11 20:22 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\Autodesk
2008-04-11 18:28 . 2008-04-11 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-11 18:26 . 2008-04-11 20:19 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-10 21:16 . 2007-05-22 11:02 163,840 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-10 21:12 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-10 21:09 . 2008-04-10 21:09 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-10 21:07 . 2008-04-10 21:07 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-10 21:06 . 2008-04-10 21:06 <DIR> d-------- C:\Documents and Settings\selva kumar\Application Data\InstallShield
2008-04-10 21:05 . 2008-04-10 21:07 <DIR> d-------- C:\Program Files\Realtek
2008-04-10 21:05 . 2008-04-25 09:26 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 11:03 4,707,328 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-10 15:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-10 11:22 16,861,184 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-04-02 03:57 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
.

((((((((((((((((((((((((((((( [email protected]_19.11.49.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-01 13:37:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 15:16:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 15:16:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_130.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2008-04-13 17:57 3158016]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 19:34 3084288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tyo14.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 00:01]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 00:05]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-03 00:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 18:43:00 C:\WINDOWS\Tasks\WinXP Manager Live Update.job"
- C:\Program Files\Yamicsoft\WinXP Manager\LiveUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 20:46:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-05-01 20:50:02 - machine was rebooted [selva kumar]
ComboFix-quarantined-files.txt 2008-05-01 15:19:57
ComboFix2.txt 2008-05-01 14:08:23
ComboFix3.txt 2008-05-01 13:42:06

Pre-Run: 4,703,019,008 bytes free
Post-Run: 4,700,348,416 bytes free

234 --- E O F --- 2008-04-17 14:18:28
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Also tell me how your PC is running
  • 0

#10
selva

selva

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
The system speed is ok now..........

This is the scan report................

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 01, 2008 11:02:46 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/05/2008
Kaspersky Anti-Virus database records: 734176
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 68344
Number of viruses found: 12
Number of infected objects: 52
Number of suspicious objects: 0
Duration of the scan process: 00:47:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\selva kumar\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\selva kumar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\selva kumar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\selva kumar\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\selva kumar\Local Settings\Temp\~DF929D.tmp Object is locked skipped
C:\Documents and Settings\selva kumar\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\selva kumar\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\selva kumar\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1535.exe.vir Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qelv.exe.vir Infected: Trojan.Win32.Agent.ldh skipped
C:\QooBox\Quarantine\catchme2008-05-01_190604.30.zip/WinData.cab Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\QooBox\Quarantine\catchme2008-05-01_190604.30.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-05-01_204441.96.zip/Tyo14.sys Infected: Trojan-Downloader.Win32.Agent.nsl skipped
C:\QooBox\Quarantine\catchme2008-05-01_204441.96.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP57\A0015614.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP58\A0015616.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP58\A0015616.exe/data.rar/serial.exe Infected: Trojan-Downloader.Win32.Small.usn skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP58\A0015616.exe/data.rar Infected: Trojan-Downloader.Win32.Small.usn skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP58\A0015616.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP61\A0016413.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP61\A0016482.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP61\A0016497.sys Infected: Trojan-Downloader.Win32.Agent.nsl skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP61\A0016504.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP61\A0016516.sys Infected: Trojan-Downloader.Win32.Agent.nsl skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP62\A0016648.exe Infected: Trojan-Downloader.Win32.Injecter.pf skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP62\A0016660.exe Infected: Backdoor.Win32.Small.dnw skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0016677.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0016686.sys Infected: Trojan-Downloader.Win32.Agent.nsl skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0017206.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0017227.sys Infected: Trojan-Downloader.Win32.Agent.nsl skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0017349.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0017357.sys Infected: Trojan-Downloader.Win32.Agent.nsl skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0017358.exe Infected: Trojan-Dropper.Win32.Agent.doi skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0017370.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0017380.sys Infected: Trojan-Downloader.Win32.Agent.nsl skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0017447.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0018447.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0018462.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0018483.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0018534.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0018587.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0018600.exe Infected: Trojan.Win32.Agent.ldh skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0018601.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0019549.exe Infected: SpamTool.Win32.Agent.iu skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0019558.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0019578.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0020578.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0020591.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0020599.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0020609.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0020609.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0020609.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP64\A0020621.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP65\A0020644.dll Infected: Trojan-Downloader.Win32.Small.vaa skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP65\A0020645.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP67\A0020864.exe Infected: Trojan.Win32.Agent.ldh skipped
C:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP67\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd8893.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_130.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOAWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP67\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP67\change.log Object is locked skipped
F:\Essentials\NOD32_2008_By_eLiTe-X_Aka_JamieOhanlon.rar/NOD32_2008_By_eLiTe-X_Aka_JamieOhanlon/NOD32 2008 Final 1.4.exe/AutoPlay/Docs/Patch/NodLogin 8.0b7 Final/setup.exe/script.au3 Infected: Trojan.Win32.KillAV.rx skipped
F:\Essentials\NOD32_2008_By_eLiTe-X_Aka_JamieOhanlon.rar/NOD32_2008_By_eLiTe-X_Aka_JamieOhanlon/NOD32 2008 Final 1.4.exe/AutoPlay/Docs/Patch/NodLogin 8.0b7 Final/setup.exe Infected: Trojan.Win32.KillAV.rx skipped
F:\Essentials\NOD32_2008_By_eLiTe-X_Aka_JamieOhanlon.rar/NOD32_2008_By_eLiTe-X_Aka_JamieOhanlon/NOD32 2008 Final 1.4.exe Infected: Trojan.Win32.KillAV.rx skipped
F:\Essentials\NOD32_2008_By_eLiTe-X_Aka_JamieOhanlon.rar RAR: infected - 3 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{D7F2BBFB-8AC3-446D-BAD5-4F7BB2DB39E3}\RP67\change.log Object is locked skipped

Scan process completed.
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    F:\Essentials\NOD32_2008_By_eLiTe-X_Aka_JamieOhanlon.rar
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#12
selva

selva

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Explorer killed successfully
F:\Essentials\NOD32_2008_By_eLiTe-X_Aka_JamieOhanlon.rar moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05012008_232059
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image


  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#14
selva

selva

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:41 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\YOUConnect\YOUConnect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFA8C5C9-8800-404E-A90B-847C62DEF85B}: NameServer = 203.187.244.13 203.187.192.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 5553 bytes
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

Follow the steps in my previous post
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP