My Laptop is infected with Torjandownload.xs. I have no clue as of how to remove it. I have currently Mcfee virus scan running, XP as OS.
I have pasted below log of ComboFix log and Hijackthis log. Can anyone Plz help me.
ComboFix 08-06-12.2 - ezhil 2008-06-14 12:37:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.493 [GMT -4:00]
Running from: C:\Documents and Settings\ezhil\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\All Users\Start Menu\Programs\Zango
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Weather.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk
C:\Documents and Settings\ezhil\Application Data\ShoppingReport
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\ezhil\Application Data\WeatherDPA
C:\Documents and Settings\ezhil\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\ezhil\Application Data\Zango
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\277907
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\455563
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744260
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753335
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\ustat\36a1.dat
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\avatar.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Documents and Settings\mani\Application Data\ShoppingReport
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\bostrupd.exe
C:\Program Files\QdrPack\QdrPack17.exe
C:\Program Files\zango
C:\Program Files\zango\bin\10.3.37.0\HostOE.dll.vir
C:\setup.exe
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\000070.exe
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
----- BITS: Possible infected sites -----
hxxp://80.93.48.89
.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.
2008-06-14 11:44 . 2008-06-14 11:44 <DIR> d-------- C:\Program Files\Uniblue
2008-06-14 11:44 . 2008-06-14 11:44 <DIR> d-------- C:\Documents and Settings\ezhil\Application Data\Uniblue
2008-06-14 11:44 . 2008-06-14 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-14 10:25 . 2008-06-14 10:25 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_14_10_25_37.dmp
2008-06-14 10:22 . 2008-06-14 10:22 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_14_10_22_28.dmp
2008-06-14 10:12 . 2008-06-14 10:12 <DIR> d-------- C:\Program Files\GetPack
2008-06-14 10:08 . 2008-06-14 10:08 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_14_10_8_47.dmp
2008-06-14 10:04 . 2008-06-14 10:04 <DIR> d-------- C:\Program Files\iCheck
2008-06-14 10:04 . 2008-06-14 10:05 <DIR> d-------- C:\Program Files\GetModule
2008-06-14 10:04 . 2008-06-14 10:04 114,688 --a------ C:\Documents and Settings\All Users\Application Data\svytedap.dll
2008-06-14 10:03 . 2008-06-14 10:03 114,688 --a------ C:\WINDOWS\svytedap.dll
2008-06-14 10:02 . 2008-06-14 10:02 90,073 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-14 10:01 . 2008-06-14 10:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-14 10:01 . 2008-06-14 10:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-14 05:13 . 2008-06-14 05:13 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_14_5_13_22.dmp
2008-06-12 07:03 . 2008-06-12 07:03 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_12_7_3_48.dmp
2008-06-11 08:48 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:48 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 18:58 . 2008-06-09 18:58 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_9_18_58_46.dmp
2008-06-07 06:30 . 2008-06-07 06:30 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_7_6_30_50.dmp
2008-06-01 16:09 . 2008-06-01 16:09 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_1_16_9_5.dmp
2008-05-31 18:55 . 2008-05-31 18:56 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_31_18_55_57.dmp
2008-05-31 04:50 . 2008-05-31 04:50 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_31_4_50_29.dmp
2008-05-30 21:08 . 2008-05-30 21:08 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_30_21_8_35.dmp
2008-05-30 19:01 . 2008-05-30 19:01 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_30_19_1_7.dmp
2008-05-30 12:29 . 2008-05-30 12:29 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_30_12_29_14.dmp
2008-05-30 05:21 . 2008-05-30 05:21 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_30_5_21_23.dmp
2008-05-29 20:21 . 2008-05-29 20:21 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_29_20_21_47.dmp
2008-05-29 20:15 . 2008-05-29 20:16 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_29_20_15_47.dmp
2008-05-29 06:11 . 2008-05-29 06:11 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_29_6_11_19.dmp
2008-05-28 06:47 . 2008-05-28 06:47 14,444 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_28_6_47_20.dmp
2008-05-27 05:26 . 2008-05-27 05:26 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_27_5_26_15.dmp
2008-05-26 13:53 . 2008-05-26 13:53 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_26_13_53_51.dmp
2008-05-26 05:22 . 2008-05-26 05:22 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_26_5_22_25.dmp
2008-05-23 17:44 . 2008-05-23 17:44 <DIR> d-------- C:\Program Files\Skype
2008-05-23 17:44 . 2008-05-23 17:44 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-23 17:44 . 2008-05-25 08:55 <DIR> d-------- C:\Documents and Settings\ezhil\Application Data\skypePM
2008-05-23 17:44 . 2008-05-23 17:44 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-19 14:12 . 2004-06-10 10:31 135,168 -ra------ C:\WINDOWS\UNDPX2A.exe
2008-05-19 14:12 . 2004-06-10 10:34 53,693 -ra------ C:\WINDOWS\UNDPX2A.sys
2008-05-19 14:12 . 2004-06-09 19:42 15,429 -ra------ C:\WINDOWS\system32\drivers\Sacm2A.sys
2008-05-18 16:18 . 2008-05-18 16:18 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_18_16_18_16.dmp
2008-05-18 16:16 . 2008-05-18 16:16 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_18_16_16_22.dmp
2008-05-18 08:57 . 2008-05-18 08:57 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_18_8_57_27.dmp
2008-05-17 11:07 . 2008-05-17 11:07 <DIR> d-------- C:\Program Files\TVAnts
2008-05-17 04:54 . 2008-05-17 04:54 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_17_4_54_41.dmp
2008-05-16 18:52 . 2008-05-16 18:52 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_16_18_52_35.dmp
2008-05-16 16:09 . 2008-05-16 16:09 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_16_16_9_34.dmp
2008-05-16 05:02 . 2008-05-16 05:02 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_16_5_2_9.dmp
2008-05-14 18:55 . 2008-05-14 18:55 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_14_18_55_35.dmp
2008-05-14 16:47 . 2008-05-14 16:47 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_14_16_47_27.dmp
2008-05-14 09:34 . 2008-05-14 09:34 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_14_9_34_45.dmp
2008-05-14 05:33 . 2008-05-14 05:33 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_14_5_33_34.dmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 16:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 15:25 --------- d-----w C:\Program Files\Trend Micro
2008-06-07 16:52 --------- d-----w C:\Program Files\lx_cats
2008-06-06 21:47 --------- d-----w C:\Documents and Settings\ezhil\Application Data\dvdcss
2008-05-25 14:11 --------- d-----w C:\Documents and Settings\ezhil\Application Data\Skype
2008-05-25 13:03 --------- d-----w C:\Program Files\VoipCheapCom
2008-05-23 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-09 15:18 --------- d-----w C:\Program Files\Java
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-04 17:00 --------- d-----w C:\Program Files\SopCast
2008-04-27 14:07 --------- d-----w C:\Program Files\Google
2008-04-25 19:46 --------- d-----w C:\Program Files\DivX
2008-04-24 11:54 --------- d-----w C:\Documents and Settings\ezhil\Application Data\U3
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 22:38 --------- d-----w C:\Program Files\Xvid
2008-04-16 19:52 --------- d-----w C:\Program Files\Badongo
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2007-06-12 14:14 630,784 ----a-w C:\Documents and Settings\ezhil\GoToAssist_chat2way__317_en.exe
2006-11-09 10:08 0 -c--a-w C:\Documents and Settings\ezhil\Application Data\wklnhst.dat
2006-11-27 00:01 88 -csh--r C:\WINDOWS\system32\D8594F537C.sys
2007-08-13 16:25 88 -csh--r C:\WINDOWS\system32\F58E27CB22.sys
2007-08-13 18:25 6,216 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e50c47ff-bd5a-4267-b628-f8d0fcd61ada}]
2008-06-14 10:04 114688 --a------ C:\Documents and Settings\All Users\Application Data\svytedap.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"= "C:\Program Files\NetProject\wamdl.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Program Files\NetProject\wamdl.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 20:51 3810544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-03 16:02 68856]
"GetModule18"="C:\Program Files\GetModule\GetModule18.exe" [2008-06-09 17:40 351744]
"GetPack18"="C:\Program Files\GetPack\GetPack18.exe" [2008-06-10 05:08 350208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 19:51 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-22 22:52 98304]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 13:45 286720]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 01:10 98304]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 04:11 290816]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 14:38 65536]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-22 22:49:41 24576]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
R2 BMFMySQL;BMFMySQL;"C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe" --defaults-file="C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\my.ini" BMFMySQL []
R2 LogWatch;Event Log Watch;C:\CA_LIC\LogWatNT.exe [2006-10-17 08:29]
R2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];C:\orant\bin\ifsrv60.exe [2002-11-26 20:57]
R2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;C:\oracle\product\10.2.0\db_4\BIN\TNSLSNR []
R2 OracleServiceORCLKAUS;OracleServiceORCLKAUS;c:\oracle\product\10.2.0\db_4\bin\ORACLE.EXE ORCLKAUS []
R2 paldrv;paldrv;C:\WINDOWS\system32\pal_drv.sys [2007-02-11 23:19]
S0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys []
S2 OracleDBConsoleorclkaus;OracleDBConsoleorclkaus;C:\oracle\product\10.2.0\db_4\bin\nmesrvc.exe [2005-08-16 12:21]
S2 OracleJobSchedulerORCLKAUS;OracleJobSchedulerORCLKAUS;c:\oracle\product\10.2.0\db_4\Bin\extjob.exe ORCLKAUS []
S3 CA_LIC_CLNT;CA License Client;"C:\CA_LIC\\lic98rmt.exe" [2006-10-17 08:28]
S3 OracleClientCache80;OracleClientCache80;C:\orant\BIN\ONRSD80.EXE [2002-11-26 20:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6d7e2ac-9447-11db-835d-0015c5b705c3}]
\Shell\AutoRun\command - F:\LaunchU3.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - ENTDRV51
*Newly Created Service* - IKFILESEC
*Newly Created Service* - IKSYSFLT
*Newly Created Service* - IKSYSSEC
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - PROCEXP111
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 16:19:27 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-14 16:19:25 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 12:42:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraDb10g_home1TNSListener]
"ImagePath"="C:\oracle\product\10.2.0\db_4\BIN\TNSLSNR "
.
Completion time: 2008-06-14 12:44:54
ComboFix-quarantined-files.txt 2008-06-14 16:44:39
Pre-Run: 51,393,024,000 bytes free
Post-Run: 54,479,216,640 bytes free
478 --- E O F --- 2008-06-12 03:40:09
-------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:39 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
C:\CA_LIC\LogWatNT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\orant\bin\ifsrv60.exe
C:\oracle\product\10.2.0\db_4\bin\isqlplussvc.exe
C:\oracle\product\10.2.0\db_4\BIN\TNSLSNR.exe
c:\oracle\product\10.2.0\db_4\bin\ORACLE.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\oracle\product\10.2.0\db_4\jdk\bin\java.exe
C:\orant\bin\ifweb60.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\DAP\DAP.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysea...l?gname=Kausika
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202946228.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e50c47ff-bd5a-4267-b628-f8d0fcd61ada} - C:\Documents and Settings\All Users\Application Data\svytedap.dll
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file: