Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

laptop infected with malware and trojans

Started by M a f i a , Jul 02 2008 05:08 PM

  • Please log in to reply

#1
M a f i a
Posted 02 July 2008 - 05:08 PM

M a f i a

    Member

  • Member
  • PipPip
  • 28 posts
hello once again. my laptop boots up with a fake windows security alert in the taskbar and a yellow box saying that "this computer in infected with a new version of spyware.cyber-x". somehow this has prevented me from running certain programs such as firefox, hijackthis.exe, spybot, smitfraudfix etc. it also prevents me from accessing sites like this one (geekstogo.com) and other sites of a similar nature. im currently using a very old laptop to access this site for help.
another point to note is that spybot, adaware, kaspersky online scanner and zone alarm updates do not seem to update and say theres a connection error. i dont know if this is related.
i managed to get a HJT log by renaming the exe file. furthermore the smitfraud didnt seem to help after running in safe mode.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:45, on 02/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\444.471
C:\WINDOWS\portsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\admtray.exe
C:\DOCUME~1\MONALC~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\DOCUMENTS AND SETTINGS\MONAL CHAUHAN\DESKTOP\PROCESSEXPLORER\PROCEXP.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\windows\system32\rswnw64r.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\lphc5wmj0e39j.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\WINDOWS\system32\mcntrtdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...=EC010227221033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TE3219~1.DLL
O2 - BHO: (no name) - {1C05D7F0-631A-3591-D2AA-0659F49135A7} - C:\Documents and Settings\All Users\Application Data\DbApi\MsgMnt.dll
O2 - BHO: {9ce6fb17-8520-e93b-9814-5f08a8341e73} - {37e1438a-80f5-4189-b39e-025871bf6ec9} - C:\WINDOWS\system32\utkeyc.dll
O2 - BHO: (no name) - {4E3E60F5-F691-475F-AFBA-CF9FCAB47C15} - C:\WINDOWS\system32\jkkKcCsS.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\pwvtdmrv.dll
O2 - BHO: (no name) - {6C6D14FD-D421-4845-B0DB-5837FFCB19F5} - C:\WINDOWS\system32\opnmMCRh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [winsock32] C:\WINDOWS\system32:winsock32.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntrtdm.exe DWram1FF
O4 - HKLM\..\Run: [{1E-EB-BF-F3-DW}] C:\windows\system32\rswnw64r.exe DWram1FF
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [lphc5wmj0e39j] C:\WINDOWS\system32\lphc5wmj0e39j.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [hMFa1OvH4R] C:\Documents and Settings\All Users\Application Data\zgxgpuho\tkjqtqdw.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntrtdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64r.exe
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1208290438437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1208290413312
O20 - Winlogon Notify: jkkKcCsS - C:\WINDOWS\SYSTEM32\jkkKcCsS.dll
O21 - SSODL: chkstrwin - {43261A21-CBD0-3DD0-C2CF-04C9F11025A8} - C:\Program Files\flghaif\chkstrwin.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - G:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.471.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13189 bytes
  • 0

Advertisements

#2
Jimmy2012
Posted 02 July 2008 - 07:35 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello M a f i a. I'm currently reading over your log right now and I'll do my best to try to get your system clean. :)

Since I'm still in training, there may be a slight delay between my posts because they must be checked by an expert.
  • 0

#3
M a f i a
Posted 03 July 2008 - 06:13 AM

M a f i a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
i also getting a similar problem to another topic that is on this forum with the fake screensaver located here:

http://www.geekstogo...er-t202537.html

dunno if this helps

edit:

all my spyware and virus definintions for the software installed are not updating for some reason. i tried to do an online scanner but the sites are all blocked except for one. the scanners are located at this site: http://hubpages.com/...line-Virus-Scan. Out of the ten only one is not blocked and thats ewido.

Edited by M a f i a, 04 July 2008 - 06:02 AM.

  • 0

#4
Jimmy2012
Posted 05 July 2008 - 02:24 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello M a f i a,
If you have any questions please feel free to ask. :)

From what you said you may need to download ComboFix on another computer and move it to the infected one to run it. If you need help doing this please let me know.

STEP 1
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
M a f i a
Posted 06 July 2008 - 12:18 PM

M a f i a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
i ran the combofix but i had to change the filename in order for it to run ( i know i wasnt supposed to)

anyway after rebooting the combofix seems to have solved the problem and now i can access the websites including this one that was blocked :) .
i can also update my virus and spyware definitions.

heres the Combofix log:

ComboFix 08-07-05.1 - Monal Chauhan 2008-07-06 17:08:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.176 [GMT 1:00]
Running from: C:\Documents and Settings\Monal Chauhan\Desktop\Combo.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Monal Chauhan\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Monal Chauhan\Start Menu\Programs\Startup\DW_Start.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\444.471
C:\WINDOWS\cookies.ini
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msnimport.exe
C:\WINDOWS\muotr.so
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\awtqnkhe.dll
C:\WINDOWS\system32\bfrwxemq.dll
C:\WINDOWS\system32\blphc5wmj0e39j.scr
C:\WINDOWS\system32\byXOhEtT.dll
C:\WINDOWS\system32\cbXNEtqO.dll
C:\WINDOWS\system32\cbXQihHw.dll
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\ddcBSIyW.dll
C:\WINDOWS\system32\ddcYrQjK.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\edsrnbnh.dll
C:\WINDOWS\system32\fjqirdoi.ini
C:\WINDOWS\system32\fylxmqoy.dll
C:\WINDOWS\system32\g12.exe
C:\WINDOWS\system32\geBtQjGw.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\hbbjmgaj.ini
C:\WINDOWS\system32\hgGxxxUL.dll
C:\WINDOWS\system32\hRCMmnpo.ini
C:\WINDOWS\system32\hRCMmnpo.ini2
C:\WINDOWS\system32\iifeDtSK.dll
C:\WINDOWS\system32\iodriqjf.dll
C:\WINDOWS\system32\jagmjbbh.dll
C:\WINDOWS\system32\jkkKcCsS.dll
C:\WINDOWS\system32\khfCssTM.dll
C:\WINDOWS\system32\kmkrtnho.ini
C:\WINDOWS\system32\lgqihlur.ini
C:\WINDOWS\system32\lphc5wmj0e39j.exe
C:\WINDOWS\system32\lxfouadj.dll
C:\WINDOWS\system32\mcntrtdm.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhmyrt.dll
C:\WINDOWS\system32\mlJAtUKd.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\nnnNHaww.dll
C:\WINDOWS\system32\ofgroyta.dll
C:\WINDOWS\system32\opnlJbXR.dll
C:\WINDOWS\system32\opnmMCRh.dll
C:\WINDOWS\system32\opnopPIx.dll
C:\WINDOWS\system32\oquvyc.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\phc5wmj0e39j.bmp
C:\WINDOWS\system32\pmnoLdBs.dll
C:\WINDOWS\system32\pwvtdmrv.dll
C:\WINDOWS\system32\qakkjeys.dll
C:\WINDOWS\system32\qoMcbxWP.dll
C:\WINDOWS\system32\qoMfcCRh.dll
C:\WINDOWS\system32\rpdfhmmm.dll
C:\WINDOWS\system32\rqRhEWom.dll
C:\WINDOWS\system32\rqRJBSKB.dll
C:\WINDOWS\system32\rqRJCTlm.dll
C:\WINDOWS\system32\rqRKETkJ.dll
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\sjrwsjkx.ini
C:\WINDOWS\system32\spywarewarning.mht
C:\WINDOWS\system32\spywarewarning2.mht
C:\WINDOWS\system32\ssqOICVm.dll
C:\WINDOWS\system32\ssqPjIYq.dll
C:\WINDOWS\system32\svvzdl.dll
C:\WINDOWS\system32\tcntaxdm.exe
C:\WINDOWS\system32\urqNDUMc.dll
C:\WINDOWS\system32\utkeyc.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wqaouqrj.ini
C:\WINDOWS\system32\wvUNEtTK.dll
C:\WINDOWS\system32\xfjtxjot.ini
C:\WINDOWS\system32\xkjswrjs.dll
C:\WINDOWS\system32\yayaWMcb.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\Web\def.htm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC


((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-04 16:51 . 2008-07-04 16:51 9,662 --a------ C:\WINDOWS\system32\blackip.ico
2008-07-03 21:46 . 2008-07-03 21:46 <DIR> d-------- C:\Program Files\Panda Security
2008-07-03 21:18 . 2008-07-03 21:18 <DIR> d-------- C:\VundoFix Backups
2008-07-03 11:04 . 2008-07-03 11:04 13,942 --a------ C:\WINDOWS\system32\N90-002.ico
2008-07-02 23:48 . 2008-07-02 23:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-02 23:48 . 2008-07-02 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-02 22:15 . 2008-07-02 22:15 <DIR> d-------- C:\Documents and Settings\Monal Chauhan\Application Data\shc3wmj0e39j
2008-07-02 22:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-02 22:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-02 22:00 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-02 22:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-02 22:00 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-02 22:00 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-02 22:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-02 22:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-02 22:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-02 21:39 . 2008-07-02 21:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-02 21:39 . 2008-07-03 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-02 20:42 . 2008-07-02 20:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 01:04 . 2008-07-02 22:02 5,232 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-01 23:50 . 2008-07-01 23:50 39,740 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-01 23:41 . 2008-07-01 23:41 <DIR> d-------- C:\Program Files\PC-Antispy
2008-07-01 23:39 . 2008-07-01 23:40 <DIR> d-------- C:\Program Files\Safari
2008-07-01 23:38 . 2008-07-01 23:38 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-01 23:20 . 2008-07-01 23:20 <DIR> d-------- C:\Documents and Settings\Monal Chauhan\Application Data\MailFrontier
2008-07-01 23:15 . 2008-07-06 17:25 3,248,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-01 23:15 . 2008-07-06 17:21 45,608 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-01 23:09 . 2008-07-02 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-01 23:09 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-07-01 23:09 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-07-01 21:54 . 2008-07-01 21:54 <DIR> d-------- C:\Program Files\Zone Labs
2008-07-01 21:54 . 2008-07-06 17:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-01 21:53 . 2008-07-06 14:15 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-07-01 21:49 . 2008-07-01 21:49 49,170 --a------ C:\WINDOWS\system32\rswnw64r.exe
2008-07-01 21:39 . 2008-07-01 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-01 21:38 . 2008-07-01 21:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 18:30 . 2008-07-01 18:30 63,902 --a------ C:\WINDOWS\system32\{5a1d39b9-b092-c17d-d045-4108e15048bf}.dll-uninst.exe
2008-07-01 17:26 . 2008-07-01 17:26 <DIR> d-------- C:\Program Files\flghaif
2008-07-01 17:26 . 2008-07-01 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zgxgpuho
2008-07-01 17:26 . 2008-07-01 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DbApi
2008-07-01 17:26 . 2008-07-01 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ApiAppApl
2008-07-01 17:26 . 2008-07-01 17:26 86,016 --a------ C:\WINDOWS\system32\titaxoby.exe
2008-07-01 14:52 . 2008-07-06 13:00 <DIR> d-------- C:\WINDOWS\system32\1301
2008-07-01 12:49 . 2008-07-01 12:49 98,816 -rahs---- C:\WINDOWS\system32\algq.exe
2008-07-01 12:01 . 2008-07-01 12:01 <DIR> d-------- C:\WINDOWS\system32\netrax06
2008-07-01 12:01 . 2008-07-01 12:01 <DIR> d-------- C:\WINDOWS\system32\ISx
2008-07-01 12:01 . 2008-07-01 12:01 <DIR> d-------- C:\WINDOWS\system32\FOD1
2008-07-01 12:01 . 2008-07-01 12:01 <DIR> d-------- C:\WINDOWS\system32\AP
2008-07-01 12:01 . 2008-07-01 12:01 <DIR> d-------- C:\Temp\itmp4
2008-07-01 12:01 . 2008-07-06 17:09 <DIR> d-------- C:\Temp
2008-07-01 12:00 . 2008-07-01 12:00 23,048 --a------ C:\WINDOWS\444.476
2008-07-01 12:00 . 2008-07-01 12:00 20,996 --a------ C:\WINDOWS\sysopt.exe
2008-07-01 12:00 . 2008-07-01 12:00 14,848 --a------ C:\WINDOWS\system32\sysopt32.dll
2008-07-01 12:00 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-30 23:46 . 2008-06-30 23:46 <DIR> d-------- C:\Program Files\Rockstar Games
2008-06-30 23:44 . 2008-06-30 23:44 <DIR> d-------- C:\Documents and Settings\Monal Chauhan\WINDOWS
2008-06-26 21:29 . 2008-06-26 21:29 <DIR> d-------- C:\Program Files\Audacity
2008-06-25 12:05 . 2008-06-25 12:07 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-21 19:32 . 2008-06-21 19:32 1,409 --a------ C:\WINDOWS\system32\tmp75DCD.FOT
2008-06-16 12:32 . 2008-06-16 12:32 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-16 12:32 . 2008-06-16 12:33 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-12 17:04 . 2008-04-06 18:21 734,865,394 --a------ C:\TaRaRumPum.2007.DVDRip.700MB.BY.Deejam.avi
2008-06-12 17:04 . 2006-11-14 21:50 591,536,109 --a------ C:\Vivah Good Print.wmv
2008-06-12 17:03 . 2008-04-06 19:00 718,005,149 --a------ C:\aaja_20nachle.mp4
2008-06-11 11:00 . 2008-06-13 12:05 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 11:00 . 2008-05-08 15:02 203,136 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-09 19:23 . 2008-06-09 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-06-09 19:14 . 2008-06-09 19:14 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-08 20:24 . 2008-06-08 21:03 <DIR> dr------- C:\Program Files\TypingMaster
2008-06-08 20:24 . 2008-06-08 21:53 <DIR> d-------- C:\Documents and Settings\Monal Chauhan\Application Data\TypingMaster7
2008-06-08 03:16 . 2008-06-08 03:16 32,768 --a------ C:\WINDOWS\system32\netrax06\netrax061083.exe
2008-06-06 18:06 . 2008-06-06 18:08 <DIR> d-------- C:\Documents and Settings\Monal Chauhan\Application Data\Autodesk
2008-06-06 18:00 . 2008-06-06 18:00 <DIR> d-------- C:\Program Files\turbo squid tentacles
2008-06-06 17:58 . 2008-06-06 17:58 <DIR> d-------- C:\Program Files\Autodesk
2008-06-06 17:58 . 2008-06-06 17:58 231 --a------ C:\WINDOWS\system32\3dsmax.ini
2008-06-06 17:58 . 2008-06-06 17:58 43 --a------ C:\WINDOWS\system32\InstallSettings.ini
2008-06-06 17:18 . 2008-06-06 17:58 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-06 17:17 . 2008-06-13 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-06 17:12 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-06 17:12 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-06-06 17:12 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-06-06 17:12 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-06 17:12 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 16:25 49,177 ----a-w C:\WINDOWS\system32\rwwnw64d.exe
2008-07-03 21:00 1,586,688 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-01 22:41 --------- d-----w C:\Documents and Settings\Monal Chauhan\Application Data\Apple Computer
2008-07-01 21:53 --------- d-----w C:\Program Files\CA
2008-07-01 20:33 --------- d-----w C:\Documents and Settings\Monal Chauhan\Application Data\Lavasoft
2008-06-18 22:57 --------- d-----w C:\Program Files\Azureus
2008-06-18 22:57 --------- d-----w C:\Documents and Settings\Monal Chauhan\Application Data\Azureus
2008-06-17 22:48 --------- d-----w C:\Documents and Settings\Monal Chauhan\Application Data\.easytag
2008-06-16 11:35 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 18:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-30 13:52 --------- d-----w C:\Program Files\URLSnooper2
2008-05-28 23:28 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-26 21:55 --------- d-----w C:\Program Files\Winamp
2008-05-24 17:37 --------- d-----w C:\Program Files\PowerISO
2008-05-22 19:54 --------- d-----w C:\Documents and Settings\Monal Chauhan\Application Data\AdobeUM
2008-05-22 00:00 32,241 ----a-w C:\report.zip
2008-05-21 22:32 --------- d-----w C:\Program Files\EasyTAG
2008-05-21 22:31 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-16 18:59 --------- d-----w C:\Program Files\IEInspector
2008-05-15 20:29 --------- d-----w C:\Documents and Settings\Monal Chauhan\Application Data\iLibs
2008-05-15 20:27 --------- d-----w C:\Program Files\WindSolutions
2008-05-15 19:36 --------- d-----w C:\Program Files\iTunes
2008-05-15 19:35 --------- d-----w C:\Program Files\iPod
2008-05-15 19:35 --------- d-----w C:\Program Files\Bonjour
2008-05-15 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 19:34 --------- d-----w C:\Program Files\QuickTime
2008-05-15 19:32 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-15 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-12 23:34 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-05-12 23:33 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-12 23:29 --------- d-----w C:\Program Files\Ultra MP4 Video Converter
2008-05-10 22:58 --------- d-----w C:\Program Files\Moyea
2008-05-10 22:58 --------- d-----w C:\Documents and Settings\Monal Chauhan\Application Data\Moyea
2008-05-08 18:52 --------- d-----w C:\Program Files\SolidWorks
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 20:51 --------- d-----w C:\Documents and Settings\Monal Chauhan\Application Data\EPSON
2008-04-23 21:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 22:24 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-04-14 04:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 04:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 04:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 04:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 04:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 04:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 04:40 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll
2008-04-14 04:40 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll
2008-04-14 04:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 04:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 04:40 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 04:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 04:40 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll
2008-04-14 04:40 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll
2008-04-14 04:40 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll
2008-04-14 00:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 23:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 23:54 2,145,280 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-04-13 23:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 23:13 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 23:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 23:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 23:01 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 23:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 22:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 22:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 22:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 22:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 22:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 22:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 21:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 21:57 79,872 ----a-w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 21:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 21:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 21:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 21:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 21:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 21:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 21:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 21:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 21:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 21:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 21:13 70,144 ----a-w C:\WINDOWS\system32\dllcache\pintlphr.exe
2008-04-13 20:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 20:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 20:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C05D7F0-631A-3591-D2AA-0659F49135A7}]
2008-07-01 17:26 73728 --a------ C:\Documents and Settings\All Users\Application Data\DbApi\MsgMnt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 15:05 729177]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2005-12-13 17:08 344064]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-18 16:06 3079680]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2005-11-24 12:45 589824]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 17:00 397312]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 16:00 155648]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 14:09 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 00:50 233472]
"{1E-EB-BF-F3-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-07-06 17:25 49177]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"ExploreUpdSched"="C:\WINDOWS\system32\tcntaxdm.exe" [2008-07-06 17:26 200774]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-17 11:27 15600128 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]

C:\Documents and Settings\Monal Chauhan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 113664]
Deewoo.lnk - C:\WINDOWS\system32\tcntaxdm.exe [7/6/2008 5:26:29 PM 200774]
DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [7/6/2008 5:25:29 PM 49177]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"chkstrwin"= {43261A21-CBD0-3DD0-C2CF-04C9F11025A8} - C:\Program Files\flghaif\chkstrwin.dll [2008-07-01 17:26 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\program files\\texthelp systems\\read and write 8\\mind mapper\\Property Controller.exe"=
"c:\\program files\\texthelp systems\\read and write 8\\mind mapper\\MindMapLauncher.exe"=
"c:\\program files\\texthelp systems\\read and write 8\\RW8.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 22:38]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-14 20:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c37265e-0b9b-11dd-8adf-00130207cf10}]
\Shell\AutoRun\command - H:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae84a593-0d5d-11dd-8ae6-00130207cf10}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae84a5a0-0d5d-11dd-8ae6-00130207cf10}]
\Shell\AutoRun\command - F:\.\Start.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-04 12:40:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-winsock32 - C:\WINDOWS\system32:winsock32.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-a481eb5c - C:\WINDOWS\system32\jagmjbbh.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 17:23:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\msnav32.ax 104 bytes
C:\WINDOWS\system32\rwwnw64d.exe 49177 bytes executable
C:\WINDOWS\system32\tcntaxdm.exe 200774 bytes executable
C:\WINDOWS\system32\winpfz33.sys 847 bytes
C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes

scan completed successfully
hidden files: 5

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\flghaif\chkstrwin.dll
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\MONALC~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
.
**************************************************************************
.
Completion time: 2008-07-06 17:31:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 16:31:20

Pre-Run: 1,498,378,240 bytes free
Post-Run: 1,543,331,840 bytes free

433 --- E O F --- 2008-06-21 19:09:53
  • 0

#6
M a f i a
Posted 06 July 2008 - 12:20 PM

M a f i a

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
oh yeah, heres to HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:48, on 06/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\MONALC~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\rwwnw64d.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\tcntaxdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...=EC010227221033
O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TE3219~1.DLL
O2 - BHO: (no name) - {1C05D7F0-631A-3591-D2AA-0659F49135A7} - C:\Documents and Settings\All Users\Application Data\DbApi\MsgMnt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [{1E-EB-BF-F3-DW}] c:\windows\system32\rwwnw64d.exe DWram1FF
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1208290438437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1208290413312
O21 - SSODL: chkstrwin - {43261A21-CBD0-3DD0-C2CF-04C9F11025A8} - C:\Program Files\flghaif\chkstrwin.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - G:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11707 bytes
  • 0

#7
Jimmy2012
Posted 07 July 2008 - 11:45 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello M a f i a,

anyway after rebooting the combofix seems to have solved the problem and now i can access the websites including this one that was blocked :) .
i can also update my virus and spyware definitions.

That is good to hear :)

I did not see any anti-virus software on your computer. Without any anti-virus software you can get a virus more easily. I recommend that you download a anti-virus program. Here are two to choose from(both of them are free).
AntiVir
AVG
Out of these two I would recommend AntiVir. Please only install one anti-virus on your computer at a time. Running more then one at a time can cause conflicts and can also slow your computer down. If you need any help installing one please let me know.

STEP 1
Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries.

O2 - BHO: (no name) - {1C05D7F0-631A-3591-D2AA-0659F49135A7} - C:\Documents and Settings\All Users\Application Data\DbApi\MsgMnt.dll
O4 - HKLM\..\Run: [{1E-EB-BF-F3-DW}] c:\windows\system32\rwwnw64d.exe DWram1FF
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O21 - SSODL: chkstrwin - {43261A21-CBD0-3DD0-C2CF-04C9F11025A8} - C:\Program Files\flghaif\chkstrwin.dll

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click yes. After you have fixed those entires you can close HijackThis.

Please click Start>Control Panel>Add/Remove Programs. And remove the following programs.(if present)
ViewPoint media player
PC-Antispy

STEP 2
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\blackip.ico
C:\WINDOWS\system32\N90-002.ico
C:\WINDOWS\system32\rswnw64r.exe
C:\WINDOWS\system32\{5a1d39b9-b092-c17d-d045-4108e15048bf}.dll-uninst.exe
C:\WINDOWS\system32\titaxoby.exe
C:\WINDOWS\system32\algq.exe
C:\WINDOWS\sysopt.exe
C:\WINDOWS\system32\sysopt32.dll
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\tmp75DCD.FOT
C:\TaRaRumPum.2007.DVDRip.700MB.BY.Deejam.avi
C:\Vivah Good Print.wmv
C:\aaja_20nachle.mp4
C:\WINDOWS\system32\rwwnw64d.exe
C:\report.zip
C:\WINDOWS\system32\tcntaxdm.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\system32\msnav32.ax

Folder::
C:\Documents and Settings\Monal Chauhan\Application Data\shc3wmj0e39j
C:\Program Files\flghaif
C:\Documents and Settings\All Users\Application Data\zgxgpuho
C:\Documents and Settings\All Users\Application Data\ApiAppApl
C:\WINDOWS\system32\1301
C:\WINDOWS\system32\netrax06
C:\WINDOWS\444.476
C:\Documents and Settings\All Users\Application Data\DbApi
C:\WINDOWS\system32\ISx
C:\WINDOWS\system32\FOD1
C:\WINDOWS\system32\AP
C:\Program Files\PC-Antispy

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP