Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please somebody help me remove Tanatos.M and Heur

Started by chickov , Dec 18 2008 12:14 PM

  • Please log in to reply

#1
chickov
Posted 18 December 2008 - 12:14 PM

chickov

    New Member

  • Member
  • Pip
  • 8 posts
The following is my combo fix log....

ComboFix 08-12-17.01 - User 2008-12-18 23:24:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.501.163 [GMT -8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
* Created a new restore point
.
/wow section - STAGE 32A


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\gadcom
c:\documents and settings\User\Local Settings\Temporary Internet Files\fbk.sts

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-18 20:57 . 2008-12-18 18:18 <DIR> d-------- c:\program files\Common Files\AntiGA 2.0 Addon Tools
2008-12-18 20:50 . 2008-12-18 20:50 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-12-18 19:06 . 2008-12-18 19:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-12-18 18:11 . 2008-12-18 18:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-18 18:11 . 2008-12-18 18:11 <DIR> d-------- c:\program files\AVG
2008-12-18 18:11 . 2008-12-18 18:11 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-18 18:11 . 2008-12-18 18:11 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-18 18:11 . 2008-12-18 18:11 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-18 07:51 . 2008-12-18 07:51 <DIR> d-------- c:\documents and settings\User\Application Data\dvdcss
2008-12-18 03:20 . 2008-12-18 03:20 <DIR> d-------- c:\documents and settings\User\Application Data\vlc
2008-12-17 12:41 . 2008-12-17 12:41 <DIR> d-------- c:\program files\Earth
2008-12-16 23:40 . 2008-12-17 10:58 <DIR> d-------- c:\documents and settings\User\.SunDownloadManager
2008-12-15 23:18 . 2008-12-15 23:21 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-15 10:03 . 2008-12-15 10:03 <DIR> d-------- c:\program files\AL-Software
2008-12-15 09:22 . 2008-12-15 09:22 66 --a------ c:\windows\Power Video Converter.INI
2008-12-15 09:04 . 2008-12-15 09:21 <DIR> d-------- c:\program files\Net2Phone
2008-12-15 09:04 . 1999-11-01 15:04 2,238 --a------ c:\windows\system32\n2p.ico
2008-12-15 09:04 . 1999-11-01 15:04 2,238 --a------ c:\windows\n2p.ico
2008-12-15 09:04 . 2008-12-15 09:11 395 --a------ c:\windows\Net2fone.ini
2008-12-15 08:13 . 2008-12-15 08:14 <DIR> d-------- c:\program files\Yahoo!
2008-12-15 08:05 . 2008-12-15 08:15 <DIR> d-------- c:\documents and settings\User\Contacts
2008-12-13 15:00 . 2006-04-20 05:34 1,213,952 --------- c:\windows\LHFSD2.cab
2008-12-13 15:00 . 2006-04-20 05:34 1,069,568 --------- c:\windows\LHFSD1.CAB
2008-12-13 15:00 . 2006-04-20 05:34 150,594 --------- c:\windows\LHFSD3.cab
2008-12-13 15:00 . 2008-12-13 15:00 332 --a------ c:\windows\ST6UNST.000
2008-12-12 23:11 . 2008-12-12 23:11 1,700,352 --a------ c:\windows\system32\gdiplus.dll
2008-12-12 18:17 . 2008-12-18 18:11 <DIR> d-------- c:\program files\AVG8
2008-12-11 17:37 . 2008-12-11 17:38 <DIR> d-------- c:\documents and settings\User\Application Data\Nero
2008-12-11 17:20 . 2008-12-11 17:34 <DIR> d-------- c:\program files\Common Files\Nero
2008-12-11 17:20 . 2008-12-11 17:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2008-12-11 00:40 . 2008-12-11 00:40 <DIR> d-------- C:\VideoConvert
2008-12-10 23:05 . 2008-12-10 23:05 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-12-10 21:22 . 2008-12-11 17:27 <DIR> d-------- c:\program files\Nero
2008-12-08 00:25 . 2008-12-08 00:25 <DIR> d-------- c:\windows\Sun
2008-12-07 03:37 . 2004-08-03 11:26 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-07 03:18 . 2008-12-07 03:18 <DIR> d-------- c:\program files\Java
2008-12-07 03:18 . 2008-12-07 03:18 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-07 03:18 . 2008-12-07 03:18 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-07 02:13 . 2008-12-10 08:05 <DIR> d-------- c:\documents and settings\User\Application Data\skypePM
2008-12-07 02:13 . 2008-12-07 02:13 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-07 02:12 . 2008-12-10 10:45 <DIR> d-------- c:\documents and settings\User\Application Data\Skype
2008-12-07 02:10 . 2008-12-07 02:10 <DIR> d-------- c:\program files\Skype
2008-12-07 02:10 . 2008-12-07 02:10 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-07 02:10 . 2008-12-07 02:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-07 00:03 . 2008-12-07 00:03 <DIR> d-------- c:\windows\system32\Adobe
2008-12-04 03:42 . 2008-09-12 02:44 206,256 --a------ c:\windows\system32\idmmbc.dll
2008-12-02 15:32 . 2008-12-18 03:15 <DIR> d-------- c:\program files\VideoLAN
2008-11-27 19:21 . 2008-11-27 20:25 <DIR> d-------- c:\documents and settings\User\Application Data\TeamViewer
2008-11-27 19:20 . 2008-11-27 19:20 <DIR> d-------- c:\documents and settings\User\temp
2008-11-24 23:38 . 2008-11-24 23:38 98,304 --a------ c:\windows\system32\prjChameleon.ocx
2008-11-24 23:34 . 2008-11-24 23:34 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-24 23:29 . 2008-11-24 23:25 109,248 --a------ c:\windows\system32\MSWINSCK.OCX
2008-11-24 18:34 . 2008-12-15 23:21 <DIR> d-------- c:\program files\Internet Download Manager
2008-11-24 18:34 . 2008-12-18 23:03 <DIR> d-------- c:\documents and settings\User\Application Data\IDM
2008-11-24 14:30 . 2008-12-11 17:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-24 14:27 . 2008-11-24 14:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\FlashFXP
2008-11-21 17:02 . 2008-11-22 04:53 120 --a------ c:\windows\AVAideDVDtomkv.ini
2008-11-21 16:18 . 2008-11-21 17:02 1 --a------ c:\windows\system32\AvaideDVDtomkv.dat
2008-11-19 23:22 . 2008-11-19 23:22 <DIR> d-------- c:\program files\Total Video Converter
2008-11-19 05:55 . 2003-03-13 12:51 1,461 --a------ c:\windows\system32\drivers\camcodec.inf
2008-11-19 05:31 . 2008-12-18 23:03 <DIR> d-------- c:\program files\NIIT - Test Engine
2008-11-19 05:30 . 2008-12-18 23:03 <DIR> d-------- c:\program files\Online Testing Database
2008-11-19 05:28 . 2008-11-19 05:31 288 --a------ c:\windows\ODBC.INI
2008-11-19 05:27 . 2008-12-18 23:03 <DIR> d-------- c:\program files\NIIT - Administration
2008-11-19 05:27 . 2008-11-19 05:30 286,720 --------- c:\windows\Setup1.exe
2008-11-19 05:27 . 2008-12-13 15:00 73,216 --a------ c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 07:20 --------- d-----w c:\documents and settings\User\Application Data\DMCache
2008-12-19 07:03 --------- d-----w c:\program files\MyPhoneExplorer
2008-12-19 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-19 00:03 --------- d-----w c:\documents and settings\User\Application Data\SolidDocuments
2008-12-18 00:56 --------- d-----w c:\documents and settings\User\Application Data\MyPhoneExplorer
2008-12-17 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-12 01:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 23:18 --------- d-----w c:\program files\Common Files\Ahead
2008-11-24 19:31 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-18 08:38 --------- d-----w c:\program files\Free Hide Folder
2008-11-18 08:03 --------- d-----w c:\program files\Creative
2008-11-18 00:02 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-17 22:18 --------- d-----w c:\documents and settings\User\Application Data\Yahoo!
2008-11-16 21:56 --------- d-----w c:\documents and settings\User\Application Data\Talkback
2008-11-16 20:12 --------- d--h--r c:\documents and settings\User\Application Data\SecuROM
2008-11-16 11:03 --------- d-----w c:\program files\Intel
2008-11-15 08:42 --------- d-----w c:\program files\TuneUp Utilities 2007
2008-11-15 07:49 --------- d-----w c:\program files\Common Files\Teleca Shared
2008-11-11 19:51 --------- d-----w c:\program files\AusLogics Disk Defrag
2008-11-11 08:25 --------- d-----w c:\documents and settings\User\Application Data\Ahead
2008-11-11 04:31 --------- d-----w c:\documents and settings\User\Application Data\AdobeUM
2008-11-10 04:16 --------- d-----w c:\documents and settings\User\Application Data\Media Player Classic
2008-11-10 02:34 --------- d-----w c:\program files\MagicDisc
2008-11-10 02:33 --------- d-----w c:\program files\MagicISO
2008-11-10 02:20 --------- d-----w c:\program files\SolidDocuments
2008-11-10 02:17 --------- d-----w c:\documents and settings\All Users\Application Data\SolidDocuments
2008-11-10 02:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-10 02:12 --------- d-----w c:\documents and settings\User\Application Data\TuneUp Software
2008-11-10 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-10 02:09 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 02:07 --------- d-----w c:\program files\MP3Cutter
2008-11-10 01:56 --------- d-----w c:\program files\Microsoft Works
2008-11-10 01:14 315,392 ----a-w c:\windows\HideWin.exe
2008-11-10 01:14 --------- d-----w c:\program files\Realtek
2008-11-10 01:03 --------- d-----w c:\program files\MSXML 4.0
2008-11-10 00:25 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-12-04 2741680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-12 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"AVG8_TRAY"="c:\progra~1\AVG8\avgtray.exe" [2008-12-18 1234712]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-12 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-03-12 c:\windows\SkyTel.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"usnjsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-18 97928]
R1 HFCore;HFCore;\??\c:\windows\system32\drivers\HFCore.sys [2006-03-22 13696]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG8\avgemc.exe [2008-12-18 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG8\avgwdsvc.exe [2008-12-18 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-18 76040]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2008-11-10 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2008-11-10 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2008-11-10 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2008-11-10 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2008-11-10 98568]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-11-25 935208]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-12-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {592E5CAF-0EA5-4A79-9DCD-CE5F69A50425} = 218.248.255.194 218.248.255.139
TCP: {BBD5C0DA-7DE3-41E0-B6ED-D05B222739ED} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5up6mnlb.default\
FF - prefs.js: browser.startup.homepage - about blank
FF - component: c:\documents and settings\User\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 23:28:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\netdde.exe
c:\program files\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-12-18 23:34:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-19 07:34:17

Pre-Run: 1,350,189,056 bytes free
Post-Run: 1,378,406,400 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

238 --- E O F --- 2008-11-16 08:25:25

Have you done the Eset online scan? If so, please post me the logs as well.[/quote]

Edited by chickov, 18 December 2008 - 11:22 PM.

  • 0

Advertisements

#2
chickov
Posted 18 December 2008 - 11:32 PM

chickov

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.31 [[[[[ LOG FILE ]]]]]
Database version: 1515
Windows 5.1.2600 Service Pack 2

12/19/2008 12:24:27 AM
mbam-log-2008-12-19 (00-24-27).txt

Scan type: Quick Scan
Objects scanned: 17777
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#3
chickov
Posted 18 December 2008 - 11:33 PM

chickov

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[[[[ RSIT INFO.TXT ]]]]

info.txt logfile of random's system information tool 1.05 2008-12-18 23:51:33

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AntiGA 2.0 Addon Tools (Remove Only)-->C:\Program Files\Common Files\AntiGA 2.0 Addon Tools\uninst.exe
AusLogics Disk Defrag-->"C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG8\setup.exe /UNINSTALL
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers-->Prounstl.exe
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 4.3.4 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.97-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Sound Cutter 1.1-->C:\PROGRA~1\MP3CUT~1\UNWISE.EXE C:\PROGRA~1\MP3CUT~1\INSTALL.LOG
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MyPhoneExplorer-->C:\Program Files\MyPhoneExplorer\uninstall.exe
Nero 9 HD-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0A-86KM-1LM6-E8UU-CXE0-5AXC-U7K3-9X4P"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NIIT Testing - Administration-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\NIIT - Administration\ST6UNST.LOG"
NIIT Testing & Certification-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\NIIT - Test Engine\ST6UNST.LOG"
NIIT Testing And Certification Configuration-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Online Testing Database\Uninst.isu"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SolidConverterPDF-->MsiExec.exe /I{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}
Total Video Converter 3.11-->"C:\Program Files\Total Video Converter\unins000.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: ADMINISTRATOR
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the running state.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20081206001549.000000-480
Event Type: information
User:

Computer Name: ADMINISTRATOR
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20081206001549.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ADMINISTRATOR
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 3
Source Name: Service Control Manager
Time Written: 20081206001549.000000-480
Event Type: information
User:

Computer Name: ADMINISTRATOR
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20081206001538.000000-480
Event Type: information
User:

Computer Name: ADMINISTRATOR
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20081206001538.000000-480
Event Type: information
User:

Application event log

Computer Name: ADMINISTRATOR
Event Code: 1000
Message: Faulting application maxpayne2.exe, version 1.0.97.0, faulting module x_gameobjectsmfc.dll, version 0.0.0.0, fault address 0x0006ecc1.

Record Number: 145
Source Name: Application Error
Time Written: 20081110005451.000000-480
Event Type: error
User:

Computer Name: ADMINISTRATOR
Event Code: 4097
Message: The application, C:\Program Files\Rockstar Games\Max Payne 2\MaxPayne2.exe, generated an application error
The error occurred on 11/10/2008 @ 00:48:51.187
The exception generated was c0000005 at address 0091ECC1 (X_GameObjectsMFC!X_Crosshair__update)

Record Number: 144
Source Name: DrWatson
Time Written: 20081110004851.000000-480
Event Type: information
User:

Computer Name: ADMINISTRATOR
Event Code: 1000
Message: Faulting application maxpayne2.exe, version 1.0.97.0, faulting module x_gameobjectsmfc.dll, version 0.0.0.0, fault address 0x0006ecc1.

Record Number: 143
Source Name: Application Error
Time Written: 20081110004848.000000-480
Event Type: error
User:

Computer Name: ADMINISTRATOR
Event Code: 4097
Message: The application, C:\Program Files\Rockstar Games\Max Payne 2\MaxPayne2.exe, generated an application error
The error occurred on 11/10/2008 @ 00:46:42.078
The exception generated was c0000005 at address 0091ECC1 (X_GameObjectsMFC!X_Crosshair__update)

Record Number: 142
Source Name: DrWatson
Time Written: 20081110004642.000000-480
Event Type: information
User:

Computer Name: ADMINISTRATOR
Event Code: 1000
Message: Faulting application maxpayne2.exe, version 1.0.97.0, faulting module x_gameobjectsmfc.dll, version 0.0.0.0, fault address 0x0006ecc1.

Record Number: 141
Source Name: Application Error
Time Written: 20081110004639.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
  • 0

#4
chickov
Posted 18 December 2008 - 11:34 PM

chickov

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[[[[ RSIT LOG.TXT ]]]]

Logfile of random's system information tool 1.05 (written by random/random)
Run by User at 2008-12-18 23:51:30
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (4%) free of 38 GB
Total RAM: 501 MB (25% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-10-28 153008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2006-02-10 218632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG8\avgssie.dll [2008-12-18 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2006-02-10 218632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-03-12 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-12 16116224]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-03-12 2879488]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG8\avgtray.exe [2008-12-18 1234712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2008-12-04 2741680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-05-27 547840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2
"usnjsvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-03-12 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Internet Download Manager\IEMonitor.exe"="C:\Program Files\Internet Download Manager\IEMonitor.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\AVG8\avgemc.exe"="C:\Program Files\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG8\avgupd.exe"="C:\Program Files\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-18 23:51:31 ----D---- C:\Program Files\trend micro
2008-12-18 23:51:30 ----D---- C:\rsit
2008-12-18 23:34:23 ----A---- C:\ComboFix.txt
2008-12-18 23:23:28 ----A---- C:\Boot.bak
2008-12-18 23:23:18 ----RASHD---- C:\cmdcons
2008-12-18 23:16:03 ----A---- C:\WINDOWS\zip.exe
2008-12-18 23:16:03 ----A---- C:\WINDOWS\VFIND.exe
2008-12-18 23:16:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-18 23:16:03 ----A---- C:\WINDOWS\SWSC.exe
2008-12-18 23:16:03 ----A---- C:\WINDOWS\SWREG.exe
2008-12-18 23:16:03 ----A---- C:\WINDOWS\sed.exe
2008-12-18 23:16:03 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-18 23:16:03 ----A---- C:\WINDOWS\grep.exe
2008-12-18 23:16:03 ----A---- C:\WINDOWS\fdsv.exe
2008-12-18 23:15:58 ----D---- C:\WINDOWS\ERDNT
2008-12-18 23:15:58 ----D---- C:\Qoobox
2008-12-18 23:15:56 ----D---- C:\ComboFix
2008-12-18 21:00:08 ----A---- C:\WINDOWS\setuplog.txt
2008-12-18 20:57:08 ----D---- C:\Program Files\Common Files\AntiGA 2.0 Addon Tools
2008-12-18 20:50:21 ----A---- C:\WINDOWS\system32\unrar.dll
2008-12-18 20:50:21 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-18 20:50:18 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-12-18 20:50:18 ----A---- C:\WINDOWS\system32\x264vfw.dll
2008-12-18 20:50:18 ----A---- C:\WINDOWS\system32\huffyuv.dll
2008-12-18 20:50:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-18 20:50:17 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-18 20:50:17 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2008-12-18 20:50:17 ----A---- C:\WINDOWS\system32\vp6vfw.dll
2008-12-18 20:50:17 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-12-18 20:50:17 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-18 20:50:16 ----A---- C:\WINDOWS\system32\divx.dll
2008-12-18 20:50:15 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-12-18 20:50:15 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-12-18 20:50:13 ----D---- C:\Program Files\K-Lite Codec Pack
2008-12-18 19:06:47 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-12-18 18:11:58 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-18 18:11:40 ----D---- C:\Program Files\AVG
2008-12-18 07:51:38 ----D---- C:\Documents and Settings\User\Application Data\dvdcss
2008-12-18 03:20:02 ----D---- C:\Documents and Settings\User\Application Data\vlc
2008-12-17 23:12:22 ----D---- C:\WINDOWS\setup.pss
2008-12-17 12:41:43 ----D---- C:\Program Files\Earth
2008-12-15 23:18:46 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-15 10:03:58 ----D---- C:\Program Files\AL-Software
2008-12-15 09:22:55 ----A---- C:\WINDOWS\Power Video Converter.INI
2008-12-15 09:04:07 ----D---- C:\Program Files\Net2Phone
2008-12-15 09:04:06 ----A---- C:\WINDOWS\Net2fone.ini
2008-12-15 08:13:52 ----D---- C:\Program Files\Yahoo!
2008-12-12 23:11:37 ----A---- C:\WINDOWS\system32\gdiplus.dll
2008-12-12 18:17:18 ----D---- C:\Program Files\AVG8
2008-12-11 17:37:16 ----D---- C:\Documents and Settings\User\Application Data\Nero
2008-12-11 17:20:08 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-12-11 17:20:04 ----D---- C:\Program Files\Common Files\Nero
2008-12-11 00:40:48 ----D---- C:\VideoConvert
2008-12-10 23:05:58 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2008-12-10 21:22:10 ----D---- C:\Program Files\Nero
2008-12-08 00:25:10 ----D---- C:\WINDOWS\Sun
2008-12-07 05:16:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-07 03:37:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-07 03:18:55 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-07 03:18:55 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-07 03:18:55 ----A---- C:\WINDOWS\system32\java.exe
2008-12-07 03:18:55 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-07 03:18:34 ----D---- C:\Program Files\Java
2008-12-07 02:22:22 ----D---- C:\Documents and Settings\User\Application Data\Sun
2008-12-07 02:13:16 ----D---- C:\Documents and Settings\User\Application Data\skypePM
2008-12-07 02:12:01 ----D---- C:\Documents and Settings\User\Application Data\Skype
2008-12-07 02:10:52 ----D---- C:\Program Files\Skype
2008-12-07 02:10:52 ----D---- C:\Program Files\Common Files\Skype
2008-12-07 02:10:40 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-12-07 00:03:02 ----D---- C:\WINDOWS\system32\Adobe
2008-12-04 03:42:18 ----A---- C:\WINDOWS\system32\idmmbc.dll
2008-12-02 15:32:31 ----D---- C:\Program Files\VideoLAN
2008-11-27 19:21:16 ----D---- C:\Documents and Settings\User\Application Data\TeamViewer
2008-11-25 02:03:26 ----RSD---- C:\WINDOWS\assembly
2008-11-25 02:02:06 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-25 00:50:15 ----D---- C:\Program Files\Microsoft Visual Studio
2008-11-24 23:34:01 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-24 18:34:42 ----D---- C:\Documents and Settings\User\Application Data\IDM
2008-11-24 18:34:38 ----D---- C:\Program Files\Internet Download Manager
2008-11-24 14:30:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-24 14:27:07 ----D---- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-11-21 17:02:06 ----A---- C:\WINDOWS\AVAideDVDtomkv.ini
2008-11-19 23:22:19 ----D---- C:\Program Files\Total Video Converter
2008-11-19 05:31:00 ----D---- C:\Program Files\NIIT - Test Engine
2008-11-19 05:30:45 ----D---- C:\Program Files\Online Testing Database
2008-11-19 05:28:15 ----A---- C:\WINDOWS\ODBC.INI
2008-11-19 05:27:50 ----D---- C:\Program Files\NIIT - Administration
2008-11-19 05:27:43 ----N---- C:\WINDOWS\Setup1.exe
2008-11-19 05:27:41 ----A---- C:\WINDOWS\ST6UNST.EXE

======List of files/folders modified in the last 1 months======

2008-12-18 23:51:31 ----RD---- C:\Program Files
2008-12-18 23:51:30 ----D---- C:\WINDOWS\Temp
2008-12-18 23:34:59 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 23:34:26 ----D---- C:\WINDOWS\system32\drivers
2008-12-18 23:34:26 ----D---- C:\WINDOWS\system32
2008-12-18 23:34:24 ----D---- C:\WINDOWS
2008-12-18 23:28:32 ----A---- C:\WINDOWS\system.ini
2008-12-18 23:28:29 ----D---- C:\Documents and Settings\User\Application Data\DMCache
2008-12-18 23:26:52 ----D---- C:\WINDOWS\system32\config
2008-12-18 23:25:30 ----D---- C:\WINDOWS\AppPatch
2008-12-18 23:25:30 ----D---- C:\Program Files\Common Files
2008-12-18 23:23:28 ----RASH---- C:\boot.ini
2008-12-18 23:19:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-18 23:03:41 ----HD---- C:\$AVG8.VAULT$
2008-12-18 23:03:28 ----D---- C:\Program Files\MyPhoneExplorer
2008-12-18 21:47:09 ----D---- C:\WINDOWS\system32\oobe
2008-12-18 21:41:48 ----D---- C:\WINDOWS\WinSxS
2008-12-18 21:41:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-18 21:23:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 21:05:06 ----D---- C:\WINDOWS\Prefetch
2008-12-18 18:16:39 ----D---- C:\WINDOWS\Minidump
2008-12-18 18:11:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-18 18:11:36 ----SHD---- C:\WINDOWS\Installer
2008-12-18 18:10:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-18 16:03:40 ----D---- C:\Documents and Settings\User\Application Data\SolidDocuments
2008-12-18 00:25:54 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-18 00:05:22 ----A---- C:\WINDOWS\imsins.BAK
2008-12-17 17:52:24 ----A---- C:\WINDOWS\win.ini
2008-12-17 16:56:06 ----D---- C:\Documents and Settings\User\Application Data\MyPhoneExplorer
2008-12-17 14:34:25 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2008-12-17 11:27:41 ----D---- C:\WINDOWS\pss
2008-12-16 22:04:37 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-15 23:21:17 ----D---- C:\WINDOWS\Debug
2008-12-15 23:20:25 ----HD---- C:\WINDOWS\inf
2008-12-15 08:37:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-13 13:33:05 ----D---- C:\evildead
2008-12-13 11:55:53 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2008-12-11 17:29:34 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 23:05:57 ----RSD---- C:\WINDOWS\Fonts
2008-12-10 15:18:36 ----D---- C:\Program Files\Common Files\Ahead
2008-12-07 03:36:50 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-07 03:36:39 ----D---- C:\Program Files\Windows Media Player
2008-11-27 14:42:22 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 02:02:16 ----D---- C:\WINDOWS\system32\mui
2008-11-25 02:02:16 ----D---- C:\Program Files\Internet Explorer
2008-11-24 11:31:25 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-20 07:12:13 ----SD---- C:\WINDOWS\Tasks
2008-11-19 05:31:14 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-19 05:31:09 ----A---- C:\WINDOWS\ODBCINST.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-18 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-18 26824]
R1 HFCore;HFCore; \??\C:\WINDOWS\system32\drivers\HFCore.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-18 76040]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-12 165760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-12 1181824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-12 4474368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-05-27 96896]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG8\avgemc.exe [2008-12-18 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG8\avgwdsvc.exe [2008-12-18 231704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 ScReadSpool;SolidPDFConverterReadSpool; C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe [2006-02-10 69632]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-11-25 935208]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe []

-----------------EOF-----------------
  • 0

#5
chickov
Posted 19 December 2008 - 02:53 AM

chickov

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Kaspersky Online Scanner Log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 19, 2008 04:54:32
Records in database: 1479562
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 34930
Threat name: 15
Infected objects: 21
Suspicious objects: 0
Duration of the scan: 01:39:12

[codebox]Please note I am using Keygens only for the educational purposes.[/codebox]


File name / Threat name / Threats count
D:\fareed\quick time v6.5\crack\QuickTime_PRO_v6.4_keygen.exe Infected: Virus.Win32.Sality.aa 1
D:\Softwares\Earth-MKV-Converter.exe Infected: Trojan-Downloader.Win32.Injecter.aqx 1
D:\Softwares\Earth-MKV-Converter.exe Infected: Trojan.Win32.Zapchast.os 1
D:\Softwares\Earth-MKV-Converter.exe Infected: Trojan-Downloader.Win32.Injecter.aqr 1
D:\Softwares\HACK\ALL IN ONE HACKER'S N33D Hackman\ALL IN ONE HACKER'S N33D 2006-Hackman(HT).EXE Infected: not-a-virus:NetTool.Win32.BOPing.20 2
D:\Softwares\HACK\ALL IN ONE HACKER'S N33D Hackman\ALL IN ONE HACKER'S N33D 2006-Hackman(HT).EXE Infected: not-a-virus:NetTool.Win32.DDoSPing.200 2
D:\Softwares\HACK\ALL IN ONE HACKER'S N33D Hackman\ALL IN ONE HACKER'S N33D 2006-Hackman(HT).EXE Infected: HackTool.Win32.Flooder.g 1
D:\Softwares\HACK\ALL IN ONE HACKER'S N33D Hackman\ALL IN ONE HACKER'S N33D 2006-Hackman(HT).EXE Infected: not-a-virus:Monitor.Win32.GoldenEye.401 1
D:\Softwares\HACK\ALL IN ONE HACKER'S N33D Hackman\ALL IN ONE HACKER'S N33D 2006-Hackman(HT).EXE Infected: Trojan.Win32.Hooker.j 1
D:\Softwares\HACK\ALL IN ONE HACKER'S N33D Hackman\ALL IN ONE HACKER'S N33D 2006-Hackman(HT).EXE Infected: Trojan-Spy.Win32.SpyAnyTime.a 1
D:\Softwares\HACK\ALL IN ONE HACKER'S N33D Hackman\ALL IN ONE HACKER'S N33D 2006-Hackman(HT).EXE Infected: HackTool.Win32.Agent.ag 5
D:\Softwares\HACK\ALL IN ONE HACKER'S N33D Hackman\ALL IN ONE HACKER'S N33D 2006-Hackman(HT).EXE Infected: HackTool.Win32.WwwHack.a 1
D:\Softwares\HACK\ALL IN ONE HACKER'S N33D Hackman\ALL IN ONE HACKER'S N33D 2006-Hackman(HT).EXE Infected: Flooder.Win32.Agent.ai 1
D:\Softwares\HACK\ALL IN ONE HACKER'S N33D Hackman\ALL IN ONE HACKER'S N33D 2006-Hackman(HT).EXE Infected: DoS.Win32.Agent.e 1
D:\Softwares\HACK\Check First\00.tutorials\2-Reversing + General Byte Patching Tutorials\snd-reversingwithlena-tutorial#32.tutorial.zip Infected: VirTool.Win32.Topo.12 1

The selected area was scanned.
  • 0

#6
chickov
Posted 22 December 2008 - 04:51 AM

chickov

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thankyou .... I have fixed it myself..... :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP