Thread: Can not run explorer.exe
View Single Post
Old 08-13-2007, 08:44 PM   #6 (permalink)
sohil
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Hi Ried,

I am sory foa late reply as I was out on business trip. YOu are correct that there are still many viruses and spyware and malware. I have cary out your all instructions and log report are as follow.

ComboFix.txt

ComboFix 07-07-31 - "Sohil Patel" 2007-08-11 2:19:03.2 [GMT 1:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Sohil Patel\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\microsoft\pctools
C:\Program Files\Common Files\cpush
C:\Program Files\Internet Explorer\IEXPLORE32.jmp
C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Jmp
C:\Program Files\OCINS\austr.dll
C:\Program Files\OCINS\cndsv.dll
C:\Program Files\OCINS\cnprovh.dll
C:\Program Files\OCINS\cnstc.ini
C:\Program Files\OCINS\config.exe
C:\Program Files\OCINS\convf.dll
C:\Program Files\OCINS\convs.dll
C:\Program Files\OCINS\ctrcfg.ini
C:\Program Files\OCINS\cuscfg.dat
C:\Program Files\OCINS\idnaux.dat
C:\Program Files\OCINS\idnsvr.dll
C:\Program Files\OCINS\idnsvr.exe
C:\Program Files\OCINS\ieaux.dll
C:\Program Files\OCINS\kwacs.dat
C:\Program Files\OCINS\kwrep.dat
C:\Program Files\OCINS\srchsp.dll
C:\Program Files\OCINS\uninstall.exe
C:\Program Files\OCINS\update\austr.dll
C:\Program Files\OCINS\update\data2.cab
C:\Program Files\OCINS\update\update.exe
C:\Program Files\OCINS\update\version.dat
C:\Program Files\OCINS\usrcfg.ini
C:\Program Files\OCINS\version.dat
C:\WINDOWS\system\dvl
C:\WINDOWS\system\lvl
C:\WINDOWS\system32\1.exe
C:\WINDOWS\system32\2.exe
C:\WINDOWS\system32\4.exe
C:\WINDOWS\system32\5.exe
C:\WINDOWS\system32\6.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\ckcuao83.dll
C:\WINDOWS\system32\cnprov.dat
C:\WINDOWS\system32\cwebpage.dll
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\cnprov.sys
C:\WINDOWS\system32\drivers\faatgq19.sys
C:\WINDOWS\system32\drivers\idnaux.sys
C:\WINDOWS\system32\drivers\iokilps.sys
C:\WINDOWS\system32\faatgq19.dll
C:\WINDOWS\system32\g.exe
C:\WINDOWS\system32\idnreg.dll
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\msdebug.dll
C:\WINDOWS\system32\SysTdSvr.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\windhcp.ocx
C:\WINDOWS\temp\~my1.tmp
C:\WINDOWS\upxdnd.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ACPIDISK
-------\LEGACY_CELINDRV
-------\LEGACY_CKCUAO83
-------\LEGACY_CNPROV
-------\LEGACY_FAATGQ19
-------\LEGACY_IOKILPS
-------\LEGACY_WINDHCPSVC
-------\acpidisk
-------\ckcuao83
-------\cnprov
-------\faatgq19
-------\idnaux
-------\iokilps
-------\MSDebugsvc
-------\WinDHCPsvc


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 01:01 22,016 --a------ C:\WINDOWS\system32\lihawa.dll
2007-08-11 01:01 21,504 --a------ C:\WINDOWS\system32\tszhyp.dll
2007-08-10 10:56 22,016 --a------ C:\WINDOWS\system32\xsfshj.dll
2007-08-10 10:56 21,504 --a------ C:\WINDOWS\system32\rwmvok.dll
2007-08-10 08:14 73,728 --a------ C:\WINDOWS\system32\kilb.dll
2007-08-09 05:50 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-09 05:27 332 --a------ C:\NTDETECT.EXE
2007-08-09 05:27 18,432 ---hs---- C:\WINDOWS\system32\servet.exe
2007-08-09 04:59 22,016 --a------ C:\WINDOWS\system32\mpyhku.dll
2007-08-09 00:55 22,016 --a------ C:\WINDOWS\system32\ijefvh.dll
2007-08-09 00:55 21,504 --a------ C:\WINDOWS\system32\vuemoe.dll
2007-08-07 13:03 5,767,168 --a------ C:\DOCUME~1\SOHILP~1\ntuser.dat
2007-08-07 00:54 21,504 --a------ C:\WINDOWS\system32\gflyga.dll
2007-08-06 11:18 22,016 --a------ C:\WINDOWS\system32\ldbpgc.dll
2007-08-06 11:18 21,504 --a------ C:\WINDOWS\system32\dekugb.dll
2007-08-06 04:26 28,672 --a------ C:\WINDOWS\TIMHost.exe
2007-08-06 04:26 21,504 --a------ C:\WINDOWS\system32\TIMHost.dll
2007-08-03 06:18 <DIR> d-------- C:\Program Files\Morovia
2007-08-03 06:18 <DIR> d-------- C:\Program Files\Common Files\Morovia
2007-07-30 05:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-28 11:38 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-28 11:18 <DIR> d-------- C:\WINDOWS\dell
2007-07-28 10:31 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-07-28 10:31 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-07-28 07:30 <DIR> d-------- C:\WINDOWS\setup.pss
2007-07-27 07:32 172,644 --a------ C:\WINDOWS\system32\drivers\mxdispdr.sys
2007-07-27 06:32 <DIR> d-------- C:\Temp
2007-07-27 06:29 99,328 --a------ C:\WINDOWS\system32\winscard.dll
2007-07-27 06:29 984,576 --a------ C:\WINDOWS\system32\syssetup.dll
2007-07-27 06:29 98,304 --a------ C:\WINDOWS\system32\verifier.exe
2007-07-27 06:29 96,768 --a------ C:\WINDOWS\system32\srvsvc.dll
2007-07-27 06:29 940,544 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-07-27 06:29 94,784 --a------ C:\WINDOWS\twain.dll
2007-07-27 06:29 937,984 --a------ C:\WINDOWS\system32\winbrand.dll
2007-07-27 06:29 92,672 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-07-27 06:29 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-07-27 06:29 90,624 --a------ C:\WINDOWS\system32\trkwks.dll
2007-07-27 06:29 9,728 --a------ C:\WINDOWS\system32\sprestrt.exe
2007-07-27 06:29 9,344 --a------ C:\WINDOWS\system32\vga.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\wshatm.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\winfax.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\wifeman.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\subst.exe
2007-07-27 06:29 9,008 --a------ C:\WINDOWS\system32\ver.dll
2007-07-27 06:29 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-07-27 06:29 895,736 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-07-27 06:29 86,016 --a------ C:\WINDOWS\system32\wmpshell.dll
2007-07-27 06:29 858,624 --a------ C:\WINDOWS\system32\tapi3.dll
2007-07-27 06:29 82,944 --a------ C:\WINDOWS\system32\ws2_32.dll
2007-07-27 06:29 82,432 --a------ C:\WINDOWS\system32\ufat.dll
2007-07-27 06:29 81,408 --a------ C:\WINDOWS\system32\wscsvc.dll
2007-07-27 06:29 8,192 --a------ C:\WINDOWS\system32\winhlp32.exe
2007-07-27 06:29 79,744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2007-07-27 06:29 78,848 --a------ C:\WINDOWS\system32\tapiui.dll
2007-07-27 06:29 774,904 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-07-27 06:29 764,928 --a------ C:\WINDOWS\system32\winntbbu.dll
2007-07-27 06:29 75,776 --a------ C:\WINDOWS\system32\wiascr.dll
2007-07-27 06:29 75,776 --a------ C:\WINDOWS\system32\strmfilt.dll
2007-07-27 06:29 75,264 --a------ C:\WINDOWS\system32\telnet.exe
2007-07-27 06:29 74,752 --a------ C:\WINDOWS\system32\spoolss.dll
2007-07-27 06:29 74,240 --a------ C:\WINDOWS\system32\unimdmat.dll
2007-07-27 06:29 723,456 --a------ C:\WINDOWS\system32\userenv.dll
2007-07-27 06:29 716,288 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-07-27 06:29 713,216 --a------ C:\WINDOWS\system32\sxs.dll
2007-07-27 06:29 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2007-07-27 06:29 704,512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-07-27 06:29 7,680 --a------ C:\WINDOWS\system32\vcdex.dll
2007-07-27 06:29 7,168 --a------ C:\WINDOWS\system32\wshnetbs.dll
2007-07-27 06:29 679,936 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-07-27 06:29 67,584 --a------ C:\WINDOWS\system32\webclnt.dll
2007-07-27 06:29 67,584 --a------ C:\WINDOWS\system32\sti.dll
2007-07-27 06:29 66,176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2007-07-27 06:29 65,536 --a------ C:\WINDOWS\system32\wshext.dll
2007-07-27 06:29 65,536 --a------ C:\WINDOWS\system32\wextract.exe
2007-07-27 06:29 610,304 --a------ C:\WINDOWS\system32\sspipes.scr
2007-07-27 06:29 6,144 --a------ C:\WINDOWS\system32\svcpack.dll
2007-07-27 06:29 589,312 --a------ C:\WINDOWS\system32\wiashext.dll
2007-07-27 06:29 577,024 --a------ C:\WINDOWS\system32\user32.dll
2007-07-27 06:29 57,856 --a------ C:\WINDOWS\system32\synceng.dll
2007-07-27 06:29 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-07-27 06:29 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-07-27 06:29 53,760 --a------ C:\WINDOWS\system32\winsta.dll
2007-07-27 06:29 52,352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2007-07-27 06:29 52,224 --a------ C:\WINDOWS\system32\tsappcmp.dll
2007-07-27 06:29 51,712 --a------ C:\WINDOWS\system32\vdmredir.dll
2007-07-27 06:29 51,456 --a------ C:\WINDOWS\system32\vga256.dll
2007-07-27 06:29 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-07-27 06:29 51,200 --a------ C:\WINDOWS\system32\syncapp.exe
2007-07-27 06:29 502,272 --a------ C:\WINDOWS\system32\winlogon.exe
2007-07-27 06:29 50,688 --a------ C:\WINDOWS\twain_32.dll
2007-07-27 06:29 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-07-27 06:29 50,176 --a------ C:\WINDOWS\system32\xmlprovi.dll
2007-07-27 06:29 50,176 --a------ C:\WINDOWS\system32\utilman.exe
2007-07-27 06:29 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2007-07-27 06:29 5,632 --a------ C:\WINDOWS\system32\winver.exe
2007-07-27 06:29 5,632 --a------ C:\WINDOWS\system32\tapiperf.dll
2007-07-27 06:29 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2007-07-27 06:29 5,120 --a------ C:\WINDOWS\system32\winnls.dll
2007-07-27 06:29 49,680 --a------ C:\WINDOWS\twunk_16.exe
2007-07-27 06:29 49,664 --a------ C:\WINDOWS\system32\w32tm.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-03 06:33 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 06:33 --------- d--h----- C:\Program Files\Dell
2007-07-28 11:27 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-28 07:30 --------- d-------- C:\Program Files\SnadBoy's Revelation v2
2007-07-27 06:29 183296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-07-27 06:29 165888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-07-27 06:29 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-07-27 06:28 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-07-27 06:28 80128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2007-07-27 06:28 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-07-27 06:28 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-27 06:28 63744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2007-07-27 06:28 61824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2007-07-27 06:28 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-07-27 06:28 60800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2007-07-27 06:28 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-27 06:28 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-07-27 06:28 52224 --a------ C:\WINDOWS\system32\dmutil.dll
2007-07-27 06:28 51712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-07-27 06:28 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-07-27 06:28 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-07-27 06:28 47616 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-07-27 06:28 47104 --a------ C:\WINDOWS\system32\cnbjmon.dll
2007-07-27 06:28 46464 --a------ C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-07-27 06:28 44672 --a------ C:\WINDOWS\system32\drivers\uagp35.sys
2007-07-27 06:28 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-07-27 06:28 42496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2007-07-27 06:28 37376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-07-27 06:28 36992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2007-07-27 06:28 36480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2007-07-27 06:28 359936 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-07-27 06:28 35328 --a------ C:\WINDOWS\system32\pid.dll
2007-07-27 06:28 35328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2007-07-27 06:28 31744 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2007-07-27 06:28 30080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2007-07-27 06:28 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-07-27 06:28 25472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2007-07-27 06:28 23040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-07-27 06:28 20992 --a------ C:\WINDOWS\system32\hid.dll
2007-07-27 06:28 17408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-07-27 06:28 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-07-27 06:28 16000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2007-07-27 06:28 15488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2007-07-27 06:28 15360 --a------ C:\WINDOWS\system32\pjlmon.dll
2007-07-27 06:28 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-27 06:28 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-07-27 06:28 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-07-27 06:28 14080 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys
2007-07-27 06:28 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-07-27 06:28 12928 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2007-07-27 06:28 12416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-07-27 06:28 10880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-07-27 06:27 949248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-07-27 06:27 90112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-07-27 06:27 678400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-07-27 06:27 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-07-27 06:27 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-07-27 06:27 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-07-27 06:26 9344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-07-27 06:26 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-27 06:26 86073 --a------ C:\WINDOWS\system32\usrfaxa.dll
2007-07-27 06:26 8192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-07-27 06:26 8192 --a------ C:\WINDOWS\system32\streamci.dll
2007-07-27 06:26 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-27 06:26 77891 --a------ C:\WINDOWS\system32\usrmlnka.exe
2007-07-27 06:26 77890 --a------ C:\WINDOWS\system32\usrdpa.dll
2007-07-27 06:26 77883 --a------ C:\WINDOWS\system32\usrrtosa.dll
2007-07-27 06:26 72192 --a------ C:\WINDOWS\system32\sprio800.dll
2007-07-27 06:26 70656 --a------ C:\WINDOWS\system32\sprio600.dll
2007-07-27 06:26 69700 --a------ C:\WINDOWS\system32\usrshuta.exe
2007-07-27 06:26 69699 --a------ C:\WINDOWS\system32\usrcoina.dll
2007-07-27 06:26 69632 --a------ C:\WINDOWS\system32\spnike.dll
2007-07-27 06:26 646 --a------ C:\WINDOWS\system32\drivers\gmreadme.txt
2007-07-27 06:26 61508 --a------ C:\WINDOWS\system32\usrprbda.exe
2007-07-27 06:26 61500 --a------ C:\WINDOWS\system32\usrcntra.dll
2007-07-27 06:26 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-27 06:26 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-27 06:26 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-27 06:26 58112 --a------ C:\WINDOWS\system32\drivers\vdmindvd.sys
2007-07-27 06:26 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-27 06:26 55296 --a------ C:\WINDOWS\system32\dvdplay.exe
2007-07-27 06:26 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-07-27 06:26 53305 --a------ C:\WINDOWS\system32\usrlbva.dll
2007-07-27 06:26 51712 --a------ C:\WINDOWS\system32\drivers\tosdvd.sys
2007-07-27 06:26 4992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2007-07-27 06:26 49211 --a------ C:\WINDOWS\system32\usrvpa.dll
2007-07-27 06:26 49211 --a------ C:\WINDOWS\system32\usrsdpia.dll
2007-07-27 06:26 49209 --a------ C:\WINDOWS\system32\usrv80a.dll
2007-07-27 06:26 45116 --a------ C:\WINDOWS\system32\usrvoica.dll
2007-07-27 06:26 41019 --a------ C:\WINDOWS\system32\usrsvpia.dll
2007-07-27 06:26 345088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-07-27 06:26 3440660 --a------ C:\WINDOWS\system32\drivers\gm.dls
2007-07-27 06:26 323641 --a------ C:\WINDOWS\system32\usrdtea.dll
2007-07-27 06:26 3200 --a------ C:\WINDOWS\system32\wowfax.dll
2007-07-27 06:26 262528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys
2007-07-27 06:26 23936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-07-27 06:26 23808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys
2007-07-27 06:26 22528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-07-27 06:26 21376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-07-27 06:26 18688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2006-10-12 03:09:39 94,208 --sha-w C:\WINDOWS\system32\SalaatTime.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F70231A8-C197-496B-A3E5-CF62FB5C246C}]
2007-07-27 15:05 441344 --a------ C:\PROGRA~1\bho\DIEMON~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 12:26]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 06:25 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-25 02:59]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-29 11:41]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 10:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"psajvbfe"="D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 17:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 06:25]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"QQ Game"="C:\Program Files\Tencent\QQ\QQGame.exe" []
"QQ3DShow"="C:\Program Files\Tencent\QQ\QQ3DShow.exe" []

C:\Documents and Settings\Sohil Patel\Start Menu\Programs\Startup\
Camsplitter.lnk - C:\Program Files\CamSplitter\camsplitter.exe [2006-11-05 06:51:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-12-07 00:33:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{014A26F5-FBAD-4549-9CA1-C38210704BD1}"= C:\Program Files\Common Files\Microsoft Shared\MSINFO\System16.ins [2007-08-06 04:25 27634]
"{C5E87A05-F463-4841-B19E-DD3EC3862368}"= C:\Program Files\Internet Explorer\IEXPLORE32.Sys [2007-08-11 01:37 30344]
"{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}"= C:\Program Files\Internet Explorer\IEXPLORE32.win [2007-08-11 01:37 28790]
"{EE12D60D-AD9A-4095-B839-3BE6862679FD}"= C:\Program Files\Internet Explorer\IEXPLORE32.Dat [2007-08-11 01:37 35481]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys
R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.SYS
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 dsunidrv;DellSupport UniDriver;C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
R2 mxdispdr;mxdispdr;\??\C:\WINDOWS\system32\drivers\mxdispdr.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 DSproct;DSproct;\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S2 acvrsthe;zxcgjmkxvb;C:\WINDOWS\system32\5.exe
S2 gu127ji5h;gu127ji5h;\??\C:\WINDOWS\system32\drivers\gu127ji5h.sys
S2 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe -netsvcs
S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
S2 vsadfg;avrthy;C:\WINDOWS\system32\4.exe
S2 WindowsDown;Applic ato;C:\WINDOWS\system32\servet.exe
S3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
S3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys
S3 BthEnum;Bluetooth Enumerator Service;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
S3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 npkycryp;npkycryp;\??\C:\Program Files\Tencent\QQ\npkycryp.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys
S3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys
S3 VPCNetS2;Virtual PC Emulated Ethernet Switch;C:\WINDOWS\system32\DRIVERS\VPCNetS2.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
S3 ZSMC0305;VIMICRO USB PC Camera VC0305;C:\WINDOWS\system32\Drivers\usbVM305.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 02:29:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Il\16\x178\x20ac{\xd1\x17e\xd8S ?(?T?r?u?e?T?y?p?e?)?"="HDZB_35.TTF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000071

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 2:32:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 02:31
C:\ComboFix2.txt ... 2007-08-08 02:05
C:\ComboFix3.txt ... 2007-07-30 05:52

--- E O F ---
Panda result


Incident Status Location

Adware:adware/keenvalue Not disinfected c:\program files\bho
Adware:adware/ist.istbar Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch
Virus:Generic Malware Disinfected C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@adrevolver[4].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@advertising[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@anm.co[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@bravenet[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@bs.serving-sys[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@cgi-bin[14].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@cgi-bin[7].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@cgi-bin[8].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@drivecleaner[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@go[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@hc2.humanclick[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@i.screensavers[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@landing.domainsponsor[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@maxserving[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@seeq[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@serving-sys[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@tickle[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@tucows[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@web.tickle[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@winfixer[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@www.drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@www.errorsafe[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@xmts[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Sohil Patel\Desktop\ComboFix.exe[nircmd.exe]
Virus:Trj/Lineage.BIA Disinfected C:\Documents and Settings\Sohil Patel\Local Settings\Temp\ck3.jpg.exe
Possible Virus. Not disinfected C:\Documents and Settings\Sohil Patel\Local Settings\Temp\qq.exe
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\XinBao\Cookies\xinbao@adrevolver[3].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\XinBao\Cookies\xinbao@maxserving[2].txt
Potentially unwanted tool:Application/FunWeb Not disinfected C:\music\indi\MyFunCardsFWBInitialSetup1.0.0.15-3.exe
Virus:Trj/Lineage.BIA Disinfected C:\Program Files\Internet Explorer\IEXPLORE32.jmp
Possible Virus. Not disinfected C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Jmp
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\PCTools\pctools.dll.vir
Virus:Trj/Lineage.BIA Disinfected C:\QooBox\Quarantine\C\Program Files\Internet Explorer\IEXPLORE32.jmp.vir
Possible Virus. Not disinfected C:\QooBox\Quarantine\C\Program Files\Internet Explorer\PLUGINS\SysWin64.Jmp.vir
Adware:Adware/BaiduBar Not disinfected C:\QooBox\Quarantine\C\WINDOWS\QQIEHelper.dll.vir
Virus:Bck/Galapoper.LQ Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\4.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\5.exe.vir
Adware:Adware/Borlander Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ad_2238.exe.vir
Adware:Adware/Borlander Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ad_2286.exe.vir[Insshell.exe]
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\idnaux.sys.vir
Possible Virus. Not disinfected C:\QooBox\Quarantine\C\WINDOWS\upxdnd.exe.vir
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\catchme2007-08-11_ 22925.59.zip[cndsv.dll]
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\catchme2007-08-11_ 22925.59.zip[cnprovh.dll]
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\catchme2007-08-11_ 22925.59.zip[convs.dll]
Virus:Trj/Downloader.PUP Disinfected C:\quarantine\1[1].exe.Vir
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c.exe.Vir
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c.exe.Vir.0
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c.exe.Vir.1
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir.0
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir.1
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir.2
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir.3
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir.4
Virus:Trj/Downloader.PUP Disinfected C:\quarantine\sys332.exe.Vir
Virus:Generic Malware Disinfected C:\software\RevelationV2\SetupRevelationV2.exe
Virus:Generic Malware Disinfected C:\software\RevelationV2.zip[SetupRevelationV2.exe]
Virus:Trj/Downloader.PTV Disinfected C:\software\vip.exe.dap
Adware:Adware/AdHelper.B Not disinfected C:\WINDOWS\10d001.exe[netdde32.exe]
Virus:Generic Trojan Not disinfected C:\WINDOWS\10d001.exe[d03.exe][cpush.tmp]
Virus:Generic Trojan Not disinfected C:\WINDOWS\d04.exe[cpush.tmp]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Virus:Generic Trojan Not disinfected C:\WINDOWS\system32\d03.exe[cpush.tmp]
Virus:Trj/QQPass.AGU Disinfected C:\WINDOWS\system32\rjbvikmipcugx.dll
Virus:Trj/Downloader.PTV Disinfected C:\WINDOWS\system32\servet.exe
Virus:Generic Trojan Not disinfected C:\WINDOWS\Temp\1F813859.exe[cpush.tmp]
Possible Virus. Not disinfected E:\AutoRun.exe
HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 05:02:58, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CamSplitter\camsplitter.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\software\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F70231A8-C197-496B-A3E5-CF62FB5C246C} - C:\PROGRA~1\bho\DIEMON~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [psajvbfe] D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\RunOnce: [CPushSetup] "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Common Files\CPUSH\cpush.dll"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [QQ Game] C:\Program Files\Tencent\QQ\QQGame.exe
O4 - HKCU\..\Run: [QQ3DShow] C:\Program Files\Tencent\QQ\QQ3DShow.exe
O4 - Startup: Camsplitter.lnk = C:\Program Files\CamSplitter\camsplitter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ÓÃQQ²ÊÐÅ•¢Ë͸ÃͼƬ - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: zxcgjmkxvb (acvrsthe) - Unknown owner - C:\WINDOWS\system32\5.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: avrthy (vsadfg) - Unknown owner - C:\WINDOWS\system32\4.exe (file missing)
O23 - Service: Applic ato (WindowsDown) - Unknown owner - C:\WINDOWS\system32\servet.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

During activescan, I was coneected to internet and once scanning was sttoped automatically. Second time I disconeected and scanning was perfomed fully.

Also there are so many hidden filies on C drive with extension .sqm. Can I delete those files?

THanking you very much for your kind help and time.

Regards
Sohil
sohil is offline