Tech Support Forum - View Single Post - Unwanted popups and malware in the system

jmash · 11-09-2008, 07:05 AM

Hello TSF Team,

I get many unwanted popups and the system has some viruses in it. Suddenly i get some audio turned on automatically. Here is the log.txt as follows:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Cav.Bal at 2008-11-09 14:01:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (13%) free of 38 GB
Total RAM: 502 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:01, on 2008-11-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sie\CAT Bulletin Board\CBBS.exe
c:\window\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ManageSoft\Launcher\mgsdl.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\Program Files\openFT\bin\SECSERV.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\openFT\bin\NEACTRLS.EXE
C:\WINNT\TEMP\NT4C4C.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\inf\svchoct.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Sie\Card API\bin\siecacst.exe
C:\Program Files\OfficeScan NT\Pop3Trap.exe
C:\Program Files\Sie\CAT Bulletin Board\CBB.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\mabidwe.exe
C:\WINNT\system32\soxpeca.exe
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\cavitha.balamurugesa\Desktop\gmer.exe
C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe
C:\Program Files\ManageSoft\Launcher\ndlaunch.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Documents and Settings\cav.bal\Desktop\RSIT.exe
C:\users\Mah\software\Cav.Bal.exe
C:\WINNT\system32\udxfytw.sys

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pacs.erl.sbs.de/sbs.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=mddmproxy.gb001.sie.net:80;https=mddmproxy.gb001.sie.net:80;ftp=mddmproxy.gb001.sie.net:80;gopher=localhost:1;socks=proxy1.sbs.sie.co.uk:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.sitest.net;*.sie.net;*.sie.de;<local>
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\\FaxCtrl.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\Program Files\Ahead\\Nero\NeroCheck.exe
O4 - HKLM\..\Run: [DirXconnect settings] C:\\PROGRA~1\SIE\DIRXDI~1\dxdSetup.exe -silent -dxcsettings
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Java Profiles Fix] C:\Program Files\Java\Profile Fix\Java_Profile.exe
O4 - HKLM\..\Run: [JavaProfileFix2] C:\Program Files\Java\Profile Fix\Java_Profile_2.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Sie\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [Discovery User Input] c:\Discovery\User Input\userin32.exe
O4 - HKLM\..\Run: [JavaProfileFix3] "C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe"
O4 - HKLM\..\Run: [Migrator] "C:\Program Files\CryptoEx\Migrator\Migrator.exe" -StartUp
O4 - HKLM\..\Run: [CryptoExTrayV3] "C:\Program Files\CryptoEx\Common\CexTray.exe" /ShowTrayIcon
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [yt8a] C:\WINNT\system32\yt8a.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [CatUserRun] exec32 /wh /c chgreg5 /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\GetFlash.exe
O4 - HKLM\..\Policies\Explorer\Run: [mainyust] C:\WINNT\system32\inf\svchoct.exe C:\WINNT\wftadfi16_081027a.dll tan16d
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesuk.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.fast4.net/members/
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176402450038
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GB001.sie.net
O17 - HKLM\Software\..\Telephony: DomainName = GB001.sie.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GB001.sie.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = GB001.sie.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = GB001.sie.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: CexTrayWinLogon - C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINNT\system32\afisicx.exe
O23 - Service: CatSystem (CatSystemSvc) - Sie - C:\WINNT\CatPC\CATSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Sie\CAT Bulletin Board\CBBS.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - -C:\WINNT\SYSTEM32\DWRCS.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ipx/ip Service (ipxlauncher) - Unknown owner - c:\window\svchost.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINNT\system32\mabidwe.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ManageSoft Peer-to-Peer Download Service (mgsdl) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\mgsdl.exe
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINNT\system32\noytcyr.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: openFT Server (openFT FTNEA) - Sie Computers - C:\Program Files\openFT\bin\NEACTRLS.EXE
O23 - Service: openFT Security Server - Sie Computers - C:\Program Files\openFT\bin\SECSERV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINNT\system32\roytctm.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINNT\system32\soxpeca.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINNT\system32\spoolsv.exe
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINNT\system32\tdydowkc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
O23 - Service: wsldoekd Service (wsldoekd) - Unknown owner - C:\WINNT\system32\wsldoekd.exe

--
End of file - 11066 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINNT\System32\hkcmd.exe [2003-01-24 114688]
"RightFAX Print-to-Fax Driver"=C:\Program Files\RightFax\\FaxCtrl.exe [2003-07-17 114688]
"Synchronization Manager"=C:\WINNT\system32\mobsync.exe [2004-08-04 143360]
"NeroCheck"=C:\Program Files\Ahead\\Nero\NeroCheck.exe [2001-07-09 155648]
"DirXconnect settings"=C:\\PROGRA~1\SIE\DIRXDI~1\dxdSetup.exe [2000-03-21 106561]
"OfficeScanNT Monitor"=C:\Program Files\OfficeScan NT\pccntmon.exe [2007-01-08 356429]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-09-07 77824]
"Java Profiles Fix"=C:\Program Files\Java\Profile Fix\Java_Profile.exe [2003-04-30 32768]
"JavaProfileFix2"=C:\Program Files\Java\Profile Fix\Java_Profile_2.exe [2004-03-04 36864]
"SIECACST"=C:\Program Files\Sie\Card API\bin\siecacst.exe [2005-02-01 45056]
"Discovery User Input"=c:\Discovery\User Input\userin32.exe [2005-11-10 212992]
"JavaProfileFix3"=C:\Program Files\Java\Profile Fix\JAVA_Fix 3.exe [2005-12-06 53248]
"Migrator"=C:\Program Files\CryptoEx\Migrator\Migrator.exe [2004-10-26 290816]
"CryptoExTrayV3"=C:\Program Files\CryptoEx\Common\CexTray.exe [2005-03-01 909312]
"SchedulingAgent_nDG"=C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe [2006-07-27 1183744]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-03-28 622592]
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-04-10 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2008-01-09 77824]
"KernelFaultCheck"=C:\WINNT\system32\dumprep 0 -k []
"yt8a"=C:\WINNT\system32\yt8a.exe [2008-10-25 68832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"mainyust"=C:\WINNT\system32\inf\svchoct.exe [2004-08-04 33280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-03-27 4670968]
"CatUserRun"=exec32 /wh /c chgreg5 /c []
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2004-08-04 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-29 21755688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINNT\system32\Macromed\Flash\GetFlash.exe [2003-09-04 94208]

C:\Documents and Settings\cav.bal\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CexTrayWinLogon]
C:\Program Files\CryptoEx\Common\CexTrayWinLogon.dll [2005-01-26 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2003-01-24 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConnectHomeDirToRoot"=0
"HideLogonScripts"=0
"EnableProfileQuota"=1
"ProfileQuotaMessage"=You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.
"MaxProfileSize"=10240
"WarnUserTimeout"=15
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disablecad"=0
"dontdisplaylastusername"=1
"legalnoticecaption"=This is the Sie Network.
"legalnoticetext"=This computer is connected to the Sie Network. Please confirm you are an authorised user of this system by clicking on the OK button below to proceed. Otherwise press Ctrl + Alt + Delete.
"RunStartupScriptSync"=1
"MaxGPOScriptWait"=1800

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"Btn_Back"=0
"Btn_Forward"=0
"Btn_Stop"=0
"Btn_Refresh"=0
"Btn_Home"=0
"Btn_Search"=0
"Btn_History"=0
"Btn_Favorites"=0
"Btn_Media"=0
"Btn_Folders"=0
"Btn_Fullscreen"=0
"Btn_Tools"=0
"Btn_MailNews"=0
"Btn_Size"=0
"Btn_Print"=0
"Btn_Edit"=0
"Btn_Discussions"=0
"Btn_Cut"=0
"Btn_Copy"=0
"Btn_Paste"=0
"Btn_Encoding"=0
"Btn_PrintPreview"=0
"NoFavoritesMenu"=0
"NoLogoff"=0
"NoDrives"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinterTabs"=0
"PromptRunasInstallNetPath"=1
"MemCheckBoxInRunDlg"=1
"DisallowCpl"=1
"NoThumbnailCache"=1
"ForceStartMenuLogOff"=1
"NoResolveSearch"=1
"NoResolveTrack"=1
"GreyMSIAds"=1
"NoRecentDocsNetHood"=1
"DisablePersonalDirChange"=1
"NoDesktopCleanupWizard"=1
"NoWelcomeScreen"=1
"NoAutoUpdate"=1
"StartRunNoHOMEPATH"=1
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoDesktop"=0
"NoFind"=0
"NoRun"=0
"NoSetActiveDesktop"=0
"NoWindowsUpdate"=0
"NoFolderOptions"=0
"NoClose"=0
"NoSetFolders"=0
"NoTrayContextMenu"=0
"NoViewContextMenu"=0
"EnforceShellExtensionSecurity"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoPublishingWizard"=
"NoWebServices"=
"NoOnlinePrintsWizard"=
"NoWelcomeScreen"=
"NoMSAppLogo5ChannelNotify"=
"NoDriveAutoRun"=
"NoToolbarCustomize"=
"NoBandCustomize"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINNT\TEMP\down.exe"="C:\WINNT\TEMP\down.exe:*:Enabled:Microsoft Windows Update Platform"
"C:\WINNT\system32\yt8a.exe"="C:\WINNT\system32\yt8a.exe:*:Enabled:Microsoft Windows Update Platform"
"C:\WINNT\system32\1024\SVCHOST.EXE"="C:\WINNT\system32\1024\SVCHOST.EXE:*:Enabled:SVCHOST.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\ypager.exe"="C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit -
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-11-09 12:31:50 ----A---- C:\WINNT\system32\mywfhit.ini.tmp
2008-11-09 12:31:47 ----A---- C:\WINNT\system32\fhattach.dll
2008-11-09 12:31:46 ----SHD---- C:\window
2008-11-09 12:31:43 ----A---- C:\WINNT\system32\IPHACTION.dll
2008-11-09 12:31:38 ----A---- C:\WINNT\system32\IpSvchostF.dll
2008-11-09 12:31:35 ----A---- C:\WINNT\system32\iphy.dll
2008-11-09 12:31:35 ----A---- C:\WINNT\system32\IPHOST.dll
2008-11-09 12:31:35 ----A---- C:\WINNT\system32\fhpatch.dll
2008-11-09 12:31:35 ----A---- C:\WINNT\system32\_proxy.dll
2008-11-06 20:56:16 ----A---- C:\WINNT\dcbdcatys32_081027a.dll
2008-10-30 07:43:16 ----A---- C:\WINNT\wftadfi16_081027a.dll
2008-10-26 08:42:34 ----D---- C:\WINNT\system32\1024
2008-10-25 09:04:51 ----SH---- C:\WINNT\system32\yt8a.exe
2008-10-22 17:02:52 ----AH---- C:\WINNT\system32\adubes.dll
2008-10-21 10:00:22 ----D---- C:\Documents and Settings\cav.bal\Application Data\skypePM
2008-10-21 09:56:00 ----D---- C:\Documents and Settings\cav.bal\Application Data\Skype
2008-10-21 09:55:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-21 09:55:20 ----D---- C:\Program Files\Google
2008-10-21 09:54:55 ----D---- C:\Program Files\Skype
2008-10-21 09:54:54 ----D---- C:\Program Files\Common Files\Skype
2008-10-21 09:54:31 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

======List of files/folders modified in the last 1 months======

2008-11-09 14:01:21 ----AD---- C:\WINNT\system32
2008-11-09 14:00:39 ----D---- C:\WINNT\TEMP
2008-11-09 12:51:58 ----D---- C:\WINNT\Prefetch
2008-11-09 12:48:22 ----D---- C:\WINNT\system32\CatRoot2
2008-11-09 12:48:14 ----A---- C:\WINNT\tawisys.ini
2008-11-09 12:46:47 ----SHD---- C:\WINNT\CSC
2008-11-09 12:40:55 ----SHD---- C:\WINNT\Installer
2008-11-09 12:31:50 ----A---- C:\WINNT\system32\mywfhit.ini
2008-11-09 12:31:37 ----A---- C:\WINNT\system32\svchost.exe
2008-11-06 21:04:37 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2008-11-06 20:56:16 ----D---- C:\WINNT\system32\inf
2008-11-06 20:49:30 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-06 20:48:25 ----D---- C:\Program Files\SpywareBlaster
2008-11-05 21:03:29 ----D---- C:\Program Files\SpywareGuard
2008-11-05 20:56:36 ----SHD---- C:\Config.Msi
2008-10-30 07:43:27 ----D---- C:\WINNT\system
2008-10-26 22:32:15 ----A---- C:\WINNT\ModemLog_Agere Systems AC'97 Modem.txt
2008-10-24 13:47:09 ----AD---- C:\Program Files
2008-10-23 13:53:12 ----D---- C:\WINNT\Help
2008-10-21 13:26:30 ----D---- C:\Documents and Settings\cav.bal\Application Data\Google
2008-10-21 09:54:54 ----AD---- C:\Program Files\Common Files
2008-10-21 09:51:24 ----D---- C:\users
2008-10-10 15:35:52 ----D---- C:\WINNT\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINNT\system32\drivers\AFS2K.sys [2006-03-15 82380]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 irda;IrDA Protocol; C:\WINNT\System32\DRIVERS\irda.sys [2004-08-03 87424]
R2 Stltrk2k;Stltrk2k; C:\WINNT\system32\drivers\Stltrk2k.sys [2002-01-24 13545]
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\OfficeScan NT\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\OfficeScan NT\TmPreFlt.sys []
R2 usbdisk;usbdisk; \??\C:\WINNT\system32\usbdisk.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\OfficeScan NT\VSApiNt.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-02-15 109344]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-02-15 78336]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINNT\system32\drivers\wA301a.sys [2003-02-15 32311]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINNT\System32\DRIVERS\AGRSM.sys [2002-11-22 1157856]
R3 Aldebaran;Aldebaran - SCSI Command Filters; C:\WINNT\System32\Drivers\Aldebaran.sys [2004-02-11 21808]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINNT\System32\DRIVERS\Apfiltr.sys [2002-01-17 56573]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINNT\System32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2003-02-15 89371]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINNT\System32\DRIVERS\ozscr.sys [2004-08-25 92015]
R3 Rasirda;WAN Miniport (IrDA); C:\WINNT\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINNT\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINNT\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINNT\system32\drivers\STAC97.sys [2003-01-17 202480]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver for Windows XP; C:\WINNT\System32\DRIVERS\w70n51.sys [2006-07-13 674560]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINNT\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 gmer;gmer; C:\WINNT\System32\DRIVERS\gmer.sys [2006-01-09 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\System32\DRIVERS\HPZid412.sys [2003-05-14 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\System32\DRIVERS\HPZipr12.sys [2003-05-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\System32\DRIVERS\HPZius12.sys [2003-05-14 21488]
S3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINNT\System32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 U81xbus;LGE U8XXX driver (WDM); C:\WINNT\System32\DRIVERS\U81xbus.sys [2004-08-19 52352]
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter; C:\WINNT\System32\DRIVERS\U81xmdfl.sys [2004-08-19 6064]
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver; C:\WINNT\System32\DRIVERS\U81xmdm.sys [2004-08-19 84480]
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM); C:\WINNT\System32\DRIVERS\U81xmgmt.sys [2004-08-19 77472]
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface; C:\WINNT\System32\DRIVERS\U81xobex.sys [2004-08-19 75456]
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\WINNT\system32\DRIVERS\w800bus.sys [2005-05-24 52384]
S3 w800mdfl;Sony Ericsson W800 USB WMC Modem Filter; C:\WINNT\system32\DRIVERS\w800mdfl.sys [2005-05-24 6096]
S3 w800mdm;Sony Ericsson W800 USB WMC Modem Drivers; C:\WINNT\system32\DRIVERS\w800mdm.sys [2005-05-24 87424]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\WINNT\system32\DRIVERS\w800mgmt.sys [2005-05-24 79216]
S3 w800obex;Sony Ericsson W800 USB WMC OBEX Interface Drivers; C:\WINNT\system32\DRIVERS\w800obex.sys [2005-05-24 77040]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 afisicx;afisicx Service; C:\WINNT\system32\afisicx.exe [2001-08-23 45056]
R2 CBBS;CAT Bulletin Board; C:\Program Files\Sie\CAT Bulletin Board\CBBS.exe [2002-06-20 65536]
R2 ipxlauncher;Ipx/ip Service; c:\window\svchost.exe [2008-11-09 196608]
R2 Irmon;Infrared Monitor; C:\WINNT\System32\svchost.exe [2008-11-09 14336]
R2 mabidwe;mabidwe Service; C:\WINNT\system32\mabidwe.exe [2001-08-23 46592]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 mgsdl;ManageSoft Peer-to-Peer Download Service; C:\Program Files\ManageSoft\Launcher\mgsdl.exe [2006-07-27 1286144]
R2 ndGlobalLauncher;ManageSoft installation agent; C:\Program Files\ManageSoft\Launcher\ndserv.exe [2006-07-27 2539520]
R2 ndinit;ManageSoft managed device; C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe [2006-07-27 655360]
R2 noytcyr;noytcyr Service; C:\WINNT\system32\noytcyr.exe [2001-08-23 46080]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\OfficeScan NT\ntrtscan.exe [2007-01-08 503808]
R2 openFT FTNEA;openFT Server; C:\Program Files\openFT\bin\NEACTRLS.EXE [2002-07-09 253952]
R2 openFT Security Server;openFT Security Server; C:\Program Files\openFT\bin\SECSERV.EXE [2002-07-09 86016]
R2 roytctm;roytctm Service; C:\WINNT\system32\roytctm.exe [2001-08-23 45056]
R2 soxpeca;soxpeca Service; C:\WINNT\system32\soxpeca.exe [2001-08-23 46592]
R2 tdydowkc;tdydowkc Service; C:\WINNT\system32\tdydowkc.exe [2001-08-23 46592]
R2 tmlisten;OfficeScanNT Listener; C:\Program Files\OfficeScan NT\tmlisten.exe [2007-02-06 622680]
R2 wsldoekd;wsldoekd Service; C:\WINNT\system32\wsldoekd.exe [2001-08-23 46080]
S2 CatSystemSvc;CatSystem; C:\WINNT\CatPC\CATSYS\CatSystemSvc.exe [2006-05-02 439808]
S2 seiuctol;Security Control; C:\WINNT\system32\adubes.dll [2008-10-22 15872]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DWMRCS;DameWare Mini Remote Control; -C:\WINNT\SYSTEM32\DWRCS.EXE -service []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2005-08-01 68096]
S3 MsDtsServer;SQL Server Integration Services; C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
S3 msftesql;SQL Server FullText Search (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe [2005-08-26 92880]
S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S3 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S3 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe [2005-10-14 14557912]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\HPZipm12.exe [2003-05-14 65795]
S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 318680]
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 OfcPfwSvc;OfficeScanNT Personal Firewall; C:\Program Files\OfficeScan NT\OfcPfwSvc.exe [2007-01-08 233552]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

-----------------EOF-----------------

I have attached the gmer.txt file along with this post. Unfortunately I lost the info.txt file before I could save it.

Please let me know how I can get back my machine in working status.

Thanks,
jmash

Hello TSF Team,

Here is the info.txt file as attachment.

Thanks,
jmash