Tech Support Forum - View Single Post

thwah · 08-04-2006, 10:50 AM

man oh man you guys r fast. didn't expected to get reply in such a short time. anyway, thank you once again.

My log:

Start Time= 06-08-04 12:40:44.37
Running from: F:\temp\SYSTEM\E-GOR\

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\orutv.bak2
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\drivers\dp.sys

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\msresearch1.dat

((((((((((((((((((((((((((((((( Files Created from 2006-07-04 to 2006-08-04 ))))))))))))))))))))))))))))))))))

2006-07-29 01:46 98,304 C:\WINDOWS\system32\CmdLineExt.dll
2006-07-29 01:31 62,672 C:\WINDOWS\system32\xinput1_1.dll
2006-07-29 01:31 61,136 C:\WINDOWS\system32\xinput9_1_0.dll
2006-07-29 01:31 230,096 C:\WINDOWS\system32\xactengine2_0.dll
2006-07-29 01:31 229,584 C:\WINDOWS\system32\xactengine2_1.dll
2006-07-29 01:31 2,388,176 C:\WINDOWS\system32\d3dx9_30.dll
2006-07-29 01:31 2,332,368 C:\WINDOWS\system32\d3dx9_29.dll
2006-07-29 01:31 2,323,664 C:\WINDOWS\system32\d3dx9_28.dll
2006-07-29 01:31 14,032 C:\WINDOWS\system32\x3daudio1_0.dll
2006-07-25 01:38 65,556 C:\WINDOWS\system32\ytohdngw.exe
2006-07-21 01:36 17,750 C:\WINDOWS\system32\vqbgvgea.exe
2006-07-17 01:53 20,480 C:\WINDOWS\system32\hidserv.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-04 12:39 ------- d-------- C:\Program Files\Mozilla Firefox
2006-08-04 12:31 ------- d-------- C:\Program Files\FlashGet
2006-08-03 17:33 ------- d-------- C:\Program Files\xerox
2006-08-03 16:56 ------- d-------- C:\Program Files\palmOne
2006-08-03 16:51 ------- d-------- C:\Program Files\jv16 PowerTools
2006-08-03 15:16 ------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-07-29 01:46 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-07-29 01:46 ------- d-------- C:\Program Files\D-Tools
2006-07-29 01:21 ------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-25 21:52 ------- d-------- C:\Documents and Settings\E-gor\Application Data\AdobeUM
2006-07-25 01:38 65556 --a------ C:\WINDOWS\system32\ytohdngw.exe
2006-07-24 00:54 ------- d-------- C:\Program Files\ICQ
2006-07-24 00:04 ------- d-------- C:\Program Files\EmpirePokerMaster
2006-07-21 01:36 17750 --a------ C:\WINDOWS\system32\vqbgvgea.exe
2006-07-18 15:58 ------- d-------- C:\Program Files\MSN Messenger
2006-07-18 03:50 ------- d-------- C:\Program Files\TheWeatherNetwork
2006-07-17 01:52 ------- d-------- C:\Program Files\Logitech
2006-07-17 01:52 ------- d-------- C:\Program Files\Common Files\Logitech
2006-07-17 01:52 ------- d-------- C:\Program Files\Common Files
2006-06-25 15:18 ------- d---s---- C:\Documents and Settings\E-gor\Application Data\Microsoft
2006-06-21 04:50 ------- d-------- C:\Documents and Settings\E-gor\Application Data\Azureus
2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-06-15 01:24 ------- d-------- C:\Program Files\Sony ImageStation XPRESS
2006-06-08 23:55 ------- d-------- C:\Program Files\The Weather Channel FW
2006-06-08 23:53 ------- d-------- C:\Program Files\Movie Splitter
2006-06-08 23:52 ------- d--h----- C:\Program Files\Uninstall Information
2006-06-08 23:52 ------- d-------- C:\Program Files\Outlook Express
2006-06-08 23:52 ------- d-------- C:\Program Files\Internet Explorer
2006-06-08 23:52 ------- d-------- C:\Program Files\Common Files\System
2006-06-08 23:52 ------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-06-08 23:51 ------- d-------- C:\Program Files\Microsoft ActiveSync
2006-06-08 23:47 ------- d-------- C:\Program Files\Adobe
2006-05-18 22:27 2508 --a------ C:\Documents and Settings\E-gor\Application Data\$_hpcst$.hpc
2006-05-18 13:00 176167 --a------ C:\WINDOWS\system32\rmoc3260.dll
2006-05-18 12:59 6656 --a------ C:\WINDOWS\system32\pndx5016.dll
2006-05-18 12:59 5632 --a------ C:\WINDOWS\system32\pndx5032.dll
2006-05-18 12:59 278528 --a------ C:\WINDOWS\system32\pncrt.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE USB PC Camera 301P"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"CoolSwitch"="C:\\WINDOWS\\System32\\taskswitch.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"WallpaperChanger"="C:\\Program Files\\Wallpaper Master\\Wallpaper.exe"
"DW4"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoWinKeys"=hex:00,00,00,00
"NoMovingBands"=dword:00000001
"NoDriveAutoRun"=hex:ff,ff,ff,03

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowCpl]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictCpl]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
"backup"="C:\\WINDOWS\\pss\\ATI CATALYST System Tray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ATITEC~1\\ATI.ACE\\CLI.exe SystemTray"
"item"="ATI CATALYST System Tray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTouch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"inimapping"="0"

Contents of the 'Scheduled Tasks' folder

Completion time: Fri 08/04/2006 12:42:55.78
ComboFix ver 06.08.04 - This logfile is located at C:\ComboFix.txt

ComboFix.txt

08-04-2006, 10:50 AM	#3 (permalink)
thwah Registered User Join Date: Oct 2005 Posts: 7 OS: winxp	man oh man you guys r fast. didn't expected to get reply in such a short time. anyway, thank you once again. My log: Start Time= 06-08-04 12:40:44.37 Running from: F:\temp\SYSTEM\E-GOR\ (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\orutv.bak1 C:\WINDOWS\system32\orutv.bak2 C:\WINDOWS\system32\orutv.ini C:\WINDOWS\system32\drivers\dp.sys * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\msresearch1.dat ((((((((((((((((((((((((((((((( Files Created from 2006-07-04 to 2006-08-04 )))))))))))))))))))))))))))))))))) 2006-07-29 01:46 98,304 C:\WINDOWS\system32\CmdLineExt.dll 2006-07-29 01:31 62,672 C:\WINDOWS\system32\xinput1_1.dll 2006-07-29 01:31 61,136 C:\WINDOWS\system32\xinput9_1_0.dll 2006-07-29 01:31 230,096 C:\WINDOWS\system32\xactengine2_0.dll 2006-07-29 01:31 229,584 C:\WINDOWS\system32\xactengine2_1.dll 2006-07-29 01:31 2,388,176 C:\WINDOWS\system32\d3dx9_30.dll 2006-07-29 01:31 2,332,368 C:\WINDOWS\system32\d3dx9_29.dll 2006-07-29 01:31 2,323,664 C:\WINDOWS\system32\d3dx9_28.dll 2006-07-29 01:31 14,032 C:\WINDOWS\system32\x3daudio1_0.dll 2006-07-25 01:38 65,556 C:\WINDOWS\system32\ytohdngw.exe 2006-07-21 01:36 17,750 C:\WINDOWS\system32\vqbgvgea.exe 2006-07-17 01:53 20,480 C:\WINDOWS\system32\hidserv.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-04 12:39 ------- d-------- C:\Program Files\Mozilla Firefox 2006-08-04 12:31 ------- d-------- C:\Program Files\FlashGet 2006-08-03 17:33 ------- d-------- C:\Program Files\xerox 2006-08-03 16:56 ------- d-------- C:\Program Files\palmOne 2006-08-03 16:51 ------- d-------- C:\Program Files\jv16 PowerTools 2006-08-03 15:16 ------- d-------- C:\Program Files\Spybot - Search & Destroy 2006-07-29 01:46 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-07-29 01:46 ------- d-------- C:\Program Files\D-Tools 2006-07-29 01:21 ------- d--h----- C:\Program Files\InstallShield Installation Information 2006-07-25 21:52 ------- d-------- C:\Documents and Settings\E-gor\Application Data\AdobeUM 2006-07-25 01:38 65556 --a------ C:\WINDOWS\system32\ytohdngw.exe 2006-07-24 00:54 ------- d-------- C:\Program Files\ICQ 2006-07-24 00:04 ------- d-------- C:\Program Files\EmpirePokerMaster 2006-07-21 01:36 17750 --a------ C:\WINDOWS\system32\vqbgvgea.exe 2006-07-18 15:58 ------- d-------- C:\Program Files\MSN Messenger 2006-07-18 03:50 ------- d-------- C:\Program Files\TheWeatherNetwork 2006-07-17 01:52 ------- d-------- C:\Program Files\Logitech 2006-07-17 01:52 ------- d-------- C:\Program Files\Common Files\Logitech 2006-07-17 01:52 ------- d-------- C:\Program Files\Common Files 2006-06-25 15:18 ------- d---s---- C:\Documents and Settings\E-gor\Application Data\Microsoft 2006-06-21 04:50 ------- d-------- C:\Documents and Settings\E-gor\Application Data\Azureus 2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-06-15 01:24 ------- d-------- C:\Program Files\Sony ImageStation XPRESS 2006-06-08 23:55 ------- d-------- C:\Program Files\The Weather Channel FW 2006-06-08 23:53 ------- d-------- C:\Program Files\Movie Splitter 2006-06-08 23:52 ------- d--h----- C:\Program Files\Uninstall Information 2006-06-08 23:52 ------- d-------- C:\Program Files\Outlook Express 2006-06-08 23:52 ------- d-------- C:\Program Files\Internet Explorer 2006-06-08 23:52 ------- d-------- C:\Program Files\Common Files\System 2006-06-08 23:52 ------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-06-08 23:51 ------- d-------- C:\Program Files\Microsoft ActiveSync 2006-06-08 23:47 ------- d-------- C:\Program Files\Adobe 2006-05-18 22:27 2508 --a------ C:\Documents and Settings\E-gor\Application Data\$_hpcst$.hpc 2006-05-18 13:00 176167 --a------ C:\WINDOWS\system32\rmoc3260.dll 2006-05-18 12:59 6656 --a------ C:\WINDOWS\system32\pndx5016.dll 2006-05-18 12:59 5632 --a------ C:\WINDOWS\system32\pndx5032.dll 2006-05-18 12:59 278528 --a------ C:\WINDOWS\system32\pncrt.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "BigDogPath"="C:\\WINDOWS\\VM_STI.EXE USB PC Camera 301P" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "CoolSwitch"="C:\\WINDOWS\\System32\\taskswitch.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "WallpaperChanger"="C:\\Program Files\\Wallpaper Master\\Wallpaper.exe" "DW4"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoLowDiskSpaceChecks"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoDrives"=dword:00000000 "NoViewOnDrive"=dword:00000000 "NoWinKeys"=hex:00,00,00,00 "NoMovingBands"=dword:00000001 "NoDriveAutoRun"=hex:ff,ff,ff,03 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowCpl] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictCpl] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk] "backup"="C:\\WINDOWS\\pss\\ATI CATALYST System Tray.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\ATITEC~1\\ATI.ACE\\CLI.exe SystemTray" "item"="ATI CATALYST System Tray" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTouch" "hkey"="HKLM" "command"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe" "inimapping"="0" Contents of the 'Scheduled Tasks' folder Completion time: Fri 08/04/2006 12:42:55.78 ComboFix ver 06.08.04 - This logfile is located at C:\ComboFix.txt ComboFix.txt