Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Can not run explorer.exe
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 07-29-2007, 10:35 PM   #1 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Can not run explorer.exe
Hi Guys,

My laptop is not able to run explorer.exe. There is no icon on desktop and no taskbar. I can run all application through task manager.

I have try recovery option, sfc/scannow and also replaced explorer.exe but no result. I have also reinstalled OS. When I try to run explorer.exe through task manager it gives me error message indiacte that no such file found.

System configuration is as follow.

Dell inspiron 6000
Intel centrino.
Windows XP home edition with sp2
512 MB RAM.
60GB Harddisk.

I used HiJackthis and log file is as follow.

Logfile of HijackThis v1.99.1
Scan saved at 04:26:36, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: ÌÚѶQQ - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\WINDOWS\QQIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C74CDF30-68C2-49B4-9918-EBD66B8D9FBF} - C:\WINDOWS\system32\vwjwnvnxe.dll
O2 - BHO: (no name) - {F70231A8-C197-496B-A3E5-CF62FB5C246C} - C:\PROGRA~1\bho\DIEMON~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SmCtrlDrv] "C:\WINDOWS\system32\Rundll32.exe" C:\WINDOWS\system32\cdnprh.dll Start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\RunOnce: [sbdfc6x0cg] %systemroot%\system32\Rundll32.exe %systemroot%\system32\sbdfc6x0cg.dll,DllUnregisterServer
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [dbrj] C:\WINDOWS\system32\drivers\iExplorer.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [QQ Game] C:\Program Files\Tencent\QQ\QQGame.exe
O4 - HKCU\..\Run: [QQ3DShow] C:\Program Files\Tencent\QQ\QQ3DShow.exe
O4 - Startup: Camsplitter.lnk = C:\Program Files\CamSplitter\camsplitter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ÓÃQQ²ÊÐÅ•¢Ë͸ÃͼƬ - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Plz help me to recover from this problem.

Thanx in advance for your presious time.

Sohil
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-30-2007, 04:56 PM   #2 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Plz help me....
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-30-2007, 08:57 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,008
OS: WinXP and Vista


Re: Can not run explorer.exe
Hello sohil and welcome to TSF,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open your Task Manager and browse to combofix.exe to run it. Simply follow the prompts given by the tool.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-30-2007, 11:10 PM   #4 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Hi Ried,

Thanx lot for your suggetion. I run combofix and explorer.exe is working now.

All icons are back and can use taskbar as well but perfomance is slow down.

Following is log file of combofix

ComboFix 07-07-31 - "Sohil Patel" 2007-07-30 5:36:45.1 [GMT 1:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\microsoft\pctools
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\microsoft\pctools\pctools.dll
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo\~lu.dat
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo\AdList
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo\adsend
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo\adshow.dat
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo\GetADParameter
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo\GetAdType
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo\pluglist.xml
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo\RelateKey
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo\ThirdSoftInfo2
C:\DOCUME~1\SOHILP~1\APPLIC~1.\cuckoo\windows2.log
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\OCINS
C:\Program Files\OCINS\idnsvr.dll
C:\Program Files\OCINS\ieaux.dll
C:\Program Files\OCINS\uninstall.exe
C:\Program Files\OCINS\usrcfg.ini
C:\setup.exe
C:\WINDOWS\KB611311.log
C:\WINDOWS\qqiehelper.dll
C:\WINDOWS\system32\ad_2238.exe
C:\WINDOWS\system32\ad_2286.exe
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\dodolook388.exe
C:\WINDOWS\system32\drivers\775af.sys
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\iexplorer.exe
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\temp\~my1.tmp


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_775AF
-------\LEGACY_ACPIDISK
-------\LEGACY_CNPROV
-------\775af
-------\acpidisk


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))


2007-07-30 05:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-28 11:38 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-28 11:18 <DIR> d-------- C:\WINDOWS\dell
2007-07-28 10:31 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-07-28 10:31 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-07-28 07:30 <DIR> d-------- C:\WINDOWS\setup.pss
2007-07-27 07:32 172,644 --a------ C:\WINDOWS\system32\drivers\mxdispdr.sys
2007-07-27 06:32 <DIR> d-------- C:\Temp
2007-07-27 06:29 99,328 --a------ C:\WINDOWS\system32\winscard.dll
2007-07-27 06:29 984,576 --a------ C:\WINDOWS\system32\syssetup.dll
2007-07-27 06:29 98,304 --a------ C:\WINDOWS\system32\verifier.exe
2007-07-27 06:29 96,768 --a------ C:\WINDOWS\system32\srvsvc.dll
2007-07-27 06:29 940,544 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-07-27 06:29 94,784 --a------ C:\WINDOWS\twain.dll
2007-07-27 06:29 937,984 --a------ C:\WINDOWS\system32\winbrand.dll
2007-07-27 06:29 92,672 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-07-27 06:29 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-07-27 06:29 90,624 --a------ C:\WINDOWS\system32\trkwks.dll
2007-07-27 06:29 9,728 --a------ C:\WINDOWS\system32\sprestrt.exe
2007-07-27 06:29 9,344 --a------ C:\WINDOWS\system32\vga.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\wshatm.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\winfax.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\wifeman.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\subst.exe
2007-07-27 06:29 9,008 --a------ C:\WINDOWS\system32\ver.dll
2007-07-27 06:29 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-07-27 06:29 895,736 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-07-27 06:29 86,016 --a------ C:\WINDOWS\system32\wmpshell.dll
2007-07-27 06:29 858,624 --a------ C:\WINDOWS\system32\tapi3.dll
2007-07-27 06:29 82,944 --a------ C:\WINDOWS\system32\ws2_32.dll
2007-07-27 06:29 82,432 --a------ C:\WINDOWS\system32\ufat.dll
2007-07-27 06:29 81,408 --a------ C:\WINDOWS\system32\wscsvc.dll
2007-07-27 06:29 8,192 --a------ C:\WINDOWS\system32\winhlp32.exe
2007-07-27 06:29 79,744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2007-07-27 06:29 78,848 --a------ C:\WINDOWS\system32\tapiui.dll
2007-07-27 06:29 774,904 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-07-27 06:29 764,928 --a------ C:\WINDOWS\system32\winntbbu.dll
2007-07-27 06:29 75,776 --a------ C:\WINDOWS\system32\wiascr.dll
2007-07-27 06:29 75,776 --a------ C:\WINDOWS\system32\strmfilt.dll
2007-07-27 06:29 75,264 --a------ C:\WINDOWS\system32\telnet.exe
2007-07-27 06:29 74,752 --a------ C:\WINDOWS\system32\spoolss.dll
2007-07-27 06:29 74,240 --a------ C:\WINDOWS\system32\unimdmat.dll
2007-07-27 06:29 723,456 --a------ C:\WINDOWS\system32\userenv.dll
2007-07-27 06:29 716,288 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-07-27 06:29 713,216 --a------ C:\WINDOWS\system32\sxs.dll
2007-07-27 06:29 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2007-07-27 06:29 704,512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-07-27 06:29 7,680 --a------ C:\WINDOWS\system32\vcdex.dll
2007-07-27 06:29 7,168 --a------ C:\WINDOWS\system32\wshnetbs.dll
2007-07-27 06:29 679,936 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-07-27 06:29 67,584 --a------ C:\WINDOWS\system32\webclnt.dll
2007-07-27 06:29 67,584 --a------ C:\WINDOWS\system32\sti.dll
2007-07-27 06:29 66,176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2007-07-27 06:29 65,536 --a------ C:\WINDOWS\system32\wshext.dll
2007-07-27 06:29 65,536 --a------ C:\WINDOWS\system32\wextract.exe
2007-07-27 06:29 610,304 --a------ C:\WINDOWS\system32\sspipes.scr
2007-07-27 06:29 6,144 --a------ C:\WINDOWS\system32\svcpack.dll
2007-07-27 06:29 589,312 --a------ C:\WINDOWS\system32\wiashext.dll
2007-07-27 06:29 577,024 --a------ C:\WINDOWS\system32\user32.dll
2007-07-27 06:29 57,856 --a------ C:\WINDOWS\system32\synceng.dll
2007-07-27 06:29 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-07-27 06:29 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-07-27 06:29 53,760 --a------ C:\WINDOWS\system32\winsta.dll
2007-07-27 06:29 52,352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2007-07-27 06:29 52,224 --a------ C:\WINDOWS\system32\tsappcmp.dll
2007-07-27 06:29 51,712 --a------ C:\WINDOWS\system32\vdmredir.dll
2007-07-27 06:29 51,456 --a------ C:\WINDOWS\system32\vga256.dll
2007-07-27 06:29 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-07-27 06:29 51,200 --a------ C:\WINDOWS\system32\syncapp.exe
2007-07-27 06:29 502,272 --a------ C:\WINDOWS\system32\winlogon.exe
2007-07-27 06:29 50,688 --a------ C:\WINDOWS\twain_32.dll
2007-07-27 06:29 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-07-27 06:29 50,176 --a------ C:\WINDOWS\system32\xmlprovi.dll
2007-07-27 06:29 50,176 --a------ C:\WINDOWS\system32\utilman.exe
2007-07-27 06:29 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2007-07-27 06:29 5,632 --a------ C:\WINDOWS\system32\winver.exe
2007-07-27 06:29 5,632 --a------ C:\WINDOWS\system32\tapiperf.dll
2007-07-27 06:29 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2007-07-27 06:29 5,120 --a------ C:\WINDOWS\system32\winnls.dll
2007-07-27 06:29 49,680 --a------ C:\WINDOWS\twunk_16.exe
2007-07-27 06:29 49,664 --a------ C:\WINDOWS\system32\w32tm.exe
2007-07-27 06:29 49,179 --a------ C:\WINDOWS\system32\sqlwoa.dll
2007-07-27 06:29 49,152 --a------ C:\WINDOWS\system32\wdigest.dll
2007-07-27 06:29 47,872 --a------ C:\WINDOWS\system32\user.exe
2007-07-27 06:29 47,104 --a------ C:\WINDOWS\system32\ssmypics.scr
2007-07-27 06:29 463,360 --a------ C:\WINDOWS\system32\wiadefui.dll
2007-07-27 06:29 45,568 --a------ C:\WINDOWS\system32\tcpmonui.dll
2007-07-27 06:29 45,568 --a------ C:\WINDOWS\system32\tcpmon.dll
2007-07-27 06:29 442,368 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2007-07-27 06:29 44,032 --a------ C:\WINDOWS\system32\twext.dll
2007-07-27 06:29 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2007-07-27 06:29 433,664 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2007-07-27 06:29 430,592 --a------ C:\WINDOWS\system32\vssapi.dll
2007-07-27 06:29 42,496 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-07-27 06:29 417,792 --a------ C:\WINDOWS\system32\vbscript.dll
2007-07-27 06:29 413,944 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-07-27 06:29 406,528 --a------ C:\WINDOWS\system32\usp10.dll
2007-07-27 06:29 40,448 --a------ C:\WINDOWS\system32\webhits.dll
2007-07-27 06:29 4,992 --a------ C:\WINDOWS\system32\drivers\toside.sys
2007-07-27 06:29 4,736 --a------ C:\WINDOWS\system32\drivers\usbd.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-28 11:27 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-28 07:30 --------- d-------- C:\Program Files\SnadBoy's Revelation v2
2007-07-28 05:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-27 06:29 183296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-07-27 06:29 165888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-07-27 06:29 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-07-27 06:28 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-07-27 06:28 80128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2007-07-27 06:28 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-07-27 06:28 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-27 06:28 63744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2007-07-27 06:28 61824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2007-07-27 06:28 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-07-27 06:28 60800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2007-07-27 06:28 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-27 06:28 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-07-27 06:28 52224 --a------ C:\WINDOWS\system32\dmutil.dll
2007-07-27 06:28 51712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-07-27 06:28 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-07-27 06:28 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-07-27 06:28 47616 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-07-27 06:28 47104 --a------ C:\WINDOWS\system32\cnbjmon.dll
2007-07-27 06:28 46464 --a------ C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-07-27 06:28 44672 --a------ C:\WINDOWS\system32\drivers\uagp35.sys
2007-07-27 06:28 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-07-27 06:28 42496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2007-07-27 06:28 37376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-07-27 06:28 36992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2007-07-27 06:28 36480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2007-07-27 06:28 359936 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-07-27 06:28 35328 --a------ C:\WINDOWS\system32\pid.dll
2007-07-27 06:28 35328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2007-07-27 06:28 31744 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2007-07-27 06:28 30080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2007-07-27 06:28 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-07-27 06:28 25472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2007-07-27 06:28 23040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-07-27 06:28 20992 --a------ C:\WINDOWS\system32\hid.dll
2007-07-27 06:28 17408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-07-27 06:28 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-07-27 06:28 16000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2007-07-27 06:28 15488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2007-07-27 06:28 15360 --a------ C:\WINDOWS\system32\pjlmon.dll
2007-07-27 06:28 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-27 06:28 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-07-27 06:28 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-07-27 06:28 14080 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys
2007-07-27 06:28 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-07-27 06:28 12928 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2007-07-27 06:28 12416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-07-27 06:28 10880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-07-27 06:27 949248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-07-27 06:27 90112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-07-27 06:27 678400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-07-27 06:27 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-07-27 06:27 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-07-27 06:27 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-07-27 06:26 9344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-07-27 06:26 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-27 06:26 86073 --a------ C:\WINDOWS\system32\usrfaxa.dll
2007-07-27 06:26 8192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-07-27 06:26 8192 --a------ C:\WINDOWS\system32\streamci.dll
2007-07-27 06:26 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-27 06:26 77891 --a------ C:\WINDOWS\system32\usrmlnka.exe
2007-07-27 06:26 77890 --a------ C:\WINDOWS\system32\usrdpa.dll
2007-07-27 06:26 77883 --a------ C:\WINDOWS\system32\usrrtosa.dll
2007-07-27 06:26 72192 --a------ C:\WINDOWS\system32\sprio800.dll
2007-07-27 06:26 70656 --a------ C:\WINDOWS\system32\sprio600.dll
2007-07-27 06:26 69700 --a------ C:\WINDOWS\system32\usrshuta.exe
2007-07-27 06:26 69699 --a------ C:\WINDOWS\system32\usrcoina.dll
2007-07-27 06:26 69632 --a------ C:\WINDOWS\system32\spnike.dll
2007-07-27 06:26 646 --a------ C:\WINDOWS\system32\drivers\gmreadme.txt
2007-07-27 06:26 61508 --a------ C:\WINDOWS\system32\usrprbda.exe
2007-07-27 06:26 61500 --a------ C:\WINDOWS\system32\usrcntra.dll
2007-07-27 06:26 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-27 06:26 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-27 06:26 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-27 06:26 58112 --a------ C:\WINDOWS\system32\drivers\vdmindvd.sys
2007-07-27 06:26 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-27 06:26 55296 --a------ C:\WINDOWS\system32\dvdplay.exe
2007-07-27 06:26 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-07-27 06:26 53305 --a------ C:\WINDOWS\system32\usrlbva.dll
2007-07-27 06:26 51712 --a------ C:\WINDOWS\system32\drivers\tosdvd.sys
2007-07-27 06:26 4992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2007-07-27 06:26 49211 --a------ C:\WINDOWS\system32\usrvpa.dll
2007-07-27 06:26 49211 --a------ C:\WINDOWS\system32\usrsdpia.dll
2007-07-27 06:26 49209 --a------ C:\WINDOWS\system32\usrv80a.dll
2007-07-27 06:26 45116 --a------ C:\WINDOWS\system32\usrvoica.dll
2007-07-27 06:26 41019 --a------ C:\WINDOWS\system32\usrsvpia.dll
2007-07-27 06:26 345088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-07-27 06:26 3440660 --a------ C:\WINDOWS\system32\drivers\gm.dls
2007-07-27 06:26 323641 --a------ C:\WINDOWS\system32\usrdtea.dll
2007-07-27 06:26 3200 --a------ C:\WINDOWS\system32\wowfax.dll
2007-07-27 06:26 262528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys
2007-07-27 06:26 23936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-07-27 06:26 23808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys
2007-07-27 06:26 22528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-07-27 06:26 21376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-07-27 06:26 18688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2007-07-27 06:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-12 03:09:39 94,208 --sha-w C:\WINDOWS\system32\SalaatTime.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F70231A8-C197-496B-A3E5-CF62FB5C246C}]
2007-07-27 15:05 441344 --a------ C:\PROGRA~1\bho\DIEMON~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 12:26]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 06:25 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-25 02:59]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-29 11:41]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 10:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 17:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 06:25]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13]
"dbrj"="C:\WINDOWS\system32\drivers\iExplorer.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"QQ Game"="C:\Program Files\Tencent\QQ\QQGame.exe" []
"QQ3DShow"="C:\Program Files\Tencent\QQ\QQ3DShow.exe" []

C:\Documents and Settings\Sohil Patel\Start Menu\Programs\Startup\
Camsplitter.lnk - C:\Program Files\CamSplitter\camsplitter.exe [2006-11-05 06:51:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-12-07 00:33:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys
R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.SYS
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 dsunidrv;DellSupport UniDriver;C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
R2 gu127ji5h;gu127ji5h;\??\C:\WINDOWS\system32\drivers\gu127ji5h.sys
R2 mxdispdr;mxdispdr;\??\C:\WINDOWS\system32\drivers\mxdispdr.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 DSproct;DSproct;\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S2 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe -netsvcs
S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
S3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
S3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys
S3 BthEnum;Bluetooth Enumerator Service;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
S3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 npkycryp;npkycryp;\??\C:\Program Files\Tencent\QQ\npkycryp.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys
S3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys
S3 VPCNetS2;Virtual PC Emulated Ethernet Switch;C:\WINDOWS\system32\DRIVERS\VPCNetS2.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
S3 ZSMC0305;VIMICRO USB PC Camera VC0305;C:\WINDOWS\system32\Drivers\usbVM305.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f4023ce-e368-11da-8eeb-001422dea26f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL uusetup.exe
´ò¿ª(&O)\command- E:\uusetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36256a30-ee8e-11db-91b6-001422dea26f}]
1\Command- E:\autorun.pif
2\Command- E:\autorun.pif
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67ab00af-e6fc-11db-91a8-001422dea26f}]
1\Command- E:\autorun.pif
2\Command- E:\autorun.pif
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d571c6-5f61-11da-8dd3-00038a000015}]
AutoRun\command- E:\readme.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-30 05:46:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Il\16\x178\x20ac{\xd1\x17e\xd8S ?(?T?r?u?e?T?y?p?e?)?"="HDZB_35.TTF"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-30 5:52:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-30 05:51

--- E O F ---

Can you plz advise me that my laptop is free of any infection or still affected?

Again thanx a lot for your time.

Regards
Sohil
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-31-2007, 09:30 AM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,008
OS: WinXP and Vista


Re: Can not run explorer.exe
Hello Sohil,

We have a bit more work to do.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

1. Disconnect from the internet

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Insert your flash drive

------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
E:\uusetup.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dbrj"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f4023ce-e368-11da-8eeb-001422dea26f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36256a30-ee8e-11db-91b6-001422dea26f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67ab00af-e6fc-11db-91a8-001422dea26f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82d571c6-5f61-11da-8dd3-00038a000015}]
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


--------------------------------------------------------------------

lease run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Please download HijackThis to your desktop. (If you don't already have it)

Alternate link

Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.

Double-click on the file you just downloaded.
Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe
  • If it gives you an intro screen, just choose 'Do a system scan and save a log file'.
  • If not, run a scan and save the log file.
  • Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) in a new thread in the HJT Forum
  • Do not fix any entries in HijackThis since they may be harmless.
  • Make sure to include the System information at the top of the log as well.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Panda results
New HijackThis log
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-13-2007, 08:44 PM   #6 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Hi Ried,

I am sory foa late reply as I was out on business trip. YOu are correct that there are still many viruses and spyware and malware. I have cary out your all instructions and log report are as follow.

ComboFix.txt

ComboFix 07-07-31 - "Sohil Patel" 2007-08-11 2:19:03.2 [GMT 1:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Sohil Patel\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\microsoft\pctools
C:\Program Files\Common Files\cpush
C:\Program Files\Internet Explorer\IEXPLORE32.jmp
C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Jmp
C:\Program Files\OCINS\austr.dll
C:\Program Files\OCINS\cndsv.dll
C:\Program Files\OCINS\cnprovh.dll
C:\Program Files\OCINS\cnstc.ini
C:\Program Files\OCINS\config.exe
C:\Program Files\OCINS\convf.dll
C:\Program Files\OCINS\convs.dll
C:\Program Files\OCINS\ctrcfg.ini
C:\Program Files\OCINS\cuscfg.dat
C:\Program Files\OCINS\idnaux.dat
C:\Program Files\OCINS\idnsvr.dll
C:\Program Files\OCINS\idnsvr.exe
C:\Program Files\OCINS\ieaux.dll
C:\Program Files\OCINS\kwacs.dat
C:\Program Files\OCINS\kwrep.dat
C:\Program Files\OCINS\srchsp.dll
C:\Program Files\OCINS\uninstall.exe
C:\Program Files\OCINS\update\austr.dll
C:\Program Files\OCINS\update\data2.cab
C:\Program Files\OCINS\update\update.exe
C:\Program Files\OCINS\update\version.dat
C:\Program Files\OCINS\usrcfg.ini
C:\Program Files\OCINS\version.dat
C:\WINDOWS\system\dvl
C:\WINDOWS\system\lvl
C:\WINDOWS\system32\1.exe
C:\WINDOWS\system32\2.exe
C:\WINDOWS\system32\4.exe
C:\WINDOWS\system32\5.exe
C:\WINDOWS\system32\6.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\ckcuao83.dll
C:\WINDOWS\system32\cnprov.dat
C:\WINDOWS\system32\cwebpage.dll
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\cnprov.sys
C:\WINDOWS\system32\drivers\faatgq19.sys
C:\WINDOWS\system32\drivers\idnaux.sys
C:\WINDOWS\system32\drivers\iokilps.sys
C:\WINDOWS\system32\faatgq19.dll
C:\WINDOWS\system32\g.exe
C:\WINDOWS\system32\idnreg.dll
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\msdebug.dll
C:\WINDOWS\system32\SysTdSvr.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\windhcp.ocx
C:\WINDOWS\temp\~my1.tmp
C:\WINDOWS\upxdnd.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ACPIDISK
-------\LEGACY_CELINDRV
-------\LEGACY_CKCUAO83
-------\LEGACY_CNPROV
-------\LEGACY_FAATGQ19
-------\LEGACY_IOKILPS
-------\LEGACY_WINDHCPSVC
-------\acpidisk
-------\ckcuao83
-------\cnprov
-------\faatgq19
-------\idnaux
-------\iokilps
-------\MSDebugsvc
-------\WinDHCPsvc


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 01:01 22,016 --a------ C:\WINDOWS\system32\lihawa.dll
2007-08-11 01:01 21,504 --a------ C:\WINDOWS\system32\tszhyp.dll
2007-08-10 10:56 22,016 --a------ C:\WINDOWS\system32\xsfshj.dll
2007-08-10 10:56 21,504 --a------ C:\WINDOWS\system32\rwmvok.dll
2007-08-10 08:14 73,728 --a------ C:\WINDOWS\system32\kilb.dll
2007-08-09 05:50 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-09 05:27 332 --a------ C:\NTDETECT.EXE
2007-08-09 05:27 18,432 ---hs---- C:\WINDOWS\system32\servet.exe
2007-08-09 04:59 22,016 --a------ C:\WINDOWS\system32\mpyhku.dll
2007-08-09 00:55 22,016 --a------ C:\WINDOWS\system32\ijefvh.dll
2007-08-09 00:55 21,504 --a------ C:\WINDOWS\system32\vuemoe.dll
2007-08-07 13:03 5,767,168 --a------ C:\DOCUME~1\SOHILP~1\ntuser.dat
2007-08-07 00:54 21,504 --a------ C:\WINDOWS\system32\gflyga.dll
2007-08-06 11:18 22,016 --a------ C:\WINDOWS\system32\ldbpgc.dll
2007-08-06 11:18 21,504 --a------ C:\WINDOWS\system32\dekugb.dll
2007-08-06 04:26 28,672 --a------ C:\WINDOWS\TIMHost.exe
2007-08-06 04:26 21,504 --a------ C:\WINDOWS\system32\TIMHost.dll
2007-08-03 06:18 <DIR> d-------- C:\Program Files\Morovia
2007-08-03 06:18 <DIR> d-------- C:\Program Files\Common Files\Morovia
2007-07-30 05:34 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-28 11:38 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-28 11:18 <DIR> d-------- C:\WINDOWS\dell
2007-07-28 10:31 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-07-28 10:31 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-07-28 07:30 <DIR> d-------- C:\WINDOWS\setup.pss
2007-07-27 07:32 172,644 --a------ C:\WINDOWS\system32\drivers\mxdispdr.sys
2007-07-27 06:32 <DIR> d-------- C:\Temp
2007-07-27 06:29 99,328 --a------ C:\WINDOWS\system32\winscard.dll
2007-07-27 06:29 984,576 --a------ C:\WINDOWS\system32\syssetup.dll
2007-07-27 06:29 98,304 --a------ C:\WINDOWS\system32\verifier.exe
2007-07-27 06:29 96,768 --a------ C:\WINDOWS\system32\srvsvc.dll
2007-07-27 06:29 940,544 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-07-27 06:29 94,784 --a------ C:\WINDOWS\twain.dll
2007-07-27 06:29 937,984 --a------ C:\WINDOWS\system32\winbrand.dll
2007-07-27 06:29 92,672 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-07-27 06:29 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-07-27 06:29 90,624 --a------ C:\WINDOWS\system32\trkwks.dll
2007-07-27 06:29 9,728 --a------ C:\WINDOWS\system32\sprestrt.exe
2007-07-27 06:29 9,344 --a------ C:\WINDOWS\system32\vga.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\wshatm.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\winfax.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\wifeman.dll
2007-07-27 06:29 9,216 --a------ C:\WINDOWS\system32\subst.exe
2007-07-27 06:29 9,008 --a------ C:\WINDOWS\system32\ver.dll
2007-07-27 06:29 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-07-27 06:29 895,736 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-07-27 06:29 86,016 --a------ C:\WINDOWS\system32\wmpshell.dll
2007-07-27 06:29 858,624 --a------ C:\WINDOWS\system32\tapi3.dll
2007-07-27 06:29 82,944 --a------ C:\WINDOWS\system32\ws2_32.dll
2007-07-27 06:29 82,432 --a------ C:\WINDOWS\system32\ufat.dll
2007-07-27 06:29 81,408 --a------ C:\WINDOWS\system32\wscsvc.dll
2007-07-27 06:29 8,192 --a------ C:\WINDOWS\system32\winhlp32.exe
2007-07-27 06:29 79,744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2007-07-27 06:29 78,848 --a------ C:\WINDOWS\system32\tapiui.dll
2007-07-27 06:29 774,904 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-07-27 06:29 764,928 --a------ C:\WINDOWS\system32\winntbbu.dll
2007-07-27 06:29 75,776 --a------ C:\WINDOWS\system32\wiascr.dll
2007-07-27 06:29 75,776 --a------ C:\WINDOWS\system32\strmfilt.dll
2007-07-27 06:29 75,264 --a------ C:\WINDOWS\system32\telnet.exe
2007-07-27 06:29 74,752 --a------ C:\WINDOWS\system32\spoolss.dll
2007-07-27 06:29 74,240 --a------ C:\WINDOWS\system32\unimdmat.dll
2007-07-27 06:29 723,456 --a------ C:\WINDOWS\system32\userenv.dll
2007-07-27 06:29 716,288 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-07-27 06:29 713,216 --a------ C:\WINDOWS\system32\sxs.dll
2007-07-27 06:29 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2007-07-27 06:29 704,512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-07-27 06:29 7,680 --a------ C:\WINDOWS\system32\vcdex.dll
2007-07-27 06:29 7,168 --a------ C:\WINDOWS\system32\wshnetbs.dll
2007-07-27 06:29 679,936 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-07-27 06:29 67,584 --a------ C:\WINDOWS\system32\webclnt.dll
2007-07-27 06:29 67,584 --a------ C:\WINDOWS\system32\sti.dll
2007-07-27 06:29 66,176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2007-07-27 06:29 65,536 --a------ C:\WINDOWS\system32\wshext.dll
2007-07-27 06:29 65,536 --a------ C:\WINDOWS\system32\wextract.exe
2007-07-27 06:29 610,304 --a------ C:\WINDOWS\system32\sspipes.scr
2007-07-27 06:29 6,144 --a------ C:\WINDOWS\system32\svcpack.dll
2007-07-27 06:29 589,312 --a------ C:\WINDOWS\system32\wiashext.dll
2007-07-27 06:29 577,024 --a------ C:\WINDOWS\system32\user32.dll
2007-07-27 06:29 57,856 --a------ C:\WINDOWS\system32\synceng.dll
2007-07-27 06:29 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-07-27 06:29 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-07-27 06:29 53,760 --a------ C:\WINDOWS\system32\winsta.dll
2007-07-27 06:29 52,352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2007-07-27 06:29 52,224 --a------ C:\WINDOWS\system32\tsappcmp.dll
2007-07-27 06:29 51,712 --a------ C:\WINDOWS\system32\vdmredir.dll
2007-07-27 06:29 51,456 --a------ C:\WINDOWS\system32\vga256.dll
2007-07-27 06:29 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-07-27 06:29 51,200 --a------ C:\WINDOWS\system32\syncapp.exe
2007-07-27 06:29 502,272 --a------ C:\WINDOWS\system32\winlogon.exe
2007-07-27 06:29 50,688 --a------ C:\WINDOWS\twain_32.dll
2007-07-27 06:29 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-07-27 06:29 50,176 --a------ C:\WINDOWS\system32\xmlprovi.dll
2007-07-27 06:29 50,176 --a------ C:\WINDOWS\system32\utilman.exe
2007-07-27 06:29 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2007-07-27 06:29 5,632 --a------ C:\WINDOWS\system32\winver.exe
2007-07-27 06:29 5,632 --a------ C:\WINDOWS\system32\tapiperf.dll
2007-07-27 06:29 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2007-07-27 06:29 5,120 --a------ C:\WINDOWS\system32\winnls.dll
2007-07-27 06:29 49,680 --a------ C:\WINDOWS\twunk_16.exe
2007-07-27 06:29 49,664 --a------ C:\WINDOWS\system32\w32tm.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-03 06:33 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 06:33 --------- d--h----- C:\Program Files\Dell
2007-07-28 11:27 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-28 07:30 --------- d-------- C:\Program Files\SnadBoy's Revelation v2
2007-07-27 06:29 183296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-07-27 06:29 165888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-07-27 06:29 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-07-27 06:28 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-07-27 06:28 80128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2007-07-27 06:28 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-07-27 06:28 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-07-27 06:28 63744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2007-07-27 06:28 61824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2007-07-27 06:28 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-07-27 06:28 60800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2007-07-27 06:28 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-27 06:28 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-07-27 06:28 52224 --a------ C:\WINDOWS\system32\dmutil.dll
2007-07-27 06:28 51712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-07-27 06:28 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-07-27 06:28 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-07-27 06:28 47616 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-07-27 06:28 47104 --a------ C:\WINDOWS\system32\cnbjmon.dll
2007-07-27 06:28 46464 --a------ C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-07-27 06:28 44672 --a------ C:\WINDOWS\system32\drivers\uagp35.sys
2007-07-27 06:28 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-07-27 06:28 42496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2007-07-27 06:28 37376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-07-27 06:28 36992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2007-07-27 06:28 36480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2007-07-27 06:28 359936 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-07-27 06:28 35328 --a------ C:\WINDOWS\system32\pid.dll
2007-07-27 06:28 35328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2007-07-27 06:28 31744 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2007-07-27 06:28 30080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2007-07-27 06:28 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-07-27 06:28 25472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2007-07-27 06:28 23040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-07-27 06:28 20992 --a------ C:\WINDOWS\system32\hid.dll
2007-07-27 06:28 17408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-07-27 06:28 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-07-27 06:28 16000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2007-07-27 06:28 15488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2007-07-27 06:28 15360 --a------ C:\WINDOWS\system32\pjlmon.dll
2007-07-27 06:28 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-27 06:28 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-07-27 06:28 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-07-27 06:28 14080 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys
2007-07-27 06:28 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-07-27 06:28 12928 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2007-07-27 06:28 12416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-07-27 06:28 10880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-07-27 06:27 949248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-07-27 06:27 90112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-07-27 06:27 678400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-07-27 06:27 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-07-27 06:27 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-07-27 06:27 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-07-27 06:26 9344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-07-27 06:26 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-27 06:26 86073 --a------ C:\WINDOWS\system32\usrfaxa.dll
2007-07-27 06:26 8192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-07-27 06:26 8192 --a------ C:\WINDOWS\system32\streamci.dll
2007-07-27 06:26 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-27 06:26 77891 --a------ C:\WINDOWS\system32\usrmlnka.exe
2007-07-27 06:26 77890 --a------ C:\WINDOWS\system32\usrdpa.dll
2007-07-27 06:26 77883 --a------ C:\WINDOWS\system32\usrrtosa.dll
2007-07-27 06:26 72192 --a------ C:\WINDOWS\system32\sprio800.dll
2007-07-27 06:26 70656 --a------ C:\WINDOWS\system32\sprio600.dll
2007-07-27 06:26 69700 --a------ C:\WINDOWS\system32\usrshuta.exe
2007-07-27 06:26 69699 --a------ C:\WINDOWS\system32\usrcoina.dll
2007-07-27 06:26 69632 --a------ C:\WINDOWS\system32\spnike.dll
2007-07-27 06:26 646 --a------ C:\WINDOWS\system32\drivers\gmreadme.txt
2007-07-27 06:26 61508 --a------ C:\WINDOWS\system32\usrprbda.exe
2007-07-27 06:26 61500 --a------ C:\WINDOWS\system32\usrcntra.dll
2007-07-27 06:26 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-27 06:26 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-27 06:26 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-27 06:26 58112 --a------ C:\WINDOWS\system32\drivers\vdmindvd.sys
2007-07-27 06:26 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-27 06:26 55296 --a------ C:\WINDOWS\system32\dvdplay.exe
2007-07-27 06:26 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-07-27 06:26 53305 --a------ C:\WINDOWS\system32\usrlbva.dll
2007-07-27 06:26 51712 --a------ C:\WINDOWS\system32\drivers\tosdvd.sys
2007-07-27 06:26 4992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2007-07-27 06:26 49211 --a------ C:\WINDOWS\system32\usrvpa.dll
2007-07-27 06:26 49211 --a------ C:\WINDOWS\system32\usrsdpia.dll
2007-07-27 06:26 49209 --a------ C:\WINDOWS\system32\usrv80a.dll
2007-07-27 06:26 45116 --a------ C:\WINDOWS\system32\usrvoica.dll
2007-07-27 06:26 41019 --a------ C:\WINDOWS\system32\usrsvpia.dll
2007-07-27 06:26 345088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-07-27 06:26 3440660 --a------ C:\WINDOWS\system32\drivers\gm.dls
2007-07-27 06:26 323641 --a------ C:\WINDOWS\system32\usrdtea.dll
2007-07-27 06:26 3200 --a------ C:\WINDOWS\system32\wowfax.dll
2007-07-27 06:26 262528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys
2007-07-27 06:26 23936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-07-27 06:26 23808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys
2007-07-27 06:26 22528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-07-27 06:26 21376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-07-27 06:26 18688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2006-10-12 03:09:39 94,208 --sha-w C:\WINDOWS\system32\SalaatTime.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F70231A8-C197-496B-A3E5-CF62FB5C246C}]
2007-07-27 15:05 441344 --a------ C:\PROGRA~1\bho\DIEMON~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 12:26]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 06:25 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-25 02:59]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-29 11:41]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 10:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"psajvbfe"="D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 17:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 06:25]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"QQ Game"="C:\Program Files\Tencent\QQ\QQGame.exe" []
"QQ3DShow"="C:\Program Files\Tencent\QQ\QQ3DShow.exe" []

C:\Documents and Settings\Sohil Patel\Start Menu\Programs\Startup\
Camsplitter.lnk - C:\Program Files\CamSplitter\camsplitter.exe [2006-11-05 06:51:11]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-12-07 00:33:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{014A26F5-FBAD-4549-9CA1-C38210704BD1}"= C:\Program Files\Common Files\Microsoft Shared\MSINFO\System16.ins [2007-08-06 04:25 27634]
"{C5E87A05-F463-4841-B19E-DD3EC3862368}"= C:\Program Files\Internet Explorer\IEXPLORE32.Sys [2007-08-11 01:37 30344]
"{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}"= C:\Program Files\Internet Explorer\IEXPLORE32.win [2007-08-11 01:37 28790]
"{EE12D60D-AD9A-4095-B839-3BE6862679FD}"= C:\Program Files\Internet Explorer\IEXPLORE32.Dat [2007-08-11 01:37 35481]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys
R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.SYS
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 dsunidrv;DellSupport UniDriver;C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
R2 mxdispdr;mxdispdr;\??\C:\WINDOWS\system32\drivers\mxdispdr.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 DSproct;DSproct;\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S2 acvrsthe;zxcgjmkxvb;C:\WINDOWS\system32\5.exe
S2 gu127ji5h;gu127ji5h;\??\C:\WINDOWS\system32\drivers\gu127ji5h.sys
S2 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe -netsvcs
S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
S2 vsadfg;avrthy;C:\WINDOWS\system32\4.exe
S2 WindowsDown;Applic ato;C:\WINDOWS\system32\servet.exe
S3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
S3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys
S3 BthEnum;Bluetooth Enumerator Service;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
S3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 npkycryp;npkycryp;\??\C:\Program Files\Tencent\QQ\npkycryp.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys
S3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys
S3 VPCNetS2;Virtual PC Emulated Ethernet Switch;C:\WINDOWS\system32\DRIVERS\VPCNetS2.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
S3 ZSMC0305;VIMICRO USB PC Camera VC0305;C:\WINDOWS\system32\Drivers\usbVM305.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 02:29:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Il\16\x178\x20ac{\xd1\x17e\xd8S ?(?T?r?u?e?T?y?p?e?)?"="HDZB_35.TTF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000071

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 2:32:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 02:31
C:\ComboFix2.txt ... 2007-08-08 02:05
C:\ComboFix3.txt ... 2007-07-30 05:52

--- E O F ---
Panda result


Incident Status Location

Adware:adware/keenvalue Not disinfected c:\program files\bho
Adware:adware/ist.istbar Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch
Virus:Generic Malware Disinfected C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@888[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@adrevolver[4].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@advertising[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@anm.co[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@azjmp[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@bluestreak[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@bravenet[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@bs.serving-sys[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@cgi-bin[14].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@cgi-bin[7].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@cgi-bin[8].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@drivecleaner[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@entrepreneur[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@go[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@hc2.humanclick[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@i.screensavers[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@landing.domainsponsor[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@maxserving[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@seeq[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@serving-sys[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@tickle[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@tucows[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@web.tickle[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@winfixer[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@www.drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@www.errorsafe[2].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Sohil Patel\Cookies\sohil patel@xmts[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Sohil Patel\Desktop\ComboFix.exe[nircmd.exe]
Virus:Trj/Lineage.BIA Disinfected C:\Documents and Settings\Sohil Patel\Local Settings\Temp\ck3.jpg.exe
Possible Virus. Not disinfected C:\Documents and Settings\Sohil Patel\Local Settings\Temp\qq.exe
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\XinBao\Cookies\xinbao@adrevolver[3].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\XinBao\Cookies\xinbao@maxserving[2].txt
Potentially unwanted tool:Application/FunWeb Not disinfected C:\music\indi\MyFunCardsFWBInitialSetup1.0.0.15-3.exe
Virus:Trj/Lineage.BIA Disinfected C:\Program Files\Internet Explorer\IEXPLORE32.jmp
Possible Virus. Not disinfected C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Jmp
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\PCTools\pctools.dll.vir
Virus:Trj/Lineage.BIA Disinfected C:\QooBox\Quarantine\C\Program Files\Internet Explorer\IEXPLORE32.jmp.vir
Possible Virus. Not disinfected C:\QooBox\Quarantine\C\Program Files\Internet Explorer\PLUGINS\SysWin64.Jmp.vir
Adware:Adware/BaiduBar Not disinfected C:\QooBox\Quarantine\C\WINDOWS\QQIEHelper.dll.vir
Virus:Bck/Galapoper.LQ Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\4.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\5.exe.vir
Adware:Adware/Borlander Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ad_2238.exe.vir
Adware:Adware/Borlander Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ad_2286.exe.vir[Insshell.exe]
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\idnaux.sys.vir
Possible Virus. Not disinfected C:\QooBox\Quarantine\C\WINDOWS\upxdnd.exe.vir
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\catchme2007-08-11_ 22925.59.zip[cndsv.dll]
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\catchme2007-08-11_ 22925.59.zip[cnprovh.dll]
Virus:Generic Malware Disinfected C:\QooBox\Quarantine\catchme2007-08-11_ 22925.59.zip[convs.dll]
Virus:Trj/Downloader.PUP Disinfected C:\quarantine\1[1].exe.Vir
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c.exe.Vir
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c.exe.Vir.0
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c.exe.Vir.1
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir.0
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir.1
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir.2
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir.3
Virus:Trj/Autorun.AU Disinfected C:\quarantine\c[1].exe.Vir.4
Virus:Trj/Downloader.PUP Disinfected C:\quarantine\sys332.exe.Vir
Virus:Generic Malware Disinfected C:\software\RevelationV2\SetupRevelationV2.exe
Virus:Generic Malware Disinfected C:\software\RevelationV2.zip[SetupRevelationV2.exe]
Virus:Trj/Downloader.PTV Disinfected C:\software\vip.exe.dap
Adware:Adware/AdHelper.B Not disinfected C:\WINDOWS\10d001.exe[netdde32.exe]
Virus:Generic Trojan Not disinfected C:\WINDOWS\10d001.exe[d03.exe][cpush.tmp]
Virus:Generic Trojan Not disinfected C:\WINDOWS\d04.exe[cpush.tmp]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Virus:Generic Trojan Not disinfected C:\WINDOWS\system32\d03.exe[cpush.tmp]
Virus:Trj/QQPass.AGU Disinfected C:\WINDOWS\system32\rjbvikmipcugx.dll
Virus:Trj/Downloader.PTV Disinfected C:\WINDOWS\system32\servet.exe
Virus:Generic Trojan Not disinfected C:\WINDOWS\Temp\1F813859.exe[cpush.tmp]
Possible Virus. Not disinfected E:\AutoRun.exe
HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 05:02:58, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CamSplitter\camsplitter.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\software\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F70231A8-C197-496B-A3E5-CF62FB5C246C} - C:\PROGRA~1\bho\DIEMON~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [psajvbfe] D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\RunOnce: [CPushSetup] "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Common Files\CPUSH\cpush.dll"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [QQ Game] C:\Program Files\Tencent\QQ\QQGame.exe
O4 - HKCU\..\Run: [QQ3DShow] C:\Program Files\Tencent\QQ\QQ3DShow.exe
O4 - Startup: Camsplitter.lnk = C:\Program Files\CamSplitter\camsplitter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: ÓÃQQ²ÊÐÅ•¢Ë͸ÃͼƬ - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: zxcgjmkxvb (acvrsthe) - Unknown owner - C:\WINDOWS\system32\5.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: avrthy (vsadfg) - Unknown owner - C:\WINDOWS\system32\4.exe (file missing)
O23 - Service: Applic ato (WindowsDown) - Unknown owner - C:\WINDOWS\system32\servet.exe (file missing)
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

During activescan, I was coneected to internet and once scanning was sttoped automatically. Second time I disconeected and scanning was perfomed fully.

Also there are so many hidden filies on C drive with extension .sqm. Can I delete those files?

THanking you very much for your kind help and time.

Regards
Sohil
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-14-2007, 10:00 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,008
OS: WinXP and Vista


Re: Can not run explorer.exe
Hello sohil,

This system is in really bad shape. You may want to back up your data and consider a reformat and reinstall.

Is your McAfee current?

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F70231A8-C197-496B-A3E5-CF62FB5C246C} - C:\PROGRA~1\bho\DIEMON~1.DLL
O4 - HKLM\..\Run: [psajvbfe] D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\RunOnce: [CPushSetup] "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Common Files\CPUSH\cpush.dll"

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
File::
C:\WINDOWS\system32\lihawa.dll
C:\WINDOWS\system32\tszhyp.dll
C:\WINDOWS\system32\xsfshj.dll
C:\WINDOWS\system32\rwmvok.dll
C:\WINDOWS\system32\kilb.dll
C:\NTDETECT.EXE
C:\WINDOWS\system32\servet.exe
C:\WINDOWS\system32\mpyhku.dll
C:\WINDOWS\system32\ijefvh.dll
C:\WINDOWS\system32\vuemoe.dll
C:\WINDOWS\system32\gflyga.dll
C:\WINDOWS\system32\ldbpgc.dll
C:\WINDOWS\system32\dekugb.dll
C:\WINDOWS\TIMHost.exe
C:\WINDOWS\system32\TIMHost.dll
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\music\indi\MyFunCardsFWBInitialSetup1.0.0.15-3.exe
C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Jmp
C:\WINDOWS\10d001.exe
C:\WINDOWS\d04.exe
C:\WINDOWS\upxdnd.exe

Folder::
c:\program files\bho

Driver::
vsadfg
WindowsDown
acvrsthe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{014A26F5-FBAD-4549-9CA1-C38210704BD1}"= -
"{C5E87A05-F463-4841-B19E-DD3EC3862368}"=-
"{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}"=-
"{EE12D60D-AD9A-4095-B839-3BE6862679FD}"=-
[-hkey_current_user\software\MyWebSearch]
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Please download Dr.Web CureIT

Alternate Download Site http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html
  • Doubleclick the "drweb-cureit.exe" and click "OK" in the prompt window that will open.
  • Then click "start the express scan now". It will first make a quick scan of your system so let it clean what it finds and when it says "done" click on the Green Screwdriver-ActionsTab, Adware-Dialers-Riskware-Hacktools and use dropdown menu and select "Delete"
  • Click on the drive(s) you want to scan.
  • A red dot * will mark the selected drive(s) then hit the green arrow in lower right corner.
  • It will now scan your drive(s) so say YES to ALL.
---------------------------------------------------------------
Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
-----------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.tx
DrWeb results
main.txt
an attached extra.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 08-14-2007 at 10:08 PM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2007, 08:38 PM   #8 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Hi Ried,

Again my laptop causing me same problem. This time problem seems more serious. When I tried to run explorer.exe, taskbar flashes for a second and disappera. I even can not run IE. I have attached all logs as per your instruction in last reply.

Combofix log

ComboFix 07-07-31 - "Sohil Patel" 2007-10-31 3:39:36.6 [GMT 0:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Sohil Patel\Desktop\CFScript.txt
* Created a new restore point

Dr.Web reults




((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\music\indi\MyFunCardsFWBInitialSetup1.0.0.15-3.exe
C:\NTDETECT.EXE
c:\program files\bho
c:\program files\bho\date.ini
C:\WINDOWS\d04.exe
C:\WINDOWS\system32\kilb.dll
C:\WINDOWS\system32\servet.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ACVRSTHE
-------\LEGACY_VSADFG
-------\LEGACY_WINDOWSDOWN
-------\acvrsthe
-------\vsadfg
-------\WindowsDown


((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))


2007-10-31 00:55 18,944 -r-h----- C:\servet.exe
2007-10-30 04:14 <DIR> d-------- C:\Program Files\Grisoft(2)
2007-10-23 16:21 5,767,168 --a------ C:\DOCUME~1\SOHILP~1\ntuser.dat
2007-10-17 11:59 <DIR> d-------- C:\New Folder
2007-10-15 14:16 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2007-10-15 14:16 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2007-10-15 14:16 349,472 --a------ C:\WINDOWS\WindowsXP-KB822603-x86.exe
2007-10-15 14:16 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2007-10-15 14:16 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2007-10-15 14:16 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2007-10-15 14:16 20,480 --a------ C:\WINDOWS\FixCamera.exe
2007-10-15 14:16 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2007-10-15 14:16 12,028,032 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2007-10-15 14:16 <DIR> d-------- C:\Program Files\Common Files\snp2std
2007-10-15 14:15 <DIR> d-------- C:\DOCUME~1\SOHILP~1\APPLIC~1\InstallShield
2007-10-09 00:26 45,056 --a------ C:\WINDOWS\system32\1zcyt.exe
2007-10-08 23:58 45,056 --a------ C:\WINDOWS\system32\lbpi.exe
2007-10-08 14:26 45,056 --a------ C:\WINDOWS\system32\ssxf.exe
2007-10-07 23:54 45,056 --a------ C:\WINDOWS\system32\bu4j15v92.exe
2007-10-01 05:16 <DIR> d-------- C:\Program Files\SopCast
2007-10-01 05:16 <DIR> d-------- C:\DOCUME~1\SOHILP~1\APPLIC~1\SopCast
2007-09-24 13:22 45,056 --a------ C:\WINDOWS\system32\lqpnq35gri.exe
2007-09-19 02:49 1,530 --a------ C:\microsofts.vbs
2007-09-15 12:15 94,208 --a------ C:\WINDOWS\amcap.exe
2007-09-15 12:15 81,920 --a------ C:\WINDOWS\system32\VM305STI.dll
2007-09-15 12:15 61,440 --a------ C:\WINDOWS\VM305_STI.EXE
2007-09-15 12:15 53,248 --a------ C:\WINDOWS\Sti305.exe
2007-09-15 12:15 391,615 --a------ C:\WINDOWS\system32\drivers\usbVM305.sys
2007-09-15 12:15 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2007-09-15 12:15 114,688 --a------ C:\WINDOWS\VM305Cap.exe
2007-09-15 12:15 <DIR> d-------- C:\WINDOWS\EffectResources
2007-09-15 12:15 <DIR> d-------- C:\WINDOWS\CatRoot
2007-09-15 12:15 <DIR> d-------- C:\Program Files\Vimicro
2007-09-11 02:10 720,896 --a------ C:\WINDOWS\iun6002.exe
2007-09-11 02:09 <DIR> d-------- C:\Program Files\Multiicon


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-10-30 05:52 --------- d-------- C:\Program Files\Opera
2007-10-15 14:16 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 08:03 34 ---hs---- C:\Program Files\DLD.DAT
2007-08-23 07:59 69 --a------ C:\WINDOWS\system32\wlgini.dll
2007-08-23 07:59 65 --a------ C:\WINDOWS\system32\jziini.dll
2007-08-23 07:59 60 --a------ C:\WINDOWS\system32\qheini.dll
2007-08-23 07:59 52 --a------ C:\WINDOWS\system32\ztmini.dll
2007-08-23 07:59 102 --a------ C:\WINDOWS\system32\dhdini.dll
2007-08-23 07:58 61 --a------ C:\WINDOWS\system32\mxacfg.dll
2007-08-06 14:40 4096 --a------ C:\WINDOWS\system32\cdnprh.dll
2007-07-30 18:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 22:37 89 --a------ C:\WINDOWS\system32\baidu.dat
2007-07-28 10:27 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2006-10-12 03:09:39 94,208 --sha-w C:\WINDOWS\system32\SalaatTime.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 16:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 05:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C51C4AFB-8A3A-6C1E-BA41-C20F02940701}"= C:\WINDOWS\system32\1.dll [ ]
"{91B1E846-2BEF-4345-8848-7699C7C9935F}"= C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll [ ]
"{42311A42-AC1B-158F-FD32-5674345F23A4}"= C:\WINDOWS\system32\dhdpri.dll [ ]
"{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}"= C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys [ ]
"{D544C22D-1F70-4B1E-873D-D8DABEB26695}"= C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll [ ]
"{A12BC423-3713-224D-3F55-32B35C62B11A}"= C:\WINDOWS\system32\WinFormA5.dll [ ]
"{1231A43A-1642-641A-64FD-146ADAB223B1}"= C:\WINDOWS\system32\mxaman.dll [ ]
"{5182C1EB-375C-573D-1F5E-234552345215}"= C:\WINDOWS\system32\wlhpri.dll [ ]
"{56368135-64FA-BC34-DA32-DCF4FD431C95}"= C:\WINDOWS\system32\qhepri.dll [ ]
"{D1351752-5628-1547-FFAB-BADC13512AFD}"= C:\WINDOWS\system32\ztmpri.dll [ ]
"{959AFD5B-159F-ACD8-954C-ACD545FA6589}"= C:\WINDOWS\system32\jzipri.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=dhdpri.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sohil Patel^Start Menu^Programs^Startup^Camsplitter.lnk]
path=C:\Documents and Settings\Sohil Patel\Start Menu\Programs\Startup\Camsplitter.lnk
backup=C:\WINDOWS\pss\Camsplitter.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\PROGRA~1\MI3AA1~1\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\psajvbfe]

D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ravmsmon]
C:\Program Files\NetMeeting\ravmsmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ravzxmon]
C:\Program Files\NetMeeting\ravzxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar]
C:\Program Files\AGLOCO Viewbar\Viewbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLANKEEPER"=2 (0x2)
"WindowsDown"=2 (0x2)
"vsadfg"=2 (0x2)
"usnjsvc"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"ose"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"MySQL"=2 (0x2)
"MDM"=2 (0x2)
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"kkdc"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"EvtEng"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"acvrsthe"=2 (0x2)

R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys
R0 uj7d9;uj7d;C:\WINDOWS\system32\DRIVERS\uj7d9.sys
R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.SYS
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 dsunidrv;DellSupport UniDriver;C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R2 vlvdakuw;vlvdakuw;\??\C:\WINDOWS\system32\drivers\vlvdakuw.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S2 gu127ji5h;gu127ji5h;\??\C:\WINDOWS\system32\drivers\gu127ji5h.sys
S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
S3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
S3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
S3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys
S3 BthEnum;Bluetooth Enumerator Service;C:\WINDOWS\system32\DRIVERS\BthEnum.sys
S3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys
S3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 DSproct;DSproct;\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 npkycryp;npkycryp;\??\C:\Program Files\Tencent\QQ\npkycryp.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys
S3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys
S3 VPCNetS2;Virtual PC Emulated Ethernet Switch;C:\WINDOWS\system32\DRIVERS\VPCNetS2.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
S3 ZSMC0305;VIMICRO USB PC Camera VC0305;C:\WINDOWS\system32\Drivers\usbVM305.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
S4 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe -netsvcs

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 03:46:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Il\16\x178\x20ac{\xd1\x17e\xd8S ?(?T?r?u?e?T?y?p?e?)?"="HDZB_35.TTF"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-10-31 3:48:23 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-31 03:48
C:\ComboFix2.txt ... 2007-10-30 13:15
C:\ComboFix3.txt ... 2007-10-30 11:04

--- E O F ---

Dr. Web results

Scanned files:- 313948
Infected:- 1192
Modifications:- 1
Suspicious:- 5
Adware:- 34
Dialers:- 0
Jokes:- 0
Riskware:- 1
Hacktools:-0
Cured:- 0
Deleted:- 836
Renamed:- 0
Moved:- 358
Ignored:- 0


Main.txt

Deckard's System Scanner v20071014.68
Run by Sohil Patel on 2007-11-01 08:56:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
79: 2007-11-01 08:56:27 UTC - RP94 - Deckard's System Scanner Restore Point
78: 2007-11-01 05:52:56 UTC - RP93 - System Checkpoint
77: 2007-10-31 03:39:31 UTC - RP92 - ComboFix created restore point
76: 2007-10-31 02:43:41 UTC - RP91 - Installed AVG 7.5
75: 2007-10-31 02:41:47 UTC - RP90 - Removed AVG 7.5


-- First Restore Point --
1: 2007-08-03 10:49:22 UTC - RP16 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.51 GiB (less than 15%) free.


-- HijackThis (run as Sohil Patel.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-01 08:57:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
E:\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (file missing)
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: dhdpri.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe -netsvcs
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 6812 bytes

-- HijackThis Fixed Entries (C:\software\backups\) -----------------------------

backup-20071030-120420-215 O8 - Extra context menu item: ?QQ??????? - C:\Program Files\Tencent\QQ\SendMMS.htm
backup-20071030-120420-296 O4 - HKCU\..\Run: [QQ Game] C:\Program Files\Tencent\QQ\QQGame.exe
backup-20071030-120420-307 O8 - Extra context menu item: ???QQ?? - C:\Program Files\Tencent\QQ\AddEmotion.htm
backup-20071030-120420-412 O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
backup-20071030-120420-471 O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
backup-20071030-120420-482 O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
backup-20071030-120420-528 O4 - HKCU\..\Run: [QQ3DShow] C:\Program Files\Tencent\QQ\QQ3DShow.exe
backup-20071030-120420-579 O8 - Extra context menu item: ???QQ????? - C:\Program Files\Tencent\QQ\AddPanel.htm
backup-20071030-120420-717 O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
backup-20071030-120420-743 O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
backup-20071030-120420-765 O8 - Extra context menu item: ???QQ???? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
backup-20071030-120421-182 O8 - Extra context menu item: ÓÃQQ²ÊÐÅ·¢Ë͸ÃͼƬ - C:\Program Files\Tencent\QQ\SendMMS.htm
backup-20071030-120421-440 O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - C:\Program Files\Tencent\QQ\AddPanel.htm
backup-20071030-120421-917 O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
backup-20071031-032915-598 O2 - BHO: (no name) - {F70231A8-C197-496B-A3E5-CF62FB5C246C} - C:\PROGRA~1\bho\DIEMON~1.DLL
backup-20071031-032915-822 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 uj7d9 (uj7d) - c:\windows\system32\drivers\uj7d9.sys
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 vlvdakuw - c:\windows\system32\drivers\vlvdakuw.sys

S2 gu127ji5h - c:\windows\system32\drivers\gu127ji5h.sys (file missing)
S2 npkcrypt - c:\program files\tencent\qq\npkcrypt.sys (file missing)
S2 VPCAppSv (Virtual PC Application Services) - c:\windows\system32\drivers\vpcappsv.sys <Not Verified; Connectix Corporation; Virtual PC>
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 catchme - c:\docume~1\sohilp~1\locals~1\temp\catchme.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
S3 npkycryp - c:\program files\tencent\qq\npkycryp.sys (file missing)
S3 SNP2STD (USB2.0 PC Camera (SNP2STD)) - c:\windows\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VPCNetS2 (Virtual PC Emulated Ethernet Switch) - c:\windows\system32\drivers\vpcnets2.sys <Not Verified; Connectix Corporation; Virtual PC>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 ZSMC0305 (VIMICRO USB PC Camera VC0305) - c:\windows\system32\drivers\usbvm305.sys <Not Verified; Vimicro Corporation; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 kkdc (Kerberos Key Distribution Centers) - c:\windows\lsass.exe -netsvcs (file missing)
S4 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
S4 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
S4 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)
S4 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
S4 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
S4 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Virtual PC Application Services
Device ID: ROOT\SYSTEM\0004
Manufacturer: Connectix Corporation
Name: Virtual PC Application Services
PNP Device ID: ROOT\SYSTEM\0004
Service: VPCAppSv


-- Files created between 2007-10-01 and 2007-11-01 -----------------------------

2007-11-01 04:11:09 0 d-------- C:\Documents and Settings\Sohil Patel\DoctorWeb
2007-10-31 02:43:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-30 04:14:40 0 d-------- C:\Program Files\Grisoft(2)
2007-10-23 16:21:54 5767168 --a------ C:\Documents and Settings\Sohil Patel\ntuser.dat
2007-10-17 11:59:50 0 d-------- C:\New Folder
2007-10-15 14:16:35 20480 --a------ C:\WINDOWS\FixCamera.exe <Not Verified; ; CameraFixer Application>
2007-10-15 14:16:32 675840 --a------ C:\WINDOWS\vsnp2std.exe <Not Verified; Sonix; CameraMonitor Application>
2007-10-15 14:16:31 258048 --a------ C:\WINDOWS\tsnp2std.exe <Not Verified; SONIX; tsnp2std>
2007-10-15 14:16:29 25472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys <Not Verified; ; USB2.0 PC Camera driver>
2007-10-15 14:16:28 12028032 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys <Not Verified; ; USB2.0 PC Camera driver>
2007-10-15 14:16:23 249856 --a------ C:\WINDOWS\system32\vsnp2std.dll <Not Verified; Sonix; >
2007-10-15 14:16:23 151552 --a------ C:\WINDOWS\system32\rsnp2std.dll <Not Verified; ; ResourceDLL>
2007-10-15 14:16:18 77824 --a------ C:\WINDOWS\system32\csnp2std.dll <Not Verified; ; InstallUtil>
2007-10-15 14:16:18 0 d-------- C:\Program Files\Common Files\snp2std
2007-10-15 14:15:57 0 d-------- C:\Documents and Settings\Sohil Patel\Application Data\InstallShield
2007-10-09 00:26:33 45056 --a------ C:\WINDOWS\system32\1zcyt.exe
2007-10-08 23:58:34 45056 --a------ C:\WINDOWS\system32\lbpi.exe
2007-10-08 14:26:50 45056 --a------ C:\WINDOWS\system32\ssxf.exe
2007-10-07 23:54:25 45056 --a------ C:\WINDOWS\system32\bu4j15v92.exe
2007-10-01 05:16:13 0 d-------- C:\Documents and Settings\Sohil Patel\Application Data\SopCast
2007-10-01 05:16:09 0 d-------- C:\Program Files\SopCast


-- Find3M Report ---------------------------------------------------------------

2007-11-01 08:55:08 0 d-------- C:\Program Files\DellSupport
2007-10-30 05:52:15 0 d-------- C:\Program Files\Opera
2007-10-15 14:16:18 0 d--h----- C:\Program Files\Common Files
2007-10-15 14:16:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-24 13:22:28 45056 --a------ C:\WINDOWS\system32\lqpnq35gri.exe
2007-09-19 02:49:24 1530 --a------ C:\microsofts.vbs
2007-09-15 12:15:02 0 d-------- C:\Program Files\Vimicro
2007-09-11 02:14:31 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-09-11 02:09:49 0 d-------- C:\Program Files\Multiicon
2007-08-23 08:03:48 34 ---hs---- C:\Program Files\DLD.DAT
2007-08-23 07:59:43 65 --a------ C:\WINDOWS\system32\jziini.dll
2007-08-23 07:59:42 52 --a------ C:\WINDOWS\system32\ztmini.dll
2007-08-23 07:59:09 60 --a------ C:\WINDOWS\system32\qheini.dll
2007-08-23 07:59:06 102 --a------ C:\WINDOWS\system32\dhdini.dll
2007-08-23 07:59:04 69 --a------ C:\WINDOWS\system32\wlgini.dll
2007-08-23 07:58:29 61 --a------ C:\WINDOWS\system32\mxacfg.dll
2007-08-09 04:27:51 8 --a------ C:\WINDOWS\wsyslog


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [24/10/2006 16:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [27/07/2007 05:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C51C4AFB-8A3A-6C1E-BA41-C20F02940701}"= C:\WINDOWS\system32\1.dll [ ]
"{91B1E846-2BEF-4345-8848-7699C7C9935F}"= C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll [ ]
"{42311A42-AC1B-158F-FD32-5674345F23A4}"= C:\WINDOWS\system32\dhdpri.dll [ ]
"{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}"= C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys [ ]
"{D544C22D-1F70-4B1E-873D-D8DABEB26695}"= C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll [ ]
"{A12BC423-3713-224D-3F55-32B35C62B11A}"= C:\WINDOWS\system32\WinFormA5.dll [ ]
"{1231A43A-1642-641A-64FD-146ADAB223B1}"= C:\WINDOWS\system32\mxaman.dll [ ]
"{5182C1EB-375C-573D-1F5E-234552345215}"= C:\WINDOWS\system32\wlhpri.dll [ ]
"{56368135-64FA-BC34-DA32-DCF4FD431C95}"= C:\WINDOWS\system32\qhepri.dll [ ]
"{D1351752-5628-1547-FFAB-BADC13512AFD}"= C:\WINDOWS\system32\ztmpri.dll [ ]
"{959AFD5B-159F-ACD8-954C-ACD545FA6589}"= C:\WINDOWS\system32\jzipri.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=dhdpri.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sohil Patel^Start Menu^Programs^Startup^Camsplitter.lnk]
path=C:\Documents and Settings\Sohil Patel\Start Menu\Programs\Startup\Camsplitter.lnk
backup=C:\WINDOWS\pss\Camsplitter.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\PROGRA~1\MI3AA1~1\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\psajvbfe]

D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ravmsmon]
C:\Program Files\NetMeeting\ravmsmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ravzxmon]
C:\Program Files\NetMeeting\ravzxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar]
C:\Program Files\AGLOCO Viewbar\Viewbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLANKEEPER"=2 (0x2)
"WindowsDown"=2 (0x2)
"vsadfg"=2 (0x2)
"usnjsvc"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"ose"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"MySQL"=2 (0x2)
"MDM"=2 (0x2)
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"kkdc"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"EvtEng"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"acvrsthe"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2007-11-01 08:58:49 ------------

I am really worrying about my system as it caused me lots problem. I highlly appreciate that you will come up with some solution rather then formatting.

Thanx a ton in advance

Regards
Sohil
Attached Files
File Type: txt extra.txt (16.8 KB, 1 views)
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2007, 09:56 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,008
OS: WinXP and Vista


Re: Can not run explorer.exe
Hello sohil,

If we're going to have any chance at all of cleaning this system, you must carry out the instructions given, and return with the requested logs quickly. Any delay allows additional malware to enter your system.

Since 2 months have gone by, we need to start over.

Delete your existing ComboFix.exe

Download the updated version Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2007, 04:49 PM   #10 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Hi Ried,

Thanx a lot for your help again. I am extremlly sory that last time I didnt finish all procedure as my laptop working properlly, but I mkae sure that this time will finish all procedure in time.

Here is log of combofix.txt, still explorer.exe and IE arent working.


ComboFix 07-11-04.1 - Sohil Patel 2007-11-02 22:33:00.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.237 [GMT 0:00]
Running from: C:\Documents and Settings\Sohil Patel\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Favorites\7BFA~1.URL
C:\WINDOWS\dodolook406.exe
C:\WINDOWS\fn00321.log
C:\WINDOWS\ocinfo.dat
C:\WINDOWS\system32\aambyc29.dllmmc.pkm
C:\WINDOWS\system32\ckcuao83.dllmmc.pkm
C:\WINDOWS\system32\faatgq19.dllmmc.pkm
C:\WINDOWS\system32\gjdrqw31.dllmmc.pkm
C:\WINDOWS\system32\gwutqz07.dllmmc.pkm
C:\WINDOWS\system32\jnqtyh54.dllmmc.pkm
C:\WINDOWS\system32\qjcpjn73.dllmmc.pkm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MXDISPDR


((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))
.

2007-11-01 08:55 <DIR> d-------- C:\Deckard
2007-11-01 04:11 <DIR> d-------- C:\Documents and Settings\Sohil Patel\DoctorWeb
2007-10-31 02:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-30 04:14 <DIR> d-------- C:\Program Files\Grisoft(2)
2007-10-17 11:59 <DIR> d-------- C:\New Folder
2007-10-15 14:16 <DIR> d-------- C:\Program Files\Common Files\snp2std
2007-10-15 14:16 12,028,032 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2007-10-15 14:16 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2007-10-15 14:16 349,472 --a------ C:\WINDOWS\WindowsXP-KB822603-x86.exe
2007-10-15 14:16 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2007-10-15 14:16 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2007-10-15 14:16 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2007-10-15 14:16 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2007-10-15 14:16 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2007-10-15 14:16 20,480 --a------ C:\WINDOWS\FixCamera.exe
2007-10-15 14:15 <DIR> d-------- C:\Documents and Settings\Sohil Patel\Application Data\InstallShield
2007-10-09 00:26 45,056 --a------ C:\WINDOWS\system32\1zcyt.exe
2007-10-08 23:58 45,056 --a------ C:\WINDOWS\system32\lbpi.exe
2007-10-08 14:26 45,056 --a------ C:\WINDOWS\system32\ssxf.exe
2007-10-07 23:54 45,056 --a------ C:\WINDOWS\system32\bu4j15v92.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 08:55 --------- d-----w C:\Program Files\DellSupport
2007-10-31 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-31 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-30 05:52 --------- d-----w C:\Program Files\Opera
2007-10-15 14:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 05:18 --------- d-----w C:\Program Files\SopCast
2007-10-01 05:18 --------- d-----w C:\Documents and Settings\Sohil Patel\Application Data\SopCast
2007-09-19 02:49 1,530 ----a-w C:\microsofts.vbs
2007-09-15 12:15 --------- d-----w C:\Program Files\Vimicro
2007-09-11 02:14 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-09-11 02:09 --------- d-----w C:\Program Files\Multiicon
2007-08-23 08:03 34 --sh--w C:\Program Files\DLD.DAT
2006-10-12 03:09:39 94,208 --sha-w C:\WINDOWS\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 16:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 05:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C51C4AFB-8A3A-6C1E-BA41-C20F02940701}"= C:\WINDOWS\system32\1.dll [ ]
"{42311A42-AC1B-158F-FD32-5674345F23A4}"= C:\WINDOWS\system32\dhdpri.dll [ ]
"{D544C22D-1F70-4B1E-873D-D8DABEB26695}"= C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll [ ]
"{A12BC423-3713-224D-3F55-32B35C62B11A}"= C:\WINDOWS\system32\WinFormA5.dll [ ]
"{1231A43A-1642-641A-64FD-146ADAB223B1}"= C:\WINDOWS\system32\mxaman.dll [ ]
"{5182C1EB-375C-573D-1F5E-234552345215}"= C:\WINDOWS\system32\wlhpri.dll [ ]
"{56368135-64FA-BC34-DA32-DCF4FD431C95}"= C:\WINDOWS\system32\qhepri.dll [ ]
"{D1351752-5628-1547-FFAB-BADC13512AFD}"= C:\WINDOWS\system32\ztmpri.dll [ ]
"{959AFD5B-159F-ACD8-954C-ACD545FA6589}"= C:\WINDOWS\system32\jzipri.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dhdpri.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sohil Patel^Start Menu^Programs^Startup^Camsplitter.lnk]
path=C:\Documents and Settings\Sohil Patel\Start Menu\Programs\Startup\Camsplitter.lnk
backup=C:\WINDOWS\pss\Camsplitter.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\PROGRA~1\MI3AA1~1\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\psajvbfe]

D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ravmsmon]
C:\Program Files\NetMeeting\ravmsmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ravzxmon]
C:\Program Files\NetMeeting\ravzxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar]
C:\Program Files\AGLOCO Viewbar\Viewbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLANKEEPER"=2 (0x2)
"WindowsDown"=2 (0x2)
"vsadfg"=2 (0x2)
"usnjsvc"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"ose"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"MySQL"=2 (0x2)
"MDM"=2 (0x2)
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"kkdc"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"EvtEng"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"acvrsthe"=2 (0x2)

R0 uj7d9;uj7d;C:\WINDOWS\system32\DRIVERS\uj7d9.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R2 vlvdakuw;vlvdakuw;\??\C:\WINDOWS\system32\drivers\vlvdakuw.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
S2 gu127ji5h;gu127ji5h;\??\C:\WINDOWS\system32\drivers\gu127ji5h.sys
S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 npkycryp;npkycryp;\??\C:\Program Files\Tencent\QQ\npkycryp.sys
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
S3 ZSMC0305;VIMICRO USB PC Camera VC0305;C:\WINDOWS\system32\Drivers\usbVM305.sys
S4 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe -netsvcs

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 22:41:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...


Looking forward for your reply.

Regards
Sohil
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2007, 05:09 PM   #11 (permalink)
Analyst/Security Team Hen
 
Aaflac's Avatar
 
Join Date: Mar 2007
Posts: 899
OS: XP and Vista


Re: Can not run explorer.exe
Sohil,

Thank you very much for providing the information requested.

Ried is not available for a few days, so I will take a look at the information you provided.

Will get back with you as soon as possible.

Thank you for your patience!
__________________
Aaflac is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2007, 07:12 PM   #12 (permalink)
Analyst/Security Team Hen
 
Aaflac's Avatar
 
Join Date: Mar 2007
Posts: 899
OS: XP and Vista


Re: Can not run explorer.exe
Please download SafeBootKeyRepair.exe
Save it to the Desktop.

Double-click SafeBootKeyRepair.exe to run it.
Follow any prompts that may appear
When finished, a log is produced:
C:\SafeBoot_Repair.txt

~~~~
Next, open Notepad (Start > Run > in the Open field type: notepad)
Click: OK

Copy/ paste the blue text below to Notepad:

File::
C:\WINDOWS\system32\1zcyt.exe
C:\WINDOWS\system32\lbpi.exe
C:\WINDOWS\system32\ssxf.exe
C:\WINDOWS\system32\bu4j15v92.exe
C:\microsofts.vbs
C:\WINDOWS\iun6002.exe
C:\Program Files\DLD.DAT

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C51C4AFB-8A3A-6C1E-BA41-C20F02940701}"=-
"{42311A42-AC1B-158F-FD32-5674345F23A4}"=-
"{D544C22D-1F70-4B1E-873D-D8DABEB26695}"=-
"{A12BC423-3713-224D-3F55-32B35C62B11A}"=-
"{1231A43A-1642-641A-64FD-146ADAB223B1}"=-
"{5182C1EB-375C-573D-1F5E-234552345215}"=-
"{56368135-64FA-BC34-DA32-DCF4FD431C95}"=-
“{D1351752-5628-1547-FFAB-BADC13512AFD}"=-
"{959AFD5B-159F-ACD8-954C-ACD545FA6589}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\windows]
"AppInit_DLLs"=-

Driver::
uj7d9
vlvdakuw
Gu127ji5h
Npkycryp

Save as CFScript.txt <-Important!!
Change the Save as type to: All Files
Save it to the Desktop.




Referring to the screenshot above, drag CFScript.txt >>> into >>> ComboFix.exe
ComboFix runs a scan on your system, and may reboot when it finishes. This is normal.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, the log produced is: ComboFix.txt

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please provide the contents of C:\SafeBoot_Repair.txt, the new ComboFix.txt as well as the new HijackThis log.
__________________
Aaflac is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2007, 09:09 PM   #13 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Hi Aaflac,

Thanx a lot for your response in absence of Reid. I have attached log files as per your request.

SafeBoot_Repair.txt log

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================

Combofix.txt

ComboFix 07-11-04.1 - Sohil Patel 2007-11-05 2:42:17.8 - NTFSx86
Running from: C:\Documents and Settings\Sohil Patel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sohil Patel\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\microsofts.vbs
C:\Program Files\DLD.DAT
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\1zcyt.exe
C:\WINDOWS\system32\bu4j15v92.exe
C:\WINDOWS\system32\lbpi.exe
C:\WINDOWS\system32\ssxf.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\microsofts.vbs
C:\Program Files\DLD.DAT
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\1zcyt.exe
C:\WINDOWS\system32\bu4j15v92.exe
C:\WINDOWS\system32\lbpi.exe
C:\WINDOWS\system32\ssxf.exe
.
---- Previous Run -------
.
C:\Documents and Settings\LocalService\Favorites\7BFA~1.URL
C:\WINDOWS\dodolook406.exe
C:\WINDOWS\fn00321.log
C:\WINDOWS\ocinfo.dat
C:\WINDOWS\system32\aambyc29.dllmmc.pkm
C:\WINDOWS\system32\ckcuao83.dllmmc.pkm
C:\WINDOWS\system32\faatgq19.dllmmc.pkm
C:\WINDOWS\system32\gjdrqw31.dllmmc.pkm
C:\WINDOWS\system32\gwutqz07.dllmmc.pkm
C:\WINDOWS\system32\jnqtyh54.dllmmc.pkm
C:\WINDOWS\system32\qjcpjn73.dllmmc.pkm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MXDISPDR


-------\LEGACY_GU127JI5H
-------\LEGACY_UJ7D9
-------\LEGACY_VLVDAKUW
-------\gu127ji5h
-------\npkycryp
-------\uj7d9
-------\vlvdakuw


((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-01 08:55 <DIR> d-------- C:\Deckard
2007-11-01 04:11 <DIR> d-------- C:\Documents and Settings\Sohil Patel\DoctorWeb
2007-10-31 02:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-30 04:14 <DIR> d-------- C:\Program Files\Grisoft(2)
2007-10-17 11:59 <DIR> d-------- C:\New Folder
2007-10-15 14:16 <DIR> d-------- C:\Program Files\Common Files\snp2std
2007-10-15 14:16 12,028,032 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2007-10-15 14:16 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2007-10-15 14:16 349,472 --a------ C:\WINDOWS\WindowsXP-KB822603-x86.exe
2007-10-15 14:16 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2007-10-15 14:16 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2007-10-15 14:16 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2007-10-15 14:16 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2007-10-15 14:16 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2007-10-15 14:16 20,480 --a------ C:\WINDOWS\FixCamera.exe
2007-10-15 14:15 <DIR> d-------- C:\Documents and Settings\Sohil Patel\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 08:55 --------- d-----w C:\Program Files\DellSupport
2007-10-31 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-31 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-30 05:52 --------- d-----w C:\Program Files\Opera
2007-10-15 14:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 05:18 --------- d-----w C:\Program Files\SopCast
2007-10-01 05:18 --------- d-----w C:\Documents and Settings\Sohil Patel\Application Data\SopCast
2007-09-15 12:15 --------- d-----w C:\Program Files\Vimicro
2007-09-11 02:09 --------- d-----w C:\Program Files\Multiicon
2006-10-12 03:09:39 94,208 --sha-w C:\WINDOWS\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 16:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 05:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D1351752-5628-1547-FFAB-BADC13512AFD}"= C:\WINDOWS\system32\ztmpri.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dhdpri.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sohil Patel^Start Menu^Programs^Startup^Camsplitter.lnk]
path=C:\Documents and Settings\Sohil Patel\Start Menu\Programs\Startup\Camsplitter.lnk
backup=C:\WINDOWS\pss\Camsplitter.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\PROGRA~1\MI3AA1~1\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
"C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\psajvbfe]

D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ravmsmon]
C:\Program Files\NetMeeting\ravmsmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ravzxmon]
C:\Program Files\NetMeeting\ravzxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar]
C:\Program Files\AGLOCO Viewbar\Viewbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLANKEEPER"=2 (0x2)
"WindowsDown"=2 (0x2)
"vsadfg"=2 (0x2)
"usnjsvc"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"ose"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"MySQL"=2 (0x2)
"MDM"=2 (0x2)
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"kkdc"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"EvtEng"=2 (0x2)
"DSBrokerService"=3 (0x3)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"acvrsthe"=2 (0x2)

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
S3 ZSMC0305;VIMICRO USB PC Camera VC0305;C:\WINDOWS\system32\Drivers\usbVM305.sys
S4 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe -netsvcs

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 02:48:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-05 2:49:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-31 03:48
.
--- E O F ---



HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 02:53:34, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\software\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dhdpri.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

Still explorer.exe is not running. Looking forward for your next set of instruction

Regards
Sohil
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2007, 10:28 PM   #14 (permalink)
Analyst/Security Team Hen
 
Aaflac's Avatar
 
Join Date: Mar 2007
Posts: 899
OS: XP and Vista


Re: Can not run explorer.exe
Please download Avenger to the Desktop.
to open the file
Right-click Avenger.zip and select: Extract all

Start the Avenger program by clicking on its icon on the Desktop.
Under: Script file to execute, select: Input Script Manually
Now, click on the Magnifying Glass icon
It opens a new window titled: View/edit script

Copy/paste the following text (blue) into the box:

Files to delete:
C:\Windows\System32\dhdpri.dll

Registry values to delete:
HKLM\SOFTWARE\microsoft\windows\currentversion\explorer\shellexecutehooks | {D1351752-5628-1547-FFAB-BADC13512AFD}
HKLM\SOFTWARE\microsoft\windows\currentversion\explorer\shellexecutehooks | {42311A42-AC1B-158F-FD32-5674345F23A4}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services | WindowsDown
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services | vsadfg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services | acvrsthe

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


Click Done

Now click on the Green Light to begin the execution of the script
Answer Yes when prompted.

The Avenger will automatically do the following:
Restart the computer.
On reboot, it will briefly open a black command window on the Desktop, and this is normal.

After the restart, it creates a log file that opens with the results of Avenger’s actions.
This log file will be located at C:\avenger.txt

~~~~
Now, run ComboFix once again, and then HijackThis, to obtain new logs from both of these programs.

Please provide C:\avenger.txt, C:\ComboFix.txt, and a new HijackThis log.
__________________
Last edited by Aaflac; 11-03-2007 at 10:46 PM.
Aaflac is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2007, 10:59 PM   #15 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Hi Aaflac,

Here are log as per your instruction.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bvjkvbqt

*******************

Script file located at: \??\C:\WINDOWS\bowwcavu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Windows\System32\dhdpri.dll not found!
Deletion of file C:\Windows\System32\dhdpri.dll failed!

Could not process line:
C:\Windows\System32\dhdpri.dll
Status: 0xc0000034

Registry value HKLM\SOFTWARE\microsoft\windows\currentversion\explorer\shellexecutehooks|{D1351752-5628-1547-FFAB-BADC13512AFD} deleted successfully.


Could not delete registry value HKLM\SOFTWARE\microsoft\windows\currentversion\explorer\shellexecutehooks|{42311A42-AC1B-158F-FD32-5674345F23A4}
Deletion of registry value HKLM\SOFTWARE\microsoft\windows\currentversion\explorer\shellexecutehooks|{42311A42-AC1B-158F-FD32-5674345F23A4} failed!
Status: 0xc0000034

Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services|WindowsDown deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services|vsadfg deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services|acvrsthe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

ComboFix.txt

ComboFix 07-11-04.1 - Sohil Patel 2007-11-05 4:47:21.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT 0:00]
Running from: C:\Documents and Settings\Sohil Patel\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-05 04:41 126,976 --a------ C:\zip.exe
2007-11-05 04:41 60,416 --a------ C:\WINDOWS\system32\drivers\acbicubt.sys
2007-11-05 04:41 1,080 --a------ C:\jxnqfskn.bat
2007-11-05 04:41 677 --a------ C:\avexport.bat
2007-11-01 08:55 <DIR> d-------- C:\Deckard
2007-11-01 04:11 <DIR> d-------- C:\Documents and Settings\Sohil Patel\DoctorWeb
2007-10-31 02:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-30 04:14 <DIR> d-------- C:\Program Files\Grisoft(2)
2007-10-17 11:59 <DIR> d-------- C:\New Folder
2007-10-15 14:16 <DIR> d-------- C:\Program Files\Common Files\snp2std
2007-10-15 14:16 12,028,032 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2007-10-15 14:16 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2007-10-15 14:16 349,472 --a------ C:\WINDOWS\WindowsXP-KB822603-x86.exe
2007-10-15 14:16 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2007-10-15 14:16 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2007-10-15 14:16 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2007-10-15 14:16 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2007-10-15 14:16 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2007-10-15 14:16 20,480 --a------ C:\WINDOWS\FixCamera.exe
2007-10-15 14:15 <DIR> d-------- C:\Documents and Settings\Sohil Patel\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 08:55 --------- d-----w C:\Program Files\DellSupport
2007-10-31 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-31 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-30 05:52 --------- d-----w C:\Program Files\Opera
2007-10-15 14:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 05:18 --------- d-----w C:\Program Files\SopCast
2007-10-01 05:18 --------- d-----w C:\Documents and Settings\Sohil Patel\Application Data\SopCast
2007-09-24 13:22 45,056 ----a-w C:\WINDOWS\system32\lqpnq35gri.exe
2007-09-15 12:15 --------- d-----w C:\Program Files\Vimicro
2007-09-11 02:09 --------- d-----w C:\Program Files\Multiicon
2006-10-12 03:09:39 94,208 --sha-w C:\WINDOWS\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-29 10:41]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 07:00]
"ravzxmon"="C:\Program Files\NetMeeting\ravzxmon.exe" []
"ravmsmon"="C:\Program Files\NetMeeting\ravmsmon.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-25 01:59]
"psajvbfe"="D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu" []
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 09:00]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 05:25 C:\WINDOWS\system32\bthprops.cpl]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33]
"bnfulnmx"="C:\jxnqfskn.bat" [2007-11-05 04:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 16:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 05:25]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 15:13]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-12-06 23:33:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
S2 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe -netsvcs
S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
S3 ZSMC0305;VIMICRO USB PC Camera VC0305;C:\WINDOWS\system32\Drivers\usbVM305.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 04:51:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-05 4:52:32
C:\ComboFix-quarantined-files.txt ... 2007-10-31 03:48
.
--- E O F ---

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 04:56:06, on 05/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\software\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ravzxmon] C:\Program Files\NetMeeting\ravzxmon.exe
O4 - HKLM\..\Run: [ravmsmon] C:\Program Files\NetMeeting\ravmsmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [psajvbfe] D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [bnfulnmx] C:\jxnqfskn.bat
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Camsplitter.lnk = C:\Program Files\CamSplitter\camsplitter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Waiting for your next set of instruction. Still explorer.exe is not running.

Thanking you
Sohil
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2007, 12:05 AM   #16 (permalink)
Analyst/Security Team Hen
 
Aaflac's Avatar
 
Join Date: Mar 2007
Posts: 899
OS: XP and Vista


Re: Can not run explorer.exe
Before proceeding, there is no AntiVirus protection installed on the computer, and you need to realize that it is infected to a point where it may not be possible to remove all the malware. More of it showed up…

We can keep at it, but in your shoes, I would copy any important data, format the computer, and then reinstall the Operating System all the security updates.


On explorer.exe…

Go down to the Taskbar, and right-click it.
Select: Task Manager
Select the Processes tab.
Double-click Image Name to sort it out in alphabetical order.
Do you see explorer.exe as a process?

Calling it quits for this evening. Will check on your reply later.
__________________
Aaflac is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2007, 12:22 AM   #17 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Hi Aaflac,

I have Mcafe but I disabled during use of Combofix and other program u suggest.

Also I have try many time to run explorer.exe from taskmanager but all the time taskbar just flash and disappeared. So there is on icon and taskbar on desktop. I even can not run IE.

At this stage I can not format system for few days. So plz suggest me if there any other way to run explorer.exe and to remove viruses.

Thanking you

Regards
Sohil
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2007, 12:25 AM   #18 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Hi Aaflac,

I have Mcafe but I disabled during use of Combofix and other program u suggest.

Also I have try many time to run explorer.exe from taskmanager but all the time taskbar just flash and disappeared. So there is on icon and taskbar on desktop. I even can not run IE. There is no explorer.exe as process

At this stage I can not format system for few days. So plz suggest me if there any other way to run explorer.exe and to remove viruses.

Thanking you

Regards
Sohil
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2007, 05:06 PM   #19 (permalink)
Analyst/Security Team Hen
 
Aaflac's Avatar
 
Join Date: Mar 2007
Posts: 899
OS: XP and Vista


Re: Can not run explorer.exe
Let's get rid of some more files, etc...

Once again, please open Notepad (Start > Run > in the Open field type: notepad)
Click: OK

Copy/ paste the blue text below to Notepad:

File::
C:\WINDOWS\system32\drivers\acbicubt.sys
C:\jxnqfskn.bat
C:\avexport.bat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ravzxmon"=-
"ravmsmon"=-
"psajvbfe"=-
"bnfulnmx"=-


Save as CFScript.txt <-Important!!
Change the Save as type to: All Files
Save it to the Desktop.



Referring to the screenshot above, drag CFScript.txt >>> into >>> ComboFix.exe
ComboFix runs a scan on your system, and may reboot when it finishes. This is normal.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced: ComboFix.txt

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please provide the contents of the new ComboFix log , and the new HijackThis log in your reply.
__________________
Aaflac is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2007, 05:38 PM   #20 (permalink)
Registered User
 
Join Date: Jul 2007
Posts: 22
OS: XP


Re: Can not run explorer.exe
Hi Aaflac,

Here is Combofix.txt

ComboFix 07-11-04.1 - Sohil Patel 2007-11-06 0:29:49.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.193 [GMT 0:00]
Running from: C:\Documents and Settings\Sohil Patel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sohil Patel\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\avexport.bat
C:\jxnqfskn.bat
C:\WINDOWS\system32\drivers\acbicubt.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\avexport.bat
C:\jxnqfskn.bat
C:\WINDOWS\system32\drivers\acbicubt.sys

.
((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.

2007-11-05 04:41 126,976 --a------ C:\zip.exe
2007-11-01 08:55 <DIR> d-------- C:\Deckard
2007-11-01 04:11 <DIR> d-------- C:\Documents and Settings\Sohil Patel\DoctorWeb
2007-10-31 02:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-30 04:14 <DIR> d-------- C:\Program Files\Grisoft(2)
2007-10-17 11:59 <DIR> d-------- C:\New Folder
2007-10-15 14:16 <DIR> d-------- C:\Program Files\Common Files\snp2std
2007-10-15 14:16 12,028,032 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2007-10-15 14:16 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2007-10-15 14:16 349,472 --a------ C:\WINDOWS\WindowsXP-KB822603-x86.exe
2007-10-15 14:16 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2007-10-15 14:16 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2007-10-15 14:16 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2007-10-15 14:16 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2007-10-15 14:16 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2007-10-15 14:16 20,480 --a------ C:\WINDOWS\FixCamera.exe
2007-10-15 14:15 <DIR> d-------- C:\Documents and Settings\Sohil Patel\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 08:55 --------- d-----w C:\Program Files\DellSupport
2007-10-31 02:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-31 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-30 05:52 --------- d-----w C:\Program Files\Opera
2007-10-15 14:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-01 05:18 --------- d-----w C:\Program Files\SopCast
2007-10-01 05:18 --------- d-----w C:\Documents and Settings\Sohil Patel\Application Data\SopCast
2007-09-15 12:15 --------- d-----w C:\Program Files\Vimicro
2007-09-11 02:09 --------- d-----w C:\Program Files\Multiicon
2006-10-12 03:09:39 94,208 --sha-w C:\WINDOWS\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-29 10:41]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 07:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-25 01:59]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 09:00]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 08:48]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 02:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 05:25 C:\WINDOWS\system32\bthprops.cpl]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 14:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 16:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 05:25]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 15:13]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-12-06 23:33:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys
S2 kkdc;Kerberos Key Distribution Centers;C:\WINDOWS\lsass.exe -netsvcs
S2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
S3 ZSMC0305;VIMICRO USB PC Camera VC0305;C:\WINDOWS\system32\Drivers\usbVM305.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-06 00:33:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-06 0:35:07
C:\ComboFix-quarantined-files.txt ... 2007-10-31 03:48
C:\ComboFix2.txt ... 2007-11-05 04:52
.
--- E O F ---


Hijackthis.txt

Logfile of HijackThis v1.99.1
Scan saved at 00:37:40, on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\software\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Camsplitter.lnk = C:\Program Files\CamSplitter\camsplitter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerberos Key Distribution Centers (kkdc) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Waiting for your next instruction as still explorer.exe is not running.

Regards
Sohil
sohil is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:29 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85