my isp says...there is a emali flood with my ip...please help me
my hjt and mamb results are:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:53 PM, on 10/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BR040286.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\DOCUME~1\SHAKYA~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nitc.gov.np/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\s,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Canon LBP-810 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DED92D1-0C77-4F4F-B63D-60CE46CD3D74}: NameServer = 202.63.240.3,202.63.240.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 8137 bytes
mamb result:
Malwarebytes' Anti-Malware 1.41
Database version: 2881
Windows 5.1.2600 Service Pack 3
10/1/2009 3:40:22 PM
mbam-log-2009-10-01 (15-40-22).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 155329
Time elapsed: 23 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rnaoonwe (Rootkit.Pakes) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rnaoonwe (Rootkit.Pakes) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rnaoonwe (Rootkit.Pakes) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Bot) -> Data: c:\windows\system\svchost.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe, C:\WINDOWS\system\svchost.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\rnaoonwe.sys (Rootkit.Pakes) -> Delete on reboot.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Full Version: [Resolved] My Pc Is Infected
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
Hi celebrityz,
nothing bad showing in your log, but you must rename C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to anything.exe you feel comfortable with (not starting with the word "Hijack"), as new baddies are now able to detect and hide from hijackthis.exe.
Check here if you are unsure on how to do it: http://www.suggestafix.com/index.php?showtopic=16053
Mbam nuked some very bad files, so, post a fresh HJT log and we'll run a fixtool afterward.
Chris
nothing bad showing in your log, but you must rename C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to anything.exe you feel comfortable with (not starting with the word "Hijack"), as new baddies are now able to detect and hide from hijackthis.exe.
Check here if you are unsure on how to do it: http://www.suggestafix.com/index.php?showtopic=16053
Mbam nuked some very bad files, so, post a fresh HJT log and we'll run a fixtool afterward.
Chris
QUOTE(Ironbender @ Oct 1 2009, 01:03 PM) 
Hi celebrityz,
nothing bad showing in your log, but you must rename C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to anything.exe you feel comfortable with (not starting with the word "Hijack"), as new baddies are now able to detect and hide from hijackthis.exe.
Check here if you are unsure on how to do it: http://www.suggestafix.com/index.php?showtopic=16053
Mbam nuked some very bad files, so, post a fresh HJT log and we'll run a fixtool afterward.
Chris
my new hjt and mamb log are:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:37 AM, on 10/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Shakya Sir\Desktop\clean.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nitc.gov.np/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\s,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DED92D1-0C77-4F4F-B63D-60CE46CD3D74}: NameServer = 202.63.240.3,202.63.240.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 7045 bytes
mamb log:
Malwarebytes' Anti-Malware 1.41
Database version: 2881
Windows 5.1.2600 Service Pack 3
10/2/2009 11:02:57 AM
mbam-log-2009-10-02 (11-02-57).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 154973
Time elapsed: 19 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Looks clean, but let's take a deeper look, just to be at the safe side. 
Download RSIT from http://images.malwareremoval.com/random/RSIT.exe to your desktop and run it there.
Post the log.txt it generates.
Chris
Download RSIT from http://images.malwareremoval.com/random/RSIT.exe to your desktop and run it there.
Post the log.txt it generates.
Chris
QUOTE(Ironbender @ Oct 2 2009, 02:58 AM)
Looks clean, but let's take a deeper look, just to be at the safe side.
Download RSIT from http://images.malwareremoval.com/random/RSIT.exe to your desktop and run it there.
Post the log.txt it generates.
Chris
Logfile of random's system information tool 1.06 (written by random/random)
Run by Shakya Sir at 2009-10-04 10:57:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (80%) free of 40 GB
Total RAM: 1014 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:03 AM, on 10/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shakya Sir\Desktop\RSIT.exe
C:\Program Files\trend micro\Shakya Sir.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nitc.gov.np/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\s,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DED92D1-0C77-4F4F-B63D-60CE46CD3D74}: NameServer = 202.63.240.3,202.63.240.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 7055 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-02-04 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-21 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-05-26 4351216]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-11 39408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e4ae1c6-54ea-11de-8478-001d72193df1}]
shell\AutoRun\command - G:\iph.exe %1
shell\Explore\command - G:\iph.exe %1
shell\Open\command - G:\iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f7b3a0-5e62-11de-84aa-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22ed262c-5f22-11de-84ad-001d72193df1}]
shell\auTopLAy\command - G:\nwawki.exe
shell\AutoRun\command - G:\nwawki.exe
shell\exPlORE\command - G:\nwawki.exe
shell\Open\command - G:\nwawki.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3815d86e-23ea-11de-83a8-001d72193df1}]
shell\AutoRun\command - cmd /c start "" "Readme\Manual.html"
shell\explore\command - cmd /c start "" "README\Manual.htmL"
shell\open\command - cmd /c start "" "ReadME\Manual.html"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f7f249a-3485-11de-83ed-001d72193df1}]
shell\Auto\command - Recycled/dllcache32.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
shell\explore\command - Recycled/dllcache32.exe
shell\open\command - Recycled/dllcache32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8b26ba-7bfb-11de-854f-001d72193df1}]
shell\AutoRun\command - G:\hm1bfpuj.exe
shell\open\command - G:\hm1bfpuj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6b3ecc-7be6-11de-854d-001d72193df1}]
shell\aUtopLAy\command - G:\rdql.pif
shell\AutoRun\command - G:\rdql.pif
shell\eXplore\command - G:\rdql.pif
shell\oPen\command - G:\rdql.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{736e7203-7dee-11de-8557-001d72193df1}]
shell\1\command - Recycled.exe
shell\2\command - Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
shell\Explore\command - iph.exe %1
shell\Open\command - iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a9bfae-7be7-11de-854e-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
shell\Open\command - G:\regsvr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{967a1bb1-a73b-11de-85e7-001d72193df1}]
shell\AutoRun\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
shell\open\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14b90b4-63a5-11de-84cc-001d72193df1}]
shell\AuTOplaY\command - G:\kvkmy.exe
shell\AutoRun\command - G:\kvkmy.exe
shell\ExpLoRe\command - G:\kvkmy.exe
shell\opeN\command - G:\kvkmy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494da-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494db-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - L:\rx.exe
shell\open\command - L:\rx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c415a928-6241-11de-84c4-001d72193df1}]
shell\AutoRun\command - G:\gpcdt.cmd
shell\open\command - G:\gpcdt.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb559e7f-822d-11de-856f-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gphone.exe
shell\Open\command - G:\gphone.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1103274-1cf8-11de-838b-001d72193df1}]
shell\auto\command - G:\auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
======List of files/folders created in the last 1 months======
2009-10-04 10:55:47 ----D---- C:\rsit
2009-10-02 07:37:39 ----D---- C:\global ITTP ITPP2009
2009-10-01 15:51:19 ----D---- C:\WINDOWS\pss
2009-10-01 15:40:38 ----A---- C:\mbam-log-2009-10-01 (15-40-22).txt
2009-10-01 15:16:03 ----D---- C:\Program Files\CCleaner
2009-10-01 15:14:47 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Malwarebytes
2009-10-01 15:14:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-01 15:14:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-01 15:13:09 ----D---- C:\Program Files\Trend Micro
2009-09-29 20:18:39 ----D---- C:\Program Files\MSECache
2009-09-29 17:44:02 ----D---- C:\Program Files\AOFR
2009-09-19 21:03:02 ----D---- C:\Program Files\Microsoft
2009-09-19 21:02:30 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-19 21:02:00 ----D---- C:\Program Files\Windows Live
2009-09-16 21:29:15 ----D---- C:\Program Files\Common Files\Windows Live
======List of files/folders modified in the last 1 months======
2009-10-04 10:56:37 ----AD---- C:\WINDOWS\Temp
2009-10-04 10:55:58 ----D---- C:\WINDOWS\Prefetch
2009-10-04 10:52:58 ----D---- C:\Program Files\Mozilla Firefox
2009-10-04 10:51:48 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-04 09:30:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-03 10:42:09 ----D---- C:\WINDOWS
2009-10-01 15:52:15 ----SH---- C:\boot.ini
2009-10-01 15:52:15 ----A---- C:\WINDOWS\win.ini
2009-10-01 15:52:15 ----A---- C:\WINDOWS\system.ini
2009-10-01 15:43:36 ----D---- C:\WINDOWS\system32\drivers
2009-10-01 15:43:24 ----D---- C:\WINDOWS\system32
2009-10-01 15:40:22 ----D---- C:\WINDOWS\system
2009-10-01 15:16:03 ----RD---- C:\Program Files
2009-10-01 15:11:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-30 13:33:56 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Skype
2009-09-29 20:19:02 ----SHD---- C:\WINDOWS\Installer
2009-09-29 20:18:56 ----RD---- C:\WINDOWS\Fonts
2009-09-29 20:18:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-29 20:18:52 ----D---- C:\Program Files\Microsoft Office
2009-09-29 17:44:23 ----HD---- C:\WINDOWS\inf
2009-09-29 07:06:15 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\skypePM
2009-09-23 21:40:53 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-09-19 21:23:00 ----D---- C:\Program Files\Messenger
2009-09-19 21:03:20 ----D---- C:\WINDOWS\WinSxS
2009-09-19 21:02:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-19 20:58:51 ----SD---- C:\Documents and Settings\Shakya Sir\Application Data\Microsoft
2009-09-18 12:00:49 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\U3
2009-09-16 21:29:15 ----D---- C:\Program Files\Common Files
2009-09-10 20:16:18 ----D---- C:\WINDOWS\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-01 226832]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-10 1163616]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-10-03 158208]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 Cam5607;Acer Crystal Eye webcam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-07-27 974248]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-06 4613120]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2009-03-09 56384]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 RapidPort;RapidPort; \??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-24 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-04-01 55352]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-24 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-24 67960]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 fuibhn;fuibhn; \??\C:\WINDOWS\system32\01.tmp []
S3 gaedsws;gaedsws; \??\C:\WINDOWS\system32\01.tmp []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 jgkxktxp;jgkxktxp; \??\C:\WINDOWS\System32\Drivers\jgkxktxp.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler; C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2007-02-09 169664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 MWAgent;MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [2007-12-13 415232]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 wampapache;wampapache; c:\wamp\apache\Apache.exe [2004-10-28 20545]
S3 wampmysqld;wampmysqld; c:\wamp\mysql\bin\mysqld-nt.exe [2004-12-15 3493888]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Download Combofix to your desktop by clicking here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Disconnect from the internet (unplug the cable), close all windows and any program on your system tray, including your antivirus. Do not mouseclick or type anything while combofix is running. That may cause it to stall.
You can safely ignore warnings about not having the recovery console installed. Run it only once !
Post the ComboFix report along with a fresh RSIT log.
You may need more than one post for that, please do so. Post the combofix report on your next reply and add a new reply to post the new rsit log.
Note: Do not use the "Reply button at the right end of the previous one, use the Add Reply (center) button at the very bottom of the topic instead, or it will quote the previous post.
Chris
Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note:
Disconnect from the internet (unplug the cable), close all windows and any program on your system tray, including your antivirus. Do not mouseclick or type anything while combofix is running. That may cause it to stall.
You can safely ignore warnings about not having the recovery console installed. Run it only once !
Post the ComboFix report along with a fresh RSIT log.
You may need more than one post for that, please do so. Post the combofix report on your next reply and add a new reply to post the new rsit log.
Note: Do not use the "Reply button at the right end of the previous one, use the Add Reply (center) button at the very bottom of the topic instead, or it will quote the previous post.
Chris
i install and run combo fix but it deltes my wireless driver...then i have to restore my staurdays restore point...now my internetconnection is okay..i have run combox fix as suggested by u..close my antivvirus...all other running programs...the log off my combo fix and rist are:
ComboFix 09-10-04.01 - Shakya Sir 10/05/2009 11:11.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.595 [GMT 5.75:45]
Running from: c:\documents and settings\Shakya Sir\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\SHAKYA~1\LOCALS~1\Temp\tmp2.tmp
c:\windows\Installer\19ddf.msi
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Passthru
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.
2009-10-05 05:32 . 2009-10-05 05:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-04 05:10 . 2009-10-04 05:10 -------- d-----w- C:\rsit
2009-10-02 01:52 . 2009-10-05 02:57 -------- d-----w- C:\global ITTP ITPP2009
2009-10-01 09:31 . 2009-10-01 09:31 -------- d-----w- c:\program files\CCleaner
2009-10-01 09:29 . 2009-10-01 09:29 -------- d-----w- c:\documents and settings\Shakya Sir\Application Data\Malwarebytes
2009-10-01 09:29 . 2009-09-10 09:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-01 09:29 . 2009-10-01 09:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 09:29 . 2009-10-01 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-01 09:29 . 2009-09-10 09:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 09:28 . 2009-10-04 05:12 -------- d-----w- c:\program files\Trend Micro
2009-09-29 14:33 . 2009-09-29 14:33 -------- d-----w- c:\program files\MSECache
2009-09-29 11:59 . 2009-09-29 11:59 -------- d-----w- c:\program files\AOFR
2009-09-29 06:23 . 2009-09-29 06:23 -------- d-----w- c:\documents and settings\Shakya Sir\Local Settings\Application Data\Batchwork
2009-09-19 15:19 . 2009-10-05 05:15 -------- d-----w- c:\documents and settings\Shakya Sir\Tracing
2009-09-19 15:18 . 2009-09-19 15:18 -------- d-----w- c:\program files\Microsoft
2009-09-19 15:17 . 2009-09-19 15:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-19 15:17 . 2009-09-19 15:17 -------- d-----w- c:\program files\Windows Live
2009-09-16 15:44 . 2009-09-16 15:44 -------- d-----w- c:\program files\Common Files\Windows Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 05:32 . 2009-03-09 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-05 05:29 . 2009-03-09 10:10 7552 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-05 05:29 . 2009-03-09 10:10 360480 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-05 05:29 . 2009-03-09 09:33 33036 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-05 05:29 . 2009-03-09 09:33 2748960 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-04 03:07 . 2009-03-08 16:09 84312 ----a-w- c:\documents and settings\Shakya Sir\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-30 07:48 . 2009-03-08 12:37 -------- d-----w- c:\documents and settings\Shakya Sir\Application Data\Skype
2009-09-29 01:21 . 2009-03-08 12:43 -------- d-----w- c:\documents and settings\Shakya Sir\Application Data\skypePM
2009-09-22 15:22 . 2009-03-09 10:11 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-22 15:22 . 2009-03-09 10:11 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-18 06:15 . 2009-03-08 12:14 -------- d-----w- c:\documents and settings\Shakya Sir\Application Data\U3
2009-08-07 10:58 . 2009-08-07 10:58 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV
2009-08-07 10:56 . 2009-08-07 10:53 -------- d-----w- c:\documents and settings\Shakya Sir\Application Data\Canon
2009-08-07 10:56 . 2009-08-07 10:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan
2009-08-07 10:52 . 2009-08-07 10:52 -------- d-----w- c:\program files\ArcSoft
2009-08-07 10:52 . 2009-03-08 16:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 10:52 . 2009-08-07 10:51 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-07 10:51 . 2009-08-07 10:49 -------- d-----w- c:\program files\Canon
2009-08-07 10:51 . 2009-08-07 10:51 -------- d-----w- c:\program files\Common Files\CANON
2009-08-07 10:49 . 2009-08-07 10:49 -------- d--h--w- c:\program files\CanonBJ
2009-08-01 15:47 . 2008-01-29 11:44 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-07-26 10:59 . 2009-07-26 10:59 48448 ----a-w- c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7844:TCP"= 7844:TCP:czkfyc
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/1/2009 9:17 PM 28544]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;c:\program files\AhnLab\Smart Update Utility\AhnSDsv.exe [3/8/2009 10:14 PM 169664]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
S0 rqurmbxt;rqurmbxt;c:\windows\system32\Drivers\rqurmbxt.sys --> c:\windows\system32\Drivers\rqurmbxt.sys [?]
S2 noxbsc;Helper System;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:45 PM 14336]
S2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [5/25/2009 8:33 PM 22912]
S3 fuibhn;fuibhn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gaedsws;gaedsws;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jgkxktxp;jgkxktxp;\??\c:\windows\System32\Drivers\jgkxktxp.sys --> c:\windows\System32\Drivers\jgkxktxp.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
noxbsc
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {9DED92D1-0C77-4F4F-B63D-60CE46CD3D74} = 202.63.240.3,202.63.240.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-rnaoonwe.sys
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 11:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\OLD25D.tmp 112640 bytes executable
c:\windows\TEMP\cch~cb99390c.htp 8192 bytes
c:\windows\TEMP\cch~d02dc37b.htp 8192 bytes
c:\windows\TEMP\cch~abc5211f.htp 8192 bytes
c:\windows\TEMP\cch~7f8d7d42.htp 8192 bytes
c:\windows\TEMP\cch~7f8d8423.htp 8192 bytes
c:\windows\TEMP\cch~7f8d9ced.htp 8192 bytes
c:\windows\TEMP\cch~22dce0c7.htp 8192 bytes
c:\windows\TEMP\cch~2b14fccad.htp 8192 bytes
c:\windows\TEMP\cch~2b05a81ca.htp 8192 bytes
c:\windows\TEMP\cch~42eb2fd0e.htp 8192 bytes
c:\windows\TEMP\cch~42eb30467.htp 8192 bytes
c:\windows\TEMP\cch~32bd79cc.htp 8192 bytes
c:\windows\TEMP\cch~5ef24590.htp 8192 bytes
c:\windows\TEMP\cch~fed78a31.htp 8192 bytes
c:\windows\TEMP\cch~3a2f59bbe.htp 8192 bytes
c:\windows\TEMP\cch~3a2f6425c.htp 8192 bytes
c:\windows\TEMP\cch~2166adf1.htp
c:\windows\TEMP\Perflib_Perfdata_970.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_9c4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_a04.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_a4c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_a7c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_a8c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_b84.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_bfc.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_c5c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_cd0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_d04.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_d94.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_dd0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_dd4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_dec.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_e30.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_e7c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_ea0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_eb0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_ee4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_f64.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_f8c.dat 16384 bytes
c:\windows\TEMP\cch~8c278436.htp 8192 bytes
c:\windows\TEMP\cch~312b44415.htp 8192 bytes
c:\windows\TEMP\cch~621f14c5b.htp 8192 bytes
c:\windows\TEMP\cch~66955813.htp 8192 bytes
c:\windows\TEMP\cch~6a0d371b2.htp 8192 bytes
c:\windows\TEMP\cch~6a0d3caf0.htp 8192 bytes
c:\windows\TEMP\cch~74791cb1.htp 8192 bytes
c:\windows\TEMP\cch~78184887.htp 8192 bytes
c:\windows\TEMP\cch~788859e1.htp 8192 bytes
c:\windows\TEMP\cch~7a22fd31.htp 8192 bytes
c:\windows\TEMP\cch~7f8da35d.htp 8192 bytes
c:\windows\TEMP\cch~86488256.htp 8192 bytes
c:\windows\TEMP\cch~874fb989c.htp 8192 bytes
c:\windows\TEMP\cch~87e8b1e16.htp 8192 bytes
c:\windows\TEMP\cch~890166790.htp 8192 bytes
c:\windows\TEMP\cch~8c049a82.htp 8192 bytes
c:\windows\TEMP\cch~8c2793b0.htp 8192 bytes
c:\windows\TEMP\cch~901047e62.htp 8192 bytes
c:\windows\TEMP\cch~2fb7ee9ed.htp 8192 bytes
c:\windows\TEMP\cch~3a1f1cd36.htp 8192 bytes
c:\windows\TEMP\cch~9ccace2a2.htp 8192 bytes
c:\windows\TEMP\cch~9ccace7e9.htp 8192 bytes
c:\windows\TEMP\cch~9ccad02c8.htp 8192 bytes
c:\windows\TEMP\cch~9ccad08ec.htp 8192 bytes
c:\windows\TEMP\cch~cb7221ad.htp 8192 bytes
c:\windows\TEMP\cch~cb993ead.htp 8192 bytes
c:\windows\TEMP\cch~cc073b87.htp 8192 bytes
c:\windows\TEMP\cch~d02dcc51.htp 8192 bytes
c:\windows\TEMP\cch~e450b588.htp 8192 bytes
c:\windows\TEMP\cch~e4b3e6bc.htp 8192 bytes
c:\windows\TEMP\cch~ea0aea4e.htp 8192 bytes
c:\windows\TEMP\cch~ed2873f9.htp 8192 bytes
c:\windows\TEMP\cch~f9387f5c.htp 8192 bytes
c:\windows\TEMP\cch~fed7908a.htp 8192 bytes
c:\windows\TEMP\Perflib_Perfdata_868.dat 16384 bytes
c:\windows\TEMP\cch~2191a0b32.htp 8192 bytes
c:\windows\TEMP\cch~29d1d6530.htp 8192 bytes
c:\windows\TEMP\cch~905b4ed0.htp 8192 bytes
c:\windows\TEMP\cch~9ff02a07.htp 8192 bytes
c:\windows\TEMP\PR1C.tmp 56098816 bytes
c:\windows\TEMP\cch~2b1135103.htp 8192 bytes
c:\windows\TEMP\cch~2a8e50fae.htp 8192 bytes
c:\windows\TEMP\cch~2a8e52388.htp 8192 bytes
c:\windows\TEMP\cch~91b12f3a7.htp 8192 bytes
c:\windows\TEMP\cch~91b5f2515.htp 8192 bytes
c:\windows\TEMP\cch~923f62eb2.htp 8192 bytes
c:\windows\TEMP\cch~92831e13a.htp 8192 bytes
c:\windows\TEMP\cch~928e540d6.htp 8192 bytes
c:\windows\TEMP\cch~9366ee0b0.htp 8192 bytes
c:\windows\TEMP\cch~9511abb25.htp 8192 bytes
c:\windows\TEMP\cch~954196f74.htp 8192 bytes
c:\windows\TEMP\cch~95c69de55.htp 8192 bytes
c:\windows\TEMP\cch~960870ce.htp 8192 bytes
c:\windows\TEMP\cch~97feac2de.htp 8192 bytes
c:\windows\TEMP\cch~9b89fdc2e.htp 8192 bytes
c:\windows\TEMP\cch~9ccad2143.htp 8192 bytes
c:\windows\TEMP\cch~cc07317f.htp 8192 bytes
c:\windows\TEMP\cch~95b4bcb0e.htp 8192 bytes
c:\windows\TEMP\cch~95b4d90d3.htp 8192 bytes
c:\windows\TEMP\cch~95b559eb3.htp 8192 bytes
c:\windows\TEMP\cch~95b576343.htp 8192 bytes
c:\windows\TEMP\cch~95c69d7e4.htp 8192 bytes
c:\windows\TEMP\cch~3cb9d1d83.htp 8192 bytes
c:\windows\TEMP\cch~234789550.htp 8192 bytes
c:\windows\TEMP\cch~2441b6662.htp 8192 bytes
c:\windows\TEMP\cch~267d82e4.htp 8192 bytes
c:\windows\TEMP\cch~747901b2.htp 8192 bytes
c:\windows\TEMP\cch~e4b3dba6.htp 8192 bytes
c:\windows\TEMP\cch~86d89d0dc.htp 8192 bytes
c:\windows\TEMP\cch~86d89efb9.htp 8192 bytes
c:\windows\TEMP\cch~ac4d76e0.htp 8192 bytes
c:\windows\TEMP\Perflib_Perfdata_12dc.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_18bc.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_194.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_1a4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_32c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_424.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_5e8.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_6d0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_858.dat 16384 bytes
c:\windows\TEMP\cch~3cb9d22ca.htp 8192 bytes
c:\windows\TEMP\cch~4060f7c8f.htp 8192 bytes
c:\windows\TEMP\cch~425a144df.htp 8192 bytes
c:\windows\TEMP\cch~5803e54f3.htp 8192 bytes
c:\windows\TEMP\cch~5c1cc9b8f.htp 8192 bytes
c:\windows\TEMP\cch~5ef24ab0.htp 8192 bytes
c:\windows\TEMP\cch~3b0ed952a.htp 8192 bytes
c:\windows\TEMP\coinlog.log 16098 bytes
c:\windows\TEMP\dmy14.tmp 0 bytes
c:\windows\TEMP\Google Toolbar
c:\windows\TEMP\GoogleToolbarInstaller1.log 3684 bytes
c:\windows\TEMP\GoogleToolbarInstaller2.log 2619 bytes
c:\windows\TEMP\cch~905b4262.htp 8192 bytes
c:\windows\TEMP\cch~ae2f0c2b.htp 8192 bytes
c:\windows\TEMP\cch~95cb948f7.htp 8192 bytes
c:\windows\TEMP\cch~95cb94fda.htp 8192 bytes
c:\windows\TEMP\cch~95d8a3035.htp 8192 bytes
c:\windows\TEMP\cch~95d944299.htp 8192 bytes
c:\windows\TEMP\cch~95deeefc9.htp 8192 bytes
c:\windows\TEMP\cch~95e0688c3.htp 8192 bytes
c:\windows\TEMP\cch~95e4293f7.htp 8192 bytes
c:\windows\TEMP\cch~95e47c7b7.htp 8192 bytes
c:\windows\TEMP\cch~95ee61932.htp 0 bytes
c:\windows\TEMP\cch~96086b36.htp 8192 bytes
c:\windows\TEMP\cch~788853bb.htp 8192 bytes
c:\windows\TEMP\cch~2adf72a95.htp 8192 bytes
c:\windows\TEMP\cch~b18036b1.htp 8192 bytes
c:\windows\TEMP\cch~f9389593.htp 8192 bytes
c:\windows\TEMP\cch~f9389dc7.htp 8192 bytes
c:\windows\TEMP\cch~f93e30ed.htp 8192 bytes
c:\windows\TEMP\cch~f93e3650.htp 8192 bytes
c:\windows\TEMP\cch~214fbc25f.htp 8192 bytes
c:\windows\TEMP\cch~2aaff810c.htp 8192 bytes
c:\windows\TEMP\cch~2acae417a.htp 8192 bytes
c:\windows\TEMP\cch~2adf8fadd.htp 8192 bytes
c:\windows\TEMP\cch~2b05a8822.htp 8192 bytes
c:\windows\TEMP\cch~2b1135742.htp 8192 bytes
c:\windows\TEMP\cch~2b14fd35c.htp 8192 bytes
c:\windows\TEMP\cch~2fb7ef3a0.htp 8192 bytes
c:\windows\TEMP\cch~312b44956.htp 8192 bytes
c:\windows\TEMP\cch~32bd7f83.htp 8192 bytes
c:\windows\TEMP\cch~3a1f1d2f8.htp 8192 bytes
c:\windows\TEMP\cch~3b0ed9b1f.htp 8192 bytes
c:\windows\TEMP\cch~66955214.htp 8192 bytes
c:\windows\TEMP\cch~921516ae8.htp 8192 bytes
c:\windows\TEMP\cch~92151740d.htp 8192 bytes
c:\windows\TEMP\cch~923e4cdc4.htp 8192 bytes
c:\windows\TEMP\cch~923e4d4bf.htp 8192 bytes
c:\windows\TEMP\cch~923f60d5f.htp 8192 bytes
c:\windows\TEMP\cch~923f6133d.htp 8192 bytes
c:\windows\TEMP\cch~923f628ff.htp 8192 bytes
c:\windows\TEMP\cch~425a13e7e.htp 8192 bytes
c:\windows\TEMP\cch~6a0d3c4b7.htp 8192 bytes
c:\windows\TEMP\cch~97feabc0c.htp 8192 bytes
c:\windows\TEMP\cch~234789010.htp 8192 bytes
c:\windows\TEMP\cch~9ccad27a0.htp 8192 bytes
c:\windows\TEMP\cch~9ccad4231.htp 8192 bytes
c:\windows\TEMP\cch~9ccad48a6.htp 8192 bytes
c:\windows\TEMP\cch~9ccb2ae8e.htp 8192 bytes
c:\windows\TEMP\cch~9ccb2b460.htp 8192 bytes
c:\windows\TEMP\cch~9cd6b834f.htp 8192 bytes
c:\windows\TEMP\cch~9cd6b893e.htp 8192 bytes
c:\windows\TEMP\cch~5c1cc461c.htp 8192 bytes
c:\windows\TEMP\cch~5c1cc58de.htp 8192 bytes
c:\windows\TEMP\cch~5c1cc945d.htp 8192 bytes
c:\windows\TEMP\PR4E.tmp 3506176 bytes
c:\windows\TEMP\PR5B.tmp 51052544 bytes
c:\windows\TEMP\PRC.tmp 131072000 bytes
c:\windows\TEMP\wincookie.dat 462944 bytes
c:\windows\TEMP\wmplog00.sqm 1072 bytes
c:\windows\TEMP\wmplog01.sqm 1072 bytes
c:\windows\TEMP\xj563562.TMP 589824 bytes
c:\windows\TEMP\_ISTMP1.DIR
c:\windows\TEMP\_ISTMP1.DIR\_ISTMP0.DIR
c:\windows\TEMP\_ISTMP2.DIR
c:\windows\TEMP\_ISTMP2.DIR\_ISTMP0.DIR
c:\windows\TEMP\cch~9ff019a1.htp 8192 bytes
c:\windows\TEMP\cch~7a22f750.htp 8192 bytes
c:\windows\TEMP\cch~f92ddbf3.htp 8192 bytes
c:\windows\TEMP\cch~f92de319.htp 8192 bytes
c:\windows\TEMP\cch~f9387974.htp 8192 bytes
c:\windows\TEMP\cch~ed286ee8.htp 8192 bytes
c:\windows\TEMP\cch~20cbe5b48.htp 8192 bytes
c:\windows\TEMP\cch~2441b5fd4.htp 8192 bytes
c:\windows\TEMP\cch~d6ead392.htp 8192 bytes
c:\windows\TEMP\cch~d6ead8ef.htp 8192 bytes
c:\windows\TEMP\cch~2289d6b3.htp 8192 bytes
c:\windows\TEMP\cch~d02df124.htp 8192 bytes
c:\windows\TEMP\cch~d02dfa37.htp 8192 bytes
c:\windows\TEMP\cch~d02e10b9.htp 8192 bytes
c:\windows\TEMP\cch~d02e1819.htp 8192 bytes
c:\windows\TEMP\cch~4060f760e.htp 8192 bytes
c:\windows\TEMP\cch~9b89fd581.htp 8192 bytes
c:\windows\TEMP\cch~94823d8bf.htp 8192 bytes
c:\windows\TEMP\cch~94824d17b.htp 8192 bytes
c:\windows\TEMP\cch~94826bd09.htp 8192 bytes
c:\windows\TEMP\cch~94826c224.htp 8192 bytes
c:\windows\TEMP\cch~91883815e.htp 8192 bytes
c:\windows\TEMP\cch~918838772.htp 8192 bytes
c:\windows\TEMP\cch~91a982fe7.htp 8192 bytes
c:\windows\TEMP\cch~91a983a09.htp 8192 bytes
c:\windows\TEMP\cch~91ab33fac.htp 8192 bytes
c:\windows\TEMP\cch~91ab344f6.htp 8192 bytes
c:\windows\TEMP\cch~91b12ebae.htp 8192 bytes
c:\windows\TEMP\cch~267d7ba5.htp 8192 bytes
c:\windows\TEMP\cch~78184101.htp 8192 bytes
c:\windows\TEMP\cch~621f13b22.htp 8192 bytes
c:\windows\TEMP\cch~874fb929b.htp 8192 bytes
c:\windows\TEMP\cch~29d1d590d.htp 8192 bytes
c:\windows\TEMP\cch~2ab00d860.htp 8192 bytes
c:\windows\TEMP\cch~2acae39b0.htp 8192 bytes
c:\windows\TEMP\cch~9010478f8.htp 8192 bytes
c:\windows\TEMP\cch~6a0d36b2a.htp 8192 bytes
c:\windows\TEMP\cch~5803e4f67.htp 8192 bytes
c:\windows\TEMP\cch~ea0ac943.htp 8192 bytes
c:\windows\TEMP\cch~ea0ace72.htp 8192 bytes
c:\windows\TEMP\cch~ea0ae3f4.htp 8192 bytes
c:\windows\TEMP\cch~86486d1f.htp 8192 bytes
c:\windows\TEMP\cch~8b0dddf40.htp 8192 bytes
c:\windows\TEMP\cch~8b0dde535.htp 8192 bytes
c:\windows\TEMP\cch~8be429f6e.htp 8192 bytes
c:\windows\TEMP\cch~8be42a599.htp 8192 bytes
c:\windows\TEMP\cch~8c030e73.htp 8192 bytes
c:\windows\TEMP\cch~20cbe6129.htp 8192 bytes
c:\windows\TEMP\cch~214fbe7a8.htp 8192 bytes
c:\windows\TEMP\cch~2166b7b1.htp
c:\windows\TEMP\cch~2191a1051.htp 8192 bytes
c:\windows\TEMP\cch~2289e0ca.htp 8192 bytes
c:\windows\TEMP\cch~22de2d33.htp 8192 bytes
c:\windows\TEMP\cch~cb721c17.htp 8192 bytes
c:\windows\TEMP\cch~b6bf1a8a.htp 8192 bytes
c:\windows\TEMP\cch~bef98779.htp 8192 bytes
c:\windows\TEMP\cch~bef990d0.htp 8192 bytes
c:\windows\TEMP\cch~91b5f196b.htp 8192 bytes
c:\windows\TEMP\cch~87e8b18e2.htp 8192 bytes
c:\windows\TEMP\cch~927ecbea2.htp 8192 bytes
c:\windows\TEMP\cch~927ecdbce.htp 8192 bytes
c:\windows\TEMP\cch~92831ceb5.htp 8192 bytes
c:\windows\TEMP\cch~9287f4dd0.htp 8192 bytes
c:\windows\TEMP\cch~9287fc45f.htp 8192 bytes
c:\windows\TEMP\cch~928a8b56c.htp 8192 bytes
c:\windows\TEMP\cch~928a9bdad.htp 8192 bytes
c:\windows\TEMP\cch~928e52caa.htp 8192 bytes
c:\windows\TEMP\cch~9511aea2f.htp 8192 bytes
c:\windows\TEMP\cch~9511cb88e.htp 8192 bytes
c:\windows\TEMP\cch~9511d807d.htp 8192 bytes
c:\windows\TEMP\cch~9511e6838.htp 8192 bytes
c:\windows\TEMP\cch~951252b73.htp 8192 bytes
c:\windows\TEMP\cch~951289955.htp 8192 bytes
c:\windows\TEMP\cch~9512963ca.htp 8192 bytes
c:\windows\TEMP\cch~95184b6eb.htp 8192 bytes
c:\windows\TEMP\cch~951881b1f.htp 8192 bytes
c:\windows\TEMP\cch~9518c853e.htp 8192 bytes
c:\windows\TEMP\cch~9518e8ade.htp 8192 bytes
c:\windows\TEMP\cch~9540fb940.htp 8192 bytes
c:\windows\TEMP\cch~8889d8b23.htp 8192 bytes
c:\windows\TEMP\cch~8889d91ab.htp 8192 bytes
c:\windows\TEMP\cch~8899c4a2d.htp 8192 bytes
c:\windows\TEMP\cch~8899c4f53.htp 8192 bytes
c:\windows\TEMP\cch~89016625c.htp 8192 bytes
c:\windows\TEMP\cch~931ec5cd9.htp 8192 bytes
c:\windows\TEMP\cch~931f4dfc7.htp 8192 bytes
c:\windows\TEMP\cch~9366ebde7.htp 8192 bytes
c:\windows\TEMP\cch~e450ab79.htp 8192 bytes
c:\windows\TEMP\cch~aae7beb2.htp 8192 bytes
c:\windows\TEMP\cch~aae7c3c8.htp 8192 bytes
c:\windows\TEMP\cch~abc52b20.htp 8192 bytes
c:\windows\TEMP\cch~ac4d8310.htp 8192 bytes
c:\windows\TEMP\cch~ae2f1349.htp 8192 bytes
c:\windows\TEMP\cch~b1803d3b.htp 8192 bytes
c:\windows\TEMP\cch~b6bf222a.htp 8192 bytes
c:\windows\TEMP\cch~b0fd913d.htp 8192 bytes
c:\windows\TEMP\cch~b0fd9a90.htp 8192 bytes
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fuibhn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaedsws]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\noxbsc]
"ServiceDll"="c:\windows\system32\uyxuush.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.EXE'(748)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-05 11:22 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-10-05 05:33
Pre-Run: 33,394,794,496 bytes free
Post-Run: 33,544,667,136 bytes free
439
Logfile of random's system information tool 1.06 (written by random/random)
Run by Shakya Sir at 2009-10-05 12:27:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (80%) free of 40 GB
Total RAM: 1014 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:51 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Shakya Sir\Desktop\RSIT.exe
C:\Program Files\trend micro\Shakya Sir.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nitc.gov.np/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\s,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-602162358-484763869-1417001333-500\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Administrator')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DED92D1-0C77-4F4F-B63D-60CE46CD3D74}: NameServer = 202.63.240.3,202.63.240.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 7328 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-02-04 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-21 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-05-26 4351216]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-11 39408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e4ae1c6-54ea-11de-8478-001d72193df1}]
shell\AutoRun\command - G:\iph.exe %1
shell\Explore\command - G:\iph.exe %1
shell\Open\command - G:\iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f7b3a0-5e62-11de-84aa-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22ed262c-5f22-11de-84ad-001d72193df1}]
shell\auTopLAy\command - G:\nwawki.exe
shell\AutoRun\command - G:\nwawki.exe
shell\exPlORE\command - G:\nwawki.exe
shell\Open\command - G:\nwawki.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3815d86e-23ea-11de-83a8-001d72193df1}]
shell\AutoRun\command - cmd /c start "" "Readme\Manual.html"
shell\explore\command - cmd /c start "" "README\Manual.htmL"
shell\open\command - cmd /c start "" "ReadME\Manual.html"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f7f249a-3485-11de-83ed-001d72193df1}]
shell\Auto\command - Recycled/dllcache32.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
shell\explore\command - Recycled/dllcache32.exe
shell\open\command - Recycled/dllcache32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8b26ba-7bfb-11de-854f-001d72193df1}]
shell\AutoRun\command - G:\hm1bfpuj.exe
shell\open\command - G:\hm1bfpuj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6b3ecc-7be6-11de-854d-001d72193df1}]
shell\aUtopLAy\command - G:\rdql.pif
shell\AutoRun\command - G:\rdql.pif
shell\eXplore\command - G:\rdql.pif
shell\oPen\command - G:\rdql.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{736e7203-7dee-11de-8557-001d72193df1}]
shell\1\command - Recycled.exe
shell\2\command - Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
shell\Explore\command - iph.exe %1
shell\Open\command - iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a9bfae-7be7-11de-854e-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
shell\Open\command - G:\regsvr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{967a1bb1-a73b-11de-85e7-001d72193df1}]
shell\AutoRun\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
shell\open\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14b90b4-63a5-11de-84cc-001d72193df1}]
shell\AuTOplaY\command - G:\kvkmy.exe
shell\AutoRun\command - G:\kvkmy.exe
shell\ExpLoRe\command - G:\kvkmy.exe
shell\opeN\command - G:\kvkmy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494da-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494db-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - L:\rx.exe
shell\open\command - L:\rx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c415a928-6241-11de-84c4-001d72193df1}]
shell\AutoRun\command - G:\gpcdt.cmd
shell\open\command - G:\gpcdt.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb559e7f-822d-11de-856f-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gphone.exe
shell\Open\command - G:\gphone.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1103274-1cf8-11de-838b-001d72193df1}]
shell\auto\command - G:\auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
======List of files/folders created in the last 1 months======
2009-10-05 12:01:34 ----SHD---- C:\RECYCLER
2009-10-05 11:22:38 ----A---- C:\ComboFix.txt
2009-10-05 11:10:17 ----D---- C:\WINDOWS\ERDNT
2009-10-05 11:07:55 ----D---- C:\Qoobox
2009-10-04 10:55:47 ----D---- C:\rsit
2009-10-02 07:37:39 ----D---- C:\global ITTP ITPP2009
2009-10-01 15:51:19 ----D---- C:\WINDOWS\pss
2009-10-01 15:40:38 ----A---- C:\mbam-log-2009-10-01 (15-40-22).txt
2009-10-01 15:16:03 ----D---- C:\Program Files\CCleaner
2009-10-01 15:14:47 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Malwarebytes
2009-10-01 15:14:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-01 15:14:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-01 15:13:09 ----D---- C:\Program Files\Trend Micro
2009-09-29 20:18:39 ----D---- C:\Program Files\MSECache
2009-09-29 17:44:02 ----D---- C:\Program Files\AOFR
2009-09-19 21:03:02 ----D---- C:\Program Files\Microsoft
2009-09-19 21:02:30 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-19 21:02:00 ----D---- C:\Program Files\Windows Live
2009-09-16 21:29:15 ----D---- C:\Program Files\Common Files\Windows Live
======List of files/folders modified in the last 1 months======
2009-10-05 12:27:46 ----AD---- C:\WINDOWS\Temp
2009-10-05 12:16:14 ----D---- C:\Program Files\Mozilla Firefox
2009-10-05 12:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-05 12:02:07 ----D---- C:\WINDOWS\system32\config
2009-10-05 12:01:49 ----D---- C:\WINDOWS\system32\wbem
2009-10-05 12:01:49 ----D---- C:\WINDOWS\Registration
2009-10-05 12:01:36 ----D---- C:\WINDOWS\system32
2009-10-05 12:01:36 ----D---- C:\WINDOWS
2009-10-05 12:01:35 ----SHD---- C:\WINDOWS\Installer
2009-10-05 12:01:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-05 12:01:09 ----D---- C:\WINDOWS\system32\Restore
2009-10-05 11:56:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-05 11:22:44 ----D---- C:\WINDOWS\system32\drivers
2009-10-05 11:17:13 ----A---- C:\WINDOWS\system.ini
2009-10-05 11:16:00 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-05 11:12:54 ----D---- C:\WINDOWS\AppPatch
2009-10-05 11:12:51 ----D---- C:\Program Files\Common Files
2009-10-05 07:38:12 ----D---- C:\WINDOWS\Prefetch
2009-10-04 14:56:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-01 15:52:15 ----SH---- C:\boot.ini
2009-10-01 15:52:15 ----A---- C:\WINDOWS\win.ini
2009-10-01 15:40:22 ----D---- C:\WINDOWS\system
2009-10-01 15:16:03 ----RD---- C:\Program Files
2009-09-30 13:33:56 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Skype
2009-09-29 20:18:56 ----RD---- C:\WINDOWS\Fonts
2009-09-29 20:18:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-29 20:18:52 ----D---- C:\Program Files\Microsoft Office
2009-09-29 17:44:23 ----HD---- C:\WINDOWS\inf
2009-09-29 07:06:15 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\skypePM
2009-09-23 21:40:53 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-09-19 21:23:00 ----D---- C:\Program Files\Messenger
2009-09-19 21:03:20 ----D---- C:\WINDOWS\WinSxS
2009-09-19 21:02:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-19 20:58:51 ----SD---- C:\Documents and Settings\Shakya Sir\Application Data\Microsoft
2009-09-18 12:00:49 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\U3
2009-09-10 20:16:18 ----D---- C:\WINDOWS\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-01 226832]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-10 1163616]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-10-03 158208]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 Cam5607;Acer Crystal Eye webcam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-07-27 974248]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-06 4613120]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2009-03-09 56384]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 RapidPort;RapidPort; \??\C:&
ComboFix 09-10-04.01 - Shakya Sir 10/05/2009 11:11.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.595 [GMT 5.75:45]
Running from: c:\documents and settings\Shakya Sir\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\SHAKYA~1\LOCALS~1\Temp\tmp2.tmp
c:\windows\Installer\19ddf.msi
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Passthru
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.
2009-10-05 05:32 . 2009-10-05 05:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-04 05:10 . 2009-10-04 05:10 -------- d-----w- C:\rsit
2009-10-02 01:52 . 2009-10-05 02:57 -------- d-----w- C:\global ITTP ITPP2009
2009-10-01 09:31 . 2009-10-01 09:31 -------- d-----w- c:\program files\CCleaner
2009-10-01 09:29 . 2009-10-01 09:29 -------- d-----w- c:\documents and settings\Shakya Sir\Application Data\Malwarebytes
2009-10-01 09:29 . 2009-09-10 09:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-01 09:29 . 2009-10-01 09:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-01 09:29 . 2009-10-01 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-01 09:29 . 2009-09-10 09:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 09:28 . 2009-10-04 05:12 -------- d-----w- c:\program files\Trend Micro
2009-09-29 14:33 . 2009-09-29 14:33 -------- d-----w- c:\program files\MSECache
2009-09-29 11:59 . 2009-09-29 11:59 -------- d-----w- c:\program files\AOFR
2009-09-29 06:23 . 2009-09-29 06:23 -------- d-----w- c:\documents and settings\Shakya Sir\Local Settings\Application Data\Batchwork
2009-09-19 15:19 . 2009-10-05 05:15 -------- d-----w- c:\documents and settings\Shakya Sir\Tracing
2009-09-19 15:18 . 2009-09-19 15:18 -------- d-----w- c:\program files\Microsoft
2009-09-19 15:17 . 2009-09-19 15:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-19 15:17 . 2009-09-19 15:17 -------- d-----w- c:\program files\Windows Live
2009-09-16 15:44 . 2009-09-16 15:44 -------- d-----w- c:\program files\Common Files\Windows Live
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 05:32 . 2009-03-09 10:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-05 05:29 . 2009-03-09 10:10 7552 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-05 05:29 . 2009-03-09 10:10 360480 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-05 05:29 . 2009-03-09 09:33 33036 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-05 05:29 . 2009-03-09 09:33 2748960 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-04 03:07 . 2009-03-08 16:09 84312 ----a-w- c:\documents and settings\Shakya Sir\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-30 07:48 . 2009-03-08 12:37 -------- d-----w- c:\documents and settings\Shakya Sir\Application Data\Skype
2009-09-29 01:21 . 2009-03-08 12:43 -------- d-----w- c:\documents and settings\Shakya Sir\Application Data\skypePM
2009-09-22 15:22 . 2009-03-09 10:11 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-22 15:22 . 2009-03-09 10:11 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-18 06:15 . 2009-03-08 12:14 -------- d-----w- c:\documents and settings\Shakya Sir\Application Data\U3
2009-08-07 10:58 . 2009-08-07 10:58 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV
2009-08-07 10:56 . 2009-08-07 10:53 -------- d-----w- c:\documents and settings\Shakya Sir\Application Data\Canon
2009-08-07 10:56 . 2009-08-07 10:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan
2009-08-07 10:52 . 2009-08-07 10:52 -------- d-----w- c:\program files\ArcSoft
2009-08-07 10:52 . 2009-03-08 16:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 10:52 . 2009-08-07 10:51 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-07 10:51 . 2009-08-07 10:49 -------- d-----w- c:\program files\Canon
2009-08-07 10:51 . 2009-08-07 10:51 -------- d-----w- c:\program files\Common Files\CANON
2009-08-07 10:49 . 2009-08-07 10:49 -------- d--h--w- c:\program files\CanonBJ
2009-08-01 15:47 . 2008-01-29 11:44 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-07-26 10:59 . 2009-07-26 10:59 48448 ----a-w- c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7844:TCP"= 7844:TCP:czkfyc
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/1/2009 9:17 PM 28544]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;c:\program files\AhnLab\Smart Update Utility\AhnSDsv.exe [3/8/2009 10:14 PM 169664]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
S0 rqurmbxt;rqurmbxt;c:\windows\system32\Drivers\rqurmbxt.sys --> c:\windows\system32\Drivers\rqurmbxt.sys [?]
S2 noxbsc;Helper System;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 5:45 PM 14336]
S2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [5/25/2009 8:33 PM 22912]
S3 fuibhn;fuibhn;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 gaedsws;gaedsws;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 jgkxktxp;jgkxktxp;\??\c:\windows\System32\Drivers\jgkxktxp.sys --> c:\windows\System32\Drivers\jgkxktxp.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
noxbsc
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {9DED92D1-0C77-4F4F-B63D-60CE46CD3D74} = 202.63.240.3,202.63.240.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-rnaoonwe.sys
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 11:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\OLD25D.tmp 112640 bytes executable
c:\windows\TEMP\cch~cb99390c.htp 8192 bytes
c:\windows\TEMP\cch~d02dc37b.htp 8192 bytes
c:\windows\TEMP\cch~abc5211f.htp 8192 bytes
c:\windows\TEMP\cch~7f8d7d42.htp 8192 bytes
c:\windows\TEMP\cch~7f8d8423.htp 8192 bytes
c:\windows\TEMP\cch~7f8d9ced.htp 8192 bytes
c:\windows\TEMP\cch~22dce0c7.htp 8192 bytes
c:\windows\TEMP\cch~2b14fccad.htp 8192 bytes
c:\windows\TEMP\cch~2b05a81ca.htp 8192 bytes
c:\windows\TEMP\cch~42eb2fd0e.htp 8192 bytes
c:\windows\TEMP\cch~42eb30467.htp 8192 bytes
c:\windows\TEMP\cch~32bd79cc.htp 8192 bytes
c:\windows\TEMP\cch~5ef24590.htp 8192 bytes
c:\windows\TEMP\cch~fed78a31.htp 8192 bytes
c:\windows\TEMP\cch~3a2f59bbe.htp 8192 bytes
c:\windows\TEMP\cch~3a2f6425c.htp 8192 bytes
c:\windows\TEMP\cch~2166adf1.htp
c:\windows\TEMP\Perflib_Perfdata_970.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_9c4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_a04.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_a4c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_a7c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_a8c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_b84.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_bfc.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_c5c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_cd0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_d04.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_d94.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_dd0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_dd4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_dec.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_e30.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_e7c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_ea0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_eb0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_ee4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_f64.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_f8c.dat 16384 bytes
c:\windows\TEMP\cch~8c278436.htp 8192 bytes
c:\windows\TEMP\cch~312b44415.htp 8192 bytes
c:\windows\TEMP\cch~621f14c5b.htp 8192 bytes
c:\windows\TEMP\cch~66955813.htp 8192 bytes
c:\windows\TEMP\cch~6a0d371b2.htp 8192 bytes
c:\windows\TEMP\cch~6a0d3caf0.htp 8192 bytes
c:\windows\TEMP\cch~74791cb1.htp 8192 bytes
c:\windows\TEMP\cch~78184887.htp 8192 bytes
c:\windows\TEMP\cch~788859e1.htp 8192 bytes
c:\windows\TEMP\cch~7a22fd31.htp 8192 bytes
c:\windows\TEMP\cch~7f8da35d.htp 8192 bytes
c:\windows\TEMP\cch~86488256.htp 8192 bytes
c:\windows\TEMP\cch~874fb989c.htp 8192 bytes
c:\windows\TEMP\cch~87e8b1e16.htp 8192 bytes
c:\windows\TEMP\cch~890166790.htp 8192 bytes
c:\windows\TEMP\cch~8c049a82.htp 8192 bytes
c:\windows\TEMP\cch~8c2793b0.htp 8192 bytes
c:\windows\TEMP\cch~901047e62.htp 8192 bytes
c:\windows\TEMP\cch~2fb7ee9ed.htp 8192 bytes
c:\windows\TEMP\cch~3a1f1cd36.htp 8192 bytes
c:\windows\TEMP\cch~9ccace2a2.htp 8192 bytes
c:\windows\TEMP\cch~9ccace7e9.htp 8192 bytes
c:\windows\TEMP\cch~9ccad02c8.htp 8192 bytes
c:\windows\TEMP\cch~9ccad08ec.htp 8192 bytes
c:\windows\TEMP\cch~cb7221ad.htp 8192 bytes
c:\windows\TEMP\cch~cb993ead.htp 8192 bytes
c:\windows\TEMP\cch~cc073b87.htp 8192 bytes
c:\windows\TEMP\cch~d02dcc51.htp 8192 bytes
c:\windows\TEMP\cch~e450b588.htp 8192 bytes
c:\windows\TEMP\cch~e4b3e6bc.htp 8192 bytes
c:\windows\TEMP\cch~ea0aea4e.htp 8192 bytes
c:\windows\TEMP\cch~ed2873f9.htp 8192 bytes
c:\windows\TEMP\cch~f9387f5c.htp 8192 bytes
c:\windows\TEMP\cch~fed7908a.htp 8192 bytes
c:\windows\TEMP\Perflib_Perfdata_868.dat 16384 bytes
c:\windows\TEMP\cch~2191a0b32.htp 8192 bytes
c:\windows\TEMP\cch~29d1d6530.htp 8192 bytes
c:\windows\TEMP\cch~905b4ed0.htp 8192 bytes
c:\windows\TEMP\cch~9ff02a07.htp 8192 bytes
c:\windows\TEMP\PR1C.tmp 56098816 bytes
c:\windows\TEMP\cch~2b1135103.htp 8192 bytes
c:\windows\TEMP\cch~2a8e50fae.htp 8192 bytes
c:\windows\TEMP\cch~2a8e52388.htp 8192 bytes
c:\windows\TEMP\cch~91b12f3a7.htp 8192 bytes
c:\windows\TEMP\cch~91b5f2515.htp 8192 bytes
c:\windows\TEMP\cch~923f62eb2.htp 8192 bytes
c:\windows\TEMP\cch~92831e13a.htp 8192 bytes
c:\windows\TEMP\cch~928e540d6.htp 8192 bytes
c:\windows\TEMP\cch~9366ee0b0.htp 8192 bytes
c:\windows\TEMP\cch~9511abb25.htp 8192 bytes
c:\windows\TEMP\cch~954196f74.htp 8192 bytes
c:\windows\TEMP\cch~95c69de55.htp 8192 bytes
c:\windows\TEMP\cch~960870ce.htp 8192 bytes
c:\windows\TEMP\cch~97feac2de.htp 8192 bytes
c:\windows\TEMP\cch~9b89fdc2e.htp 8192 bytes
c:\windows\TEMP\cch~9ccad2143.htp 8192 bytes
c:\windows\TEMP\cch~cc07317f.htp 8192 bytes
c:\windows\TEMP\cch~95b4bcb0e.htp 8192 bytes
c:\windows\TEMP\cch~95b4d90d3.htp 8192 bytes
c:\windows\TEMP\cch~95b559eb3.htp 8192 bytes
c:\windows\TEMP\cch~95b576343.htp 8192 bytes
c:\windows\TEMP\cch~95c69d7e4.htp 8192 bytes
c:\windows\TEMP\cch~3cb9d1d83.htp 8192 bytes
c:\windows\TEMP\cch~234789550.htp 8192 bytes
c:\windows\TEMP\cch~2441b6662.htp 8192 bytes
c:\windows\TEMP\cch~267d82e4.htp 8192 bytes
c:\windows\TEMP\cch~747901b2.htp 8192 bytes
c:\windows\TEMP\cch~e4b3dba6.htp 8192 bytes
c:\windows\TEMP\cch~86d89d0dc.htp 8192 bytes
c:\windows\TEMP\cch~86d89efb9.htp 8192 bytes
c:\windows\TEMP\cch~ac4d76e0.htp 8192 bytes
c:\windows\TEMP\Perflib_Perfdata_12dc.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_18bc.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_194.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_1a4.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_32c.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_424.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_5e8.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_6d0.dat 16384 bytes
c:\windows\TEMP\Perflib_Perfdata_858.dat 16384 bytes
c:\windows\TEMP\cch~3cb9d22ca.htp 8192 bytes
c:\windows\TEMP\cch~4060f7c8f.htp 8192 bytes
c:\windows\TEMP\cch~425a144df.htp 8192 bytes
c:\windows\TEMP\cch~5803e54f3.htp 8192 bytes
c:\windows\TEMP\cch~5c1cc9b8f.htp 8192 bytes
c:\windows\TEMP\cch~5ef24ab0.htp 8192 bytes
c:\windows\TEMP\cch~3b0ed952a.htp 8192 bytes
c:\windows\TEMP\coinlog.log 16098 bytes
c:\windows\TEMP\dmy14.tmp 0 bytes
c:\windows\TEMP\Google Toolbar
c:\windows\TEMP\GoogleToolbarInstaller1.log 3684 bytes
c:\windows\TEMP\GoogleToolbarInstaller2.log 2619 bytes
c:\windows\TEMP\cch~905b4262.htp 8192 bytes
c:\windows\TEMP\cch~ae2f0c2b.htp 8192 bytes
c:\windows\TEMP\cch~95cb948f7.htp 8192 bytes
c:\windows\TEMP\cch~95cb94fda.htp 8192 bytes
c:\windows\TEMP\cch~95d8a3035.htp 8192 bytes
c:\windows\TEMP\cch~95d944299.htp 8192 bytes
c:\windows\TEMP\cch~95deeefc9.htp 8192 bytes
c:\windows\TEMP\cch~95e0688c3.htp 8192 bytes
c:\windows\TEMP\cch~95e4293f7.htp 8192 bytes
c:\windows\TEMP\cch~95e47c7b7.htp 8192 bytes
c:\windows\TEMP\cch~95ee61932.htp 0 bytes
c:\windows\TEMP\cch~96086b36.htp 8192 bytes
c:\windows\TEMP\cch~788853bb.htp 8192 bytes
c:\windows\TEMP\cch~2adf72a95.htp 8192 bytes
c:\windows\TEMP\cch~b18036b1.htp 8192 bytes
c:\windows\TEMP\cch~f9389593.htp 8192 bytes
c:\windows\TEMP\cch~f9389dc7.htp 8192 bytes
c:\windows\TEMP\cch~f93e30ed.htp 8192 bytes
c:\windows\TEMP\cch~f93e3650.htp 8192 bytes
c:\windows\TEMP\cch~214fbc25f.htp 8192 bytes
c:\windows\TEMP\cch~2aaff810c.htp 8192 bytes
c:\windows\TEMP\cch~2acae417a.htp 8192 bytes
c:\windows\TEMP\cch~2adf8fadd.htp 8192 bytes
c:\windows\TEMP\cch~2b05a8822.htp 8192 bytes
c:\windows\TEMP\cch~2b1135742.htp 8192 bytes
c:\windows\TEMP\cch~2b14fd35c.htp 8192 bytes
c:\windows\TEMP\cch~2fb7ef3a0.htp 8192 bytes
c:\windows\TEMP\cch~312b44956.htp 8192 bytes
c:\windows\TEMP\cch~32bd7f83.htp 8192 bytes
c:\windows\TEMP\cch~3a1f1d2f8.htp 8192 bytes
c:\windows\TEMP\cch~3b0ed9b1f.htp 8192 bytes
c:\windows\TEMP\cch~66955214.htp 8192 bytes
c:\windows\TEMP\cch~921516ae8.htp 8192 bytes
c:\windows\TEMP\cch~92151740d.htp 8192 bytes
c:\windows\TEMP\cch~923e4cdc4.htp 8192 bytes
c:\windows\TEMP\cch~923e4d4bf.htp 8192 bytes
c:\windows\TEMP\cch~923f60d5f.htp 8192 bytes
c:\windows\TEMP\cch~923f6133d.htp 8192 bytes
c:\windows\TEMP\cch~923f628ff.htp 8192 bytes
c:\windows\TEMP\cch~425a13e7e.htp 8192 bytes
c:\windows\TEMP\cch~6a0d3c4b7.htp 8192 bytes
c:\windows\TEMP\cch~97feabc0c.htp 8192 bytes
c:\windows\TEMP\cch~234789010.htp 8192 bytes
c:\windows\TEMP\cch~9ccad27a0.htp 8192 bytes
c:\windows\TEMP\cch~9ccad4231.htp 8192 bytes
c:\windows\TEMP\cch~9ccad48a6.htp 8192 bytes
c:\windows\TEMP\cch~9ccb2ae8e.htp 8192 bytes
c:\windows\TEMP\cch~9ccb2b460.htp 8192 bytes
c:\windows\TEMP\cch~9cd6b834f.htp 8192 bytes
c:\windows\TEMP\cch~9cd6b893e.htp 8192 bytes
c:\windows\TEMP\cch~5c1cc461c.htp 8192 bytes
c:\windows\TEMP\cch~5c1cc58de.htp 8192 bytes
c:\windows\TEMP\cch~5c1cc945d.htp 8192 bytes
c:\windows\TEMP\PR4E.tmp 3506176 bytes
c:\windows\TEMP\PR5B.tmp 51052544 bytes
c:\windows\TEMP\PRC.tmp 131072000 bytes
c:\windows\TEMP\wincookie.dat 462944 bytes
c:\windows\TEMP\wmplog00.sqm 1072 bytes
c:\windows\TEMP\wmplog01.sqm 1072 bytes
c:\windows\TEMP\xj563562.TMP 589824 bytes
c:\windows\TEMP\_ISTMP1.DIR
c:\windows\TEMP\_ISTMP1.DIR\_ISTMP0.DIR
c:\windows\TEMP\_ISTMP2.DIR
c:\windows\TEMP\_ISTMP2.DIR\_ISTMP0.DIR
c:\windows\TEMP\cch~9ff019a1.htp 8192 bytes
c:\windows\TEMP\cch~7a22f750.htp 8192 bytes
c:\windows\TEMP\cch~f92ddbf3.htp 8192 bytes
c:\windows\TEMP\cch~f92de319.htp 8192 bytes
c:\windows\TEMP\cch~f9387974.htp 8192 bytes
c:\windows\TEMP\cch~ed286ee8.htp 8192 bytes
c:\windows\TEMP\cch~20cbe5b48.htp 8192 bytes
c:\windows\TEMP\cch~2441b5fd4.htp 8192 bytes
c:\windows\TEMP\cch~d6ead392.htp 8192 bytes
c:\windows\TEMP\cch~d6ead8ef.htp 8192 bytes
c:\windows\TEMP\cch~2289d6b3.htp 8192 bytes
c:\windows\TEMP\cch~d02df124.htp 8192 bytes
c:\windows\TEMP\cch~d02dfa37.htp 8192 bytes
c:\windows\TEMP\cch~d02e10b9.htp 8192 bytes
c:\windows\TEMP\cch~d02e1819.htp 8192 bytes
c:\windows\TEMP\cch~4060f760e.htp 8192 bytes
c:\windows\TEMP\cch~9b89fd581.htp 8192 bytes
c:\windows\TEMP\cch~94823d8bf.htp 8192 bytes
c:\windows\TEMP\cch~94824d17b.htp 8192 bytes
c:\windows\TEMP\cch~94826bd09.htp 8192 bytes
c:\windows\TEMP\cch~94826c224.htp 8192 bytes
c:\windows\TEMP\cch~91883815e.htp 8192 bytes
c:\windows\TEMP\cch~918838772.htp 8192 bytes
c:\windows\TEMP\cch~91a982fe7.htp 8192 bytes
c:\windows\TEMP\cch~91a983a09.htp 8192 bytes
c:\windows\TEMP\cch~91ab33fac.htp 8192 bytes
c:\windows\TEMP\cch~91ab344f6.htp 8192 bytes
c:\windows\TEMP\cch~91b12ebae.htp 8192 bytes
c:\windows\TEMP\cch~267d7ba5.htp 8192 bytes
c:\windows\TEMP\cch~78184101.htp 8192 bytes
c:\windows\TEMP\cch~621f13b22.htp 8192 bytes
c:\windows\TEMP\cch~874fb929b.htp 8192 bytes
c:\windows\TEMP\cch~29d1d590d.htp 8192 bytes
c:\windows\TEMP\cch~2ab00d860.htp 8192 bytes
c:\windows\TEMP\cch~2acae39b0.htp 8192 bytes
c:\windows\TEMP\cch~9010478f8.htp 8192 bytes
c:\windows\TEMP\cch~6a0d36b2a.htp 8192 bytes
c:\windows\TEMP\cch~5803e4f67.htp 8192 bytes
c:\windows\TEMP\cch~ea0ac943.htp 8192 bytes
c:\windows\TEMP\cch~ea0ace72.htp 8192 bytes
c:\windows\TEMP\cch~ea0ae3f4.htp 8192 bytes
c:\windows\TEMP\cch~86486d1f.htp 8192 bytes
c:\windows\TEMP\cch~8b0dddf40.htp 8192 bytes
c:\windows\TEMP\cch~8b0dde535.htp 8192 bytes
c:\windows\TEMP\cch~8be429f6e.htp 8192 bytes
c:\windows\TEMP\cch~8be42a599.htp 8192 bytes
c:\windows\TEMP\cch~8c030e73.htp 8192 bytes
c:\windows\TEMP\cch~20cbe6129.htp 8192 bytes
c:\windows\TEMP\cch~214fbe7a8.htp 8192 bytes
c:\windows\TEMP\cch~2166b7b1.htp
c:\windows\TEMP\cch~2191a1051.htp 8192 bytes
c:\windows\TEMP\cch~2289e0ca.htp 8192 bytes
c:\windows\TEMP\cch~22de2d33.htp 8192 bytes
c:\windows\TEMP\cch~cb721c17.htp 8192 bytes
c:\windows\TEMP\cch~b6bf1a8a.htp 8192 bytes
c:\windows\TEMP\cch~bef98779.htp 8192 bytes
c:\windows\TEMP\cch~bef990d0.htp 8192 bytes
c:\windows\TEMP\cch~91b5f196b.htp 8192 bytes
c:\windows\TEMP\cch~87e8b18e2.htp 8192 bytes
c:\windows\TEMP\cch~927ecbea2.htp 8192 bytes
c:\windows\TEMP\cch~927ecdbce.htp 8192 bytes
c:\windows\TEMP\cch~92831ceb5.htp 8192 bytes
c:\windows\TEMP\cch~9287f4dd0.htp 8192 bytes
c:\windows\TEMP\cch~9287fc45f.htp 8192 bytes
c:\windows\TEMP\cch~928a8b56c.htp 8192 bytes
c:\windows\TEMP\cch~928a9bdad.htp 8192 bytes
c:\windows\TEMP\cch~928e52caa.htp 8192 bytes
c:\windows\TEMP\cch~9511aea2f.htp 8192 bytes
c:\windows\TEMP\cch~9511cb88e.htp 8192 bytes
c:\windows\TEMP\cch~9511d807d.htp 8192 bytes
c:\windows\TEMP\cch~9511e6838.htp 8192 bytes
c:\windows\TEMP\cch~951252b73.htp 8192 bytes
c:\windows\TEMP\cch~951289955.htp 8192 bytes
c:\windows\TEMP\cch~9512963ca.htp 8192 bytes
c:\windows\TEMP\cch~95184b6eb.htp 8192 bytes
c:\windows\TEMP\cch~951881b1f.htp 8192 bytes
c:\windows\TEMP\cch~9518c853e.htp 8192 bytes
c:\windows\TEMP\cch~9518e8ade.htp 8192 bytes
c:\windows\TEMP\cch~9540fb940.htp 8192 bytes
c:\windows\TEMP\cch~8889d8b23.htp 8192 bytes
c:\windows\TEMP\cch~8889d91ab.htp 8192 bytes
c:\windows\TEMP\cch~8899c4a2d.htp 8192 bytes
c:\windows\TEMP\cch~8899c4f53.htp 8192 bytes
c:\windows\TEMP\cch~89016625c.htp 8192 bytes
c:\windows\TEMP\cch~931ec5cd9.htp 8192 bytes
c:\windows\TEMP\cch~931f4dfc7.htp 8192 bytes
c:\windows\TEMP\cch~9366ebde7.htp 8192 bytes
c:\windows\TEMP\cch~e450ab79.htp 8192 bytes
c:\windows\TEMP\cch~aae7beb2.htp 8192 bytes
c:\windows\TEMP\cch~aae7c3c8.htp 8192 bytes
c:\windows\TEMP\cch~abc52b20.htp 8192 bytes
c:\windows\TEMP\cch~ac4d8310.htp 8192 bytes
c:\windows\TEMP\cch~ae2f1349.htp 8192 bytes
c:\windows\TEMP\cch~b1803d3b.htp 8192 bytes
c:\windows\TEMP\cch~b6bf222a.htp 8192 bytes
c:\windows\TEMP\cch~b0fd913d.htp 8192 bytes
c:\windows\TEMP\cch~b0fd9a90.htp 8192 bytes
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fuibhn]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaedsws]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\noxbsc]
"ServiceDll"="c:\windows\system32\uyxuush.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.EXE'(748)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-05 11:22 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-10-05 05:33
Pre-Run: 33,394,794,496 bytes free
Post-Run: 33,544,667,136 bytes free
439
Logfile of random's system information tool 1.06 (written by random/random)
Run by Shakya Sir at 2009-10-05 12:27:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (80%) free of 40 GB
Total RAM: 1014 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:51 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Shakya Sir\Desktop\RSIT.exe
C:\Program Files\trend micro\Shakya Sir.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nitc.gov.np/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\s,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-602162358-484763869-1417001333-500\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Administrator')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DED92D1-0C77-4F4F-B63D-60CE46CD3D74}: NameServer = 202.63.240.3,202.63.240.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 7328 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-02-04 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-21 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-05-26 4351216]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-11 39408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e4ae1c6-54ea-11de-8478-001d72193df1}]
shell\AutoRun\command - G:\iph.exe %1
shell\Explore\command - G:\iph.exe %1
shell\Open\command - G:\iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f7b3a0-5e62-11de-84aa-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22ed262c-5f22-11de-84ad-001d72193df1}]
shell\auTopLAy\command - G:\nwawki.exe
shell\AutoRun\command - G:\nwawki.exe
shell\exPlORE\command - G:\nwawki.exe
shell\Open\command - G:\nwawki.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3815d86e-23ea-11de-83a8-001d72193df1}]
shell\AutoRun\command - cmd /c start "" "Readme\Manual.html"
shell\explore\command - cmd /c start "" "README\Manual.htmL"
shell\open\command - cmd /c start "" "ReadME\Manual.html"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f7f249a-3485-11de-83ed-001d72193df1}]
shell\Auto\command - Recycled/dllcache32.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
shell\explore\command - Recycled/dllcache32.exe
shell\open\command - Recycled/dllcache32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8b26ba-7bfb-11de-854f-001d72193df1}]
shell\AutoRun\command - G:\hm1bfpuj.exe
shell\open\command - G:\hm1bfpuj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6b3ecc-7be6-11de-854d-001d72193df1}]
shell\aUtopLAy\command - G:\rdql.pif
shell\AutoRun\command - G:\rdql.pif
shell\eXplore\command - G:\rdql.pif
shell\oPen\command - G:\rdql.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{736e7203-7dee-11de-8557-001d72193df1}]
shell\1\command - Recycled.exe
shell\2\command - Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
shell\Explore\command - iph.exe %1
shell\Open\command - iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a9bfae-7be7-11de-854e-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
shell\Open\command - G:\regsvr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{967a1bb1-a73b-11de-85e7-001d72193df1}]
shell\AutoRun\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
shell\open\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14b90b4-63a5-11de-84cc-001d72193df1}]
shell\AuTOplaY\command - G:\kvkmy.exe
shell\AutoRun\command - G:\kvkmy.exe
shell\ExpLoRe\command - G:\kvkmy.exe
shell\opeN\command - G:\kvkmy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494da-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494db-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - L:\rx.exe
shell\open\command - L:\rx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c415a928-6241-11de-84c4-001d72193df1}]
shell\AutoRun\command - G:\gpcdt.cmd
shell\open\command - G:\gpcdt.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb559e7f-822d-11de-856f-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gphone.exe
shell\Open\command - G:\gphone.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1103274-1cf8-11de-838b-001d72193df1}]
shell\auto\command - G:\auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
======List of files/folders created in the last 1 months======
2009-10-05 12:01:34 ----SHD---- C:\RECYCLER
2009-10-05 11:22:38 ----A---- C:\ComboFix.txt
2009-10-05 11:10:17 ----D---- C:\WINDOWS\ERDNT
2009-10-05 11:07:55 ----D---- C:\Qoobox
2009-10-04 10:55:47 ----D---- C:\rsit
2009-10-02 07:37:39 ----D---- C:\global ITTP ITPP2009
2009-10-01 15:51:19 ----D---- C:\WINDOWS\pss
2009-10-01 15:40:38 ----A---- C:\mbam-log-2009-10-01 (15-40-22).txt
2009-10-01 15:16:03 ----D---- C:\Program Files\CCleaner
2009-10-01 15:14:47 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Malwarebytes
2009-10-01 15:14:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-01 15:14:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-01 15:13:09 ----D---- C:\Program Files\Trend Micro
2009-09-29 20:18:39 ----D---- C:\Program Files\MSECache
2009-09-29 17:44:02 ----D---- C:\Program Files\AOFR
2009-09-19 21:03:02 ----D---- C:\Program Files\Microsoft
2009-09-19 21:02:30 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-19 21:02:00 ----D---- C:\Program Files\Windows Live
2009-09-16 21:29:15 ----D---- C:\Program Files\Common Files\Windows Live
======List of files/folders modified in the last 1 months======
2009-10-05 12:27:46 ----AD---- C:\WINDOWS\Temp
2009-10-05 12:16:14 ----D---- C:\Program Files\Mozilla Firefox
2009-10-05 12:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-05 12:02:07 ----D---- C:\WINDOWS\system32\config
2009-10-05 12:01:49 ----D---- C:\WINDOWS\system32\wbem
2009-10-05 12:01:49 ----D---- C:\WINDOWS\Registration
2009-10-05 12:01:36 ----D---- C:\WINDOWS\system32
2009-10-05 12:01:36 ----D---- C:\WINDOWS
2009-10-05 12:01:35 ----SHD---- C:\WINDOWS\Installer
2009-10-05 12:01:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-05 12:01:09 ----D---- C:\WINDOWS\system32\Restore
2009-10-05 11:56:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-05 11:22:44 ----D---- C:\WINDOWS\system32\drivers
2009-10-05 11:17:13 ----A---- C:\WINDOWS\system.ini
2009-10-05 11:16:00 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-05 11:12:54 ----D---- C:\WINDOWS\AppPatch
2009-10-05 11:12:51 ----D---- C:\Program Files\Common Files
2009-10-05 07:38:12 ----D---- C:\WINDOWS\Prefetch
2009-10-04 14:56:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-01 15:52:15 ----SH---- C:\boot.ini
2009-10-01 15:52:15 ----A---- C:\WINDOWS\win.ini
2009-10-01 15:40:22 ----D---- C:\WINDOWS\system
2009-10-01 15:16:03 ----RD---- C:\Program Files
2009-09-30 13:33:56 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Skype
2009-09-29 20:18:56 ----RD---- C:\WINDOWS\Fonts
2009-09-29 20:18:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-29 20:18:52 ----D---- C:\Program Files\Microsoft Office
2009-09-29 17:44:23 ----HD---- C:\WINDOWS\inf
2009-09-29 07:06:15 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\skypePM
2009-09-23 21:40:53 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-09-19 21:23:00 ----D---- C:\Program Files\Messenger
2009-09-19 21:03:20 ----D---- C:\WINDOWS\WinSxS
2009-09-19 21:02:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-19 20:58:51 ----SD---- C:\Documents and Settings\Shakya Sir\Application Data\Microsoft
2009-09-18 12:00:49 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\U3
2009-09-10 20:16:18 ----D---- C:\WINDOWS\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-01 226832]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-10 1163616]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-10-03 158208]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 Cam5607;Acer Crystal Eye webcam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-07-27 974248]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-06 4613120]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2009-03-09 56384]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 RapidPort;RapidPort; \??\C:&
If you run a system restore AFTER Combofix, the bad files may have been restored. 
Better reinstall the wireless driver from the original CD, as the existing one may have been infected. Btw, you picked this infection from an infected removable media (pendrive or external disk).
- Download and unzip The Avenger from http://swandog46.geekstogo.com/avenger.zip to your desktop
- Start up Avenger.
- In the box that opens, copy, then paste the text in the code box below.
- Click "Execute".
- Press OK at the prompts to reboot your PC.
After your system restarts, a log file should open with the results of Avenger’s actions. Please post this log here along with a fresh RSIT log.
Chris
Better reinstall the wireless driver from the original CD, as the existing one may have been infected. Btw, you picked this infection from an infected removable media (pendrive or external disk).
- Download and unzip The Avenger from http://swandog46.geekstogo.com/avenger.zip to your desktop
- Start up Avenger.
- In the box that opens, copy, then paste the text in the code box below.
CODE
Files to delete:
c:\windows\system32\Drivers\rqurmbxt.sys
c:\windows\System32\Drivers\jgkxktxp.sys
c:\windows\system32\01.tmp
c:\windows\system32\01.tmp
c:\windows\system32\uyxuush.dll
Registry keys to delete:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fuibhn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaedsws]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\noxbsc]
c:\windows\system32\Drivers\rqurmbxt.sys
c:\windows\System32\Drivers\jgkxktxp.sys
c:\windows\system32\01.tmp
c:\windows\system32\01.tmp
c:\windows\system32\uyxuush.dll
Registry keys to delete:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fuibhn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaedsws]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\noxbsc]
- Click "Execute".
- Press OK at the prompts to reboot your PC.
After your system restarts, a log file should open with the results of Avenger’s actions. Please post this log here along with a fresh RSIT log.
Chris
now my lap top is somewhere else..i will get in after 3-4 days...as soon as i get my lap top i will run that avenger tool and post the log of avenger and RIST....
thanx a lot for ur help.
thanx a lot for ur help.
i run the avenger but i got the error message:
Error:invalid registry syntax in command
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]only registry key under the hkey local machine hive are accesible to this program
skipping line(registry key deletion line)
Error:invalid registry syntax in command
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]only registry key under the hkey local machine hive are accesible to this program
skipping line(registry key deletion line)
Run The Avenger with the following code (I need to make sure that the bad files are no longer there):
- Click "Execute".
- Press OK at the prompts to reboot your PC.
After your system restarts, a log file should open with the results of Avenger’s actions. Please post this log here along with a fresh RSIT log.
Chris
CODE
Files to delete:
c:\windows\system32\Drivers\rqurmbxt.sys
c:\windows\System32\Drivers\jgkxktxp.sys
c:\windows\system32\01.tmp
c:\windows\system32\01.tmp
c:\windows\system32\uyxuush.dll
c:\windows\system32\Drivers\rqurmbxt.sys
c:\windows\System32\Drivers\jgkxktxp.sys
c:\windows\system32\01.tmp
c:\windows\system32\01.tmp
c:\windows\system32\uyxuush.dll
- Click "Execute".
- Press OK at the prompts to reboot your PC.
After your system restarts, a log file should open with the results of Avenger’s actions. Please post this log here along with a fresh RSIT log.
Chris
i have another one problem..evry time when i log on to xp ere comes a dialogue box sayin
system file:
Runtime error'13':
Type mismatch
my avenger and rist and logs are:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Mon Oct 12 11:35:58 2009
11:35:46: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:35:54: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:35:57: Error: Execution aborted by user!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Mon Oct 12 11:36:56 2009
11:36:52: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:36:56: Error: Execution aborted by user!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Mon Oct 12 11:37:51 2009
11:37:45: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:37:48: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:37:51: Error: Execution aborted by user!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Mon Oct 12 11:47:37 2009
11:47:31: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:47:34: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:47:37: Error: Execution aborted by user!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "c:\windows\system32\Drivers\rqurmbxt.sys" not found!
Deletion of file "c:\windows\system32\Drivers\rqurmbxt.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\System32\Drivers\jgkxktxp.sys" not found!
Deletion of file "c:\windows\System32\Drivers\jgkxktxp.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\01.tmp" not found!
Deletion of file "c:\windows\system32\01.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\01.tmp" not found!
Deletion of file "c:\windows\system32\01.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\uyxuush.dll" not found!
Deletion of file "c:\windows\system32\uyxuush.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Rist log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Shakya Sir at 2009-10-13 16:32:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (80%) free of 40 GB
Total RAM: 1014 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:35 PM, on 10/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Shakya Sir\Desktop\RSIT.exe
C:\Program Files\trend micro\Shakya Sir.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe, C:\WINDOWS\system\svchost.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\s,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DED92D1-0C77-4F4F-B63D-60CE46CD3D74}: NameServer = 202.63.240.3,202.63.240.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 6779 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-02-04 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-21 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-05-26 4351216]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e4ae1c6-54ea-11de-8478-001d72193df1}]
shell\AutoRun\command - G:\iph.exe %1
shell\Explore\command - G:\iph.exe %1
shell\Open\command - G:\iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f7b3a0-5e62-11de-84aa-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22ed262c-5f22-11de-84ad-001d72193df1}]
shell\auTopLAy\command - G:\nwawki.exe
shell\AutoRun\command - G:\nwawki.exe
shell\exPlORE\command - G:\nwawki.exe
shell\Open\command - G:\nwawki.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3815d86e-23ea-11de-83a8-001d72193df1}]
shell\AutoRun\command - H:\iph.exe %1
shell\Explore\command - H:\iph.exe %1
shell\Open\command - H:\iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f7f249a-3485-11de-83ed-001d72193df1}]
shell\Auto\command - Recycled/dllcache32.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
shell\explore\command - Recycled/dllcache32.exe
shell\open\command - Recycled/dllcache32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8b26ba-7bfb-11de-854f-001d72193df1}]
shell\AutoRun\command - G:\hm1bfpuj.exe
shell\open\command - G:\hm1bfpuj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6b3ecc-7be6-11de-854d-001d72193df1}]
shell\aUtopLAy\command - G:\rdql.pif
shell\AutoRun\command - G:\rdql.pif
shell\eXplore\command - G:\rdql.pif
shell\oPen\command - G:\rdql.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{736e7203-7dee-11de-8557-001d72193df1}]
shell\1\command - Recycled.exe
shell\2\command - Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
shell\Explore\command - iph.exe %1
shell\Open\command - iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a9bfae-7be7-11de-854e-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
shell\Open\command - G:\regsvr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{967a1bb1-a73b-11de-85e7-001d72193df1}]
shell\AutoRun\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
shell\open\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14b90b4-63a5-11de-84cc-001d72193df1}]
shell\AuTOplaY\command - G:\kvkmy.exe
shell\AutoRun\command - G:\kvkmy.exe
shell\ExpLoRe\command - G:\kvkmy.exe
shell\opeN\command - G:\kvkmy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494da-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494db-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - L:\rx.exe
shell\open\command - L:\rx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c415a928-6241-11de-84c4-001d72193df1}]
shell\AutoRun\command - G:\gpcdt.cmd
shell\open\command - G:\gpcdt.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb559e7f-822d-11de-856f-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gphone.exe
shell\Open\command - G:\gphone.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1103274-1cf8-11de-838b-001d72193df1}]
shell\auto\command - G:\auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
======List of files/folders created in the last 1 months======
2009-10-13 16:21:19 ----D---- C:\Avenger
2009-10-12 11:35:58 ----A---- C:\avenger.txt
2009-10-05 12:01:34 ----SHD---- C:\RECYCLER
2009-10-05 11:22:38 ----A---- C:\ComboFix.txt
2009-10-05 11:10:17 ----D---- C:\WINDOWS\ERDNT
2009-10-05 11:07:55 ----D---- C:\Qoobox
2009-10-04 10:55:47 ----D---- C:\rsit
2009-10-01 15:51:19 ----D---- C:\WINDOWS\pss
2009-10-01 15:40:38 ----A---- C:\mbam-log-2009-10-01 (15-40-22).txt
2009-10-01 15:16:03 ----D---- C:\Program Files\CCleaner
2009-10-01 15:14:47 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Malwarebytes
2009-10-01 15:14:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-01 15:14:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-01 15:13:09 ----D---- C:\Program Files\Trend Micro
2009-09-29 20:18:39 ----D---- C:\Program Files\MSECache
2009-09-29 17:44:02 ----D---- C:\Program Files\AOFR
2009-09-19 21:03:02 ----D---- C:\Program Files\Microsoft
2009-09-19 21:02:30 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-19 21:02:00 ----D---- C:\Program Files\Windows Live
2009-09-16 21:29:15 ----D---- C:\Program Files\Common Files\Windows Live
======List of files/folders modified in the last 1 months======
2009-10-13 16:28:27 ----AD---- C:\WINDOWS\Temp
2009-10-13 16:23:29 ----D---- C:\Program Files\Mozilla Firefox
2009-10-13 16:22:54 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-13 16:21:19 ----RD---- C:\Program Files
2009-10-13 16:21:19 ----D---- C:\WINDOWS\system32\drivers
2009-10-13 16:20:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-12 22:02:51 ----D---- C:\WINDOWS\Prefetch
2009-10-12 20:29:47 ----SHD---- C:\WINDOWS\Installer
2009-10-12 11:47:37 ----D---- C:\WINDOWS
2009-10-10 10:47:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-07 11:31:59 ----D---- C:\WINDOWS\Minidump
2009-10-07 11:31:59 ----D---- C:\WINDOWS\Debug
2009-10-06 22:15:31 ----D---- C:\WINDOWS\system
2009-10-05 12:02:07 ----D---- C:\WINDOWS\system32\config
2009-10-05 12:01:49 ----D---- C:\WINDOWS\system32\wbem
2009-10-05 12:01:49 ----D---- C:\WINDOWS\Registration
2009-10-05 12:01:36 ----D---- C:\WINDOWS\system32
2009-10-05 12:01:09 ----D---- C:\WINDOWS\system32\Restore
2009-10-05 11:17:13 ----A---- C:\WINDOWS\system.ini
2009-10-05 11:16:00 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-05 11:12:54 ----D---- C:\WINDOWS\AppPatch
2009-10-05 11:12:51 ----D---- C:\Program Files\Common Files
2009-10-04 14:56:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-01 15:52:15 ----SH---- C:\boot.ini
2009-10-01 15:52:15 ----A---- C:\WINDOWS\win.ini
2009-09-30 13:33:56 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Skype
2009-09-29 20:18:56 ----RD---- C:\WINDOWS\Fonts
2009-09-29 20:18:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-29 20:18:52 ----D---- C:\Program Files\Microsoft Office
2009-09-29 17:44:23 ----HD---- C:\WINDOWS\inf
2009-09-29 07:06:15 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\skypePM
2009-09-19 21:23:00 ----D---- C:\Program Files\Messenger
2009-09-19 21:03:20 ----D---- C:\WINDOWS\WinSxS
2009-09-19 21:02:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-19 20:58:51 ----SD---- C:\Documents and Settings\Shakya Sir\Application Data\Microsoft
2009-09-18 12:00:49 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\U3
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-01 226832]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-10 1163616]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-10-03 158208]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 Cam5607;Acer Crystal Eye webcam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-07-27 974248]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-06 4613120]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2009-03-09 56384]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 RapidPort;RapidPort; \??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-24 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-04-01 55352]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-24 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-24 67960]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 fuibhn;fuibhn; \??\C:\WINDOWS\system32\01.tmp []
S3 gaedsws;gaedsws; \??\C:\WINDOWS\system32\01.tmp []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 jgkxktxp;jgkxktxp; \??\C:\WINDOWS\System32\Drivers\jgkxktxp.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler; C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2007-02-09 169664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 MWAgent;MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [2007-12-13 415232]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 wampapache;wampapache; c:\wamp\apache\Apache.exe [2004-10-28 20545]
S3 wampmysqld;wampmysqld; c:\wamp\mysql\bin\mysqld-nt.exe [2004-12-15 3493888]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
system file:
Runtime error'13':
Type mismatch
my avenger and rist and logs are:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Mon Oct 12 11:35:58 2009
11:35:46: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:35:54: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:35:57: Error: Execution aborted by user!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Mon Oct 12 11:36:56 2009
11:36:52: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:36:56: Error: Execution aborted by user!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Mon Oct 12 11:37:51 2009
11:37:45: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:37:48: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:37:51: Error: Execution aborted by user!
//////////////////////////////////////////
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 3)
Mon Oct 12 11:47:37 2009
11:47:31: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:47:34: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)
11:47:37: Error: Execution aborted by user!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "c:\windows\system32\Drivers\rqurmbxt.sys" not found!
Deletion of file "c:\windows\system32\Drivers\rqurmbxt.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\System32\Drivers\jgkxktxp.sys" not found!
Deletion of file "c:\windows\System32\Drivers\jgkxktxp.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\01.tmp" not found!
Deletion of file "c:\windows\system32\01.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\01.tmp" not found!
Deletion of file "c:\windows\system32\01.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\uyxuush.dll" not found!
Deletion of file "c:\windows\system32\uyxuush.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
Rist log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Shakya Sir at 2009-10-13 16:32:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (80%) free of 40 GB
Total RAM: 1014 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:35 PM, on 10/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Shakya Sir\Desktop\RSIT.exe
C:\Program Files\trend micro\Shakya Sir.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe, C:\WINDOWS\system\svchost.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\s,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DED92D1-0C77-4F4F-B63D-60CE46CD3D74}: NameServer = 202.63.240.3,202.63.240.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 6779 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-02-04 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-21 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-05-26 4351216]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e4ae1c6-54ea-11de-8478-001d72193df1}]
shell\AutoRun\command - G:\iph.exe %1
shell\Explore\command - G:\iph.exe %1
shell\Open\command - G:\iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f7b3a0-5e62-11de-84aa-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22ed262c-5f22-11de-84ad-001d72193df1}]
shell\auTopLAy\command - G:\nwawki.exe
shell\AutoRun\command - G:\nwawki.exe
shell\exPlORE\command - G:\nwawki.exe
shell\Open\command - G:\nwawki.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3815d86e-23ea-11de-83a8-001d72193df1}]
shell\AutoRun\command - H:\iph.exe %1
shell\Explore\command - H:\iph.exe %1
shell\Open\command - H:\iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f7f249a-3485-11de-83ed-001d72193df1}]
shell\Auto\command - Recycled/dllcache32.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
shell\explore\command - Recycled/dllcache32.exe
shell\open\command - Recycled/dllcache32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8b26ba-7bfb-11de-854f-001d72193df1}]
shell\AutoRun\command - G:\hm1bfpuj.exe
shell\open\command - G:\hm1bfpuj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6b3ecc-7be6-11de-854d-001d72193df1}]
shell\aUtopLAy\command - G:\rdql.pif
shell\AutoRun\command - G:\rdql.pif
shell\eXplore\command - G:\rdql.pif
shell\oPen\command - G:\rdql.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{736e7203-7dee-11de-8557-001d72193df1}]
shell\1\command - Recycled.exe
shell\2\command - Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
shell\Explore\command - iph.exe %1
shell\Open\command - iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a9bfae-7be7-11de-854e-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
shell\Open\command - G:\regsvr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{967a1bb1-a73b-11de-85e7-001d72193df1}]
shell\AutoRun\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
shell\open\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14b90b4-63a5-11de-84cc-001d72193df1}]
shell\AuTOplaY\command - G:\kvkmy.exe
shell\AutoRun\command - G:\kvkmy.exe
shell\ExpLoRe\command - G:\kvkmy.exe
shell\opeN\command - G:\kvkmy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494da-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494db-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - L:\rx.exe
shell\open\command - L:\rx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c415a928-6241-11de-84c4-001d72193df1}]
shell\AutoRun\command - G:\gpcdt.cmd
shell\open\command - G:\gpcdt.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb559e7f-822d-11de-856f-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gphone.exe
shell\Open\command - G:\gphone.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1103274-1cf8-11de-838b-001d72193df1}]
shell\auto\command - G:\auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
======List of files/folders created in the last 1 months======
2009-10-13 16:21:19 ----D---- C:\Avenger
2009-10-12 11:35:58 ----A---- C:\avenger.txt
2009-10-05 12:01:34 ----SHD---- C:\RECYCLER
2009-10-05 11:22:38 ----A---- C:\ComboFix.txt
2009-10-05 11:10:17 ----D---- C:\WINDOWS\ERDNT
2009-10-05 11:07:55 ----D---- C:\Qoobox
2009-10-04 10:55:47 ----D---- C:\rsit
2009-10-01 15:51:19 ----D---- C:\WINDOWS\pss
2009-10-01 15:40:38 ----A---- C:\mbam-log-2009-10-01 (15-40-22).txt
2009-10-01 15:16:03 ----D---- C:\Program Files\CCleaner
2009-10-01 15:14:47 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Malwarebytes
2009-10-01 15:14:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-01 15:14:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-01 15:13:09 ----D---- C:\Program Files\Trend Micro
2009-09-29 20:18:39 ----D---- C:\Program Files\MSECache
2009-09-29 17:44:02 ----D---- C:\Program Files\AOFR
2009-09-19 21:03:02 ----D---- C:\Program Files\Microsoft
2009-09-19 21:02:30 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-19 21:02:00 ----D---- C:\Program Files\Windows Live
2009-09-16 21:29:15 ----D---- C:\Program Files\Common Files\Windows Live
======List of files/folders modified in the last 1 months======
2009-10-13 16:28:27 ----AD---- C:\WINDOWS\Temp
2009-10-13 16:23:29 ----D---- C:\Program Files\Mozilla Firefox
2009-10-13 16:22:54 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-13 16:21:19 ----RD---- C:\Program Files
2009-10-13 16:21:19 ----D---- C:\WINDOWS\system32\drivers
2009-10-13 16:20:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-12 22:02:51 ----D---- C:\WINDOWS\Prefetch
2009-10-12 20:29:47 ----SHD---- C:\WINDOWS\Installer
2009-10-12 11:47:37 ----D---- C:\WINDOWS
2009-10-10 10:47:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-07 11:31:59 ----D---- C:\WINDOWS\Minidump
2009-10-07 11:31:59 ----D---- C:\WINDOWS\Debug
2009-10-06 22:15:31 ----D---- C:\WINDOWS\system
2009-10-05 12:02:07 ----D---- C:\WINDOWS\system32\config
2009-10-05 12:01:49 ----D---- C:\WINDOWS\system32\wbem
2009-10-05 12:01:49 ----D---- C:\WINDOWS\Registration
2009-10-05 12:01:36 ----D---- C:\WINDOWS\system32
2009-10-05 12:01:09 ----D---- C:\WINDOWS\system32\Restore
2009-10-05 11:17:13 ----A---- C:\WINDOWS\system.ini
2009-10-05 11:16:00 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-05 11:12:54 ----D---- C:\WINDOWS\AppPatch
2009-10-05 11:12:51 ----D---- C:\Program Files\Common Files
2009-10-04 14:56:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-01 15:52:15 ----SH---- C:\boot.ini
2009-10-01 15:52:15 ----A---- C:\WINDOWS\win.ini
2009-09-30 13:33:56 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Skype
2009-09-29 20:18:56 ----RD---- C:\WINDOWS\Fonts
2009-09-29 20:18:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-29 20:18:52 ----D---- C:\Program Files\Microsoft Office
2009-09-29 17:44:23 ----HD---- C:\WINDOWS\inf
2009-09-29 07:06:15 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\skypePM
2009-09-19 21:23:00 ----D---- C:\Program Files\Messenger
2009-09-19 21:03:20 ----D---- C:\WINDOWS\WinSxS
2009-09-19 21:02:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-19 20:58:51 ----SD---- C:\Documents and Settings\Shakya Sir\Application Data\Microsoft
2009-09-18 12:00:49 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\U3
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-01 226832]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-10 1163616]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-10-03 158208]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 Cam5607;Acer Crystal Eye webcam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-07-27 974248]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-06 4613120]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2009-03-09 56384]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 RapidPort;RapidPort; \??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-24 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-04-01 55352]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-24 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-24 67960]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 fuibhn;fuibhn; \??\C:\WINDOWS\system32\01.tmp []
S3 gaedsws;gaedsws; \??\C:\WINDOWS\system32\01.tmp []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 jgkxktxp;jgkxktxp; \??\C:\WINDOWS\System32\Drivers\jgkxktxp.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler; C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2007-02-09 169664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 MWAgent;MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [2007-12-13 415232]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 wampapache;wampapache; c:\wamp\apache\Apache.exe [2004-10-28 20545]
S3 wampmysqld;wampmysqld; c:\wamp\mysql\bin\mysqld-nt.exe [2004-12-15 3493888]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
QUOTE
i have another one problem..evry time when i log on to xp ere comes a dialogue box sayin
system file:
Runtime error'13':
Type mismatch
system file:
Runtime error'13':
Type mismatch
No file name in this message box ? It may be a corrupted cluster on your disk...
Did you try to run chkdsk /r ?
Your RSIT log shows a bunch of registry keys which should not be there. They are normally created when the system is infected by a removable media, such as a pendrive or external disk.
Run The Avenger with the following code (it's known as part of a backdoor trojan, Spam Mailbot):
CODE
Files to delete:
C:\WINDOWS\system32\DRIVERS\ndisio.sys
C:\WINDOWS\system32\DRIVERS\ndisio.sys
Click "Execute" and post the Avenger's log.
Let me know if the message is still coming...
Chris
yes i run chkdsk/r and the message is still coming...i will post my avengers log in next post...cos i misplaced it....
still coming error
system file:
Runtime error'13':
Type mismatch
the avenger log is:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\DRIVERS\ndisio.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
system file:
Runtime error'13':
Type mismatch
the avenger log is:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\DRIVERS\ndisio.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Well, it's not from a critical file, otherwise, your system will hang or BSOD.
Let's clean your registry.
- Please create a fresh restore point before.
- Start Ccleaner;
- Click the Registry icon at left;
- Make sure that all checkboxes are checked;
- Click the Scan for Issues button;
- Select (checkmark) all problems found and click the Fix selected Issues button at right;
- Click Yes on the "Do you want to backup changes to the registry" window;
- Save the registry backup file;
- Click Fix All Issues (you may need to confirm, please do so);
- Close Ccleaner and restart your system.
The startup message may be gone. If it's still appearing, you may run the System File Checker (depending on the file to be repaired, you may need your XP CD):
- Click <Start/Run> type in sfc /scannow (Enter) -->there is a space between sfc and /scannow.
- Windows will perform the check and try to retrieve corrupted or missing system files from your i386 folder, or ask for your XP CD if unable to find the file.
Let me know how it goes and post a fresh RSIT log.
Chris
Let's clean your registry.
- Please create a fresh restore point before.
- Start Ccleaner;
- Click the Registry icon at left;
- Make sure that all checkboxes are checked;
- Click the Scan for Issues button;
- Select (checkmark) all problems found and click the Fix selected Issues button at right;
- Click Yes on the "Do you want to backup changes to the registry" window;
- Save the registry backup file;
- Click Fix All Issues (you may need to confirm, please do so);
- Close Ccleaner and restart your system.
The startup message may be gone. If it's still appearing, you may run the System File Checker (depending on the file to be repaired, you may need your XP CD):
- Click <Start/Run> type in sfc /scannow (Enter) -->there is a space between sfc and /scannow.
- Windows will perform the check and try to retrieve corrupted or missing system files from your i386 folder, or ask for your XP CD if unable to find the file.
Let me know how it goes and post a fresh RSIT log.
Chris
that message doesnt go...
i dont have a xp bootable cd now..i will do a scan when i get the xp cd...
my rist log is:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Shakya Sir at 2009-10-16 13:14:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (80%) free of 40 GB
Total RAM: 1014 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:26 PM, on 10/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shakya Sir\Desktop\RSIT.exe
C:\Program Files\trend micro\Shakya Sir.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe, C:\WINDOWS\system\svchost.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\s,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{11FF3912-5791-4821-9CE1-6A023497FC21}: NameServer = 202.63.240.3,202.63.240.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{11FF3912-5791-4821-9CE1-6A023497FC21}: NameServer = 202.63.240.3,202.63.240.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{11FF3912-5791-4821-9CE1-6A023497FC21}: NameServer = 202.63.240.3,202.63.240.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 6946 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-02-04 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-21 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-05-26 4351216]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e4ae1c6-54ea-11de-8478-001d72193df1}]
shell\AutoRun\command - G:\iph.exe %1
shell\Explore\command - G:\iph.exe %1
shell\Open\command - G:\iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f7b3a0-5e62-11de-84aa-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22ed262c-5f22-11de-84ad-001d72193df1}]
shell\auTopLAy\command - G:\nwawki.exe
shell\AutoRun\command - G:\nwawki.exe
shell\exPlORE\command - G:\nwawki.exe
shell\Open\command - G:\nwawki.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3815d86e-23ea-11de-83a8-001d72193df1}]
shell\AutoRun\command - iph.exe %1
shell\Explore\command - iph.exe %1
shell\Open\command - iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f7f249a-3485-11de-83ed-001d72193df1}]
shell\Auto\command - Recycled/dllcache32.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
shell\explore\command - Recycled/dllcache32.exe
shell\open\command - Recycled/dllcache32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8b26ba-7bfb-11de-854f-001d72193df1}]
shell\AutoRun\command - G:\hm1bfpuj.exe
shell\open\command - G:\hm1bfpuj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6b3ecc-7be6-11de-854d-001d72193df1}]
shell\aUtopLAy\command - G:\rdql.pif
shell\AutoRun\command - G:\rdql.pif
shell\eXplore\command - G:\rdql.pif
shell\oPen\command - G:\rdql.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{736e7203-7dee-11de-8557-001d72193df1}]
shell\1\command - Recycled.exe
shell\2\command - Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
shell\Explore\command - iph.exe %1
shell\Open\command - iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a9bfae-7be7-11de-854e-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
shell\Open\command - G:\regsvr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{967a1bb1-a73b-11de-85e7-001d72193df1}]
shell\AutoRun\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
shell\open\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14b90b4-63a5-11de-84cc-001d72193df1}]
shell\AuTOplaY\command - G:\kvkmy.exe
shell\AutoRun\command - G:\kvkmy.exe
shell\ExpLoRe\command - G:\kvkmy.exe
shell\opeN\command - G:\kvkmy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494da-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494db-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - L:\rx.exe
shell\open\command - L:\rx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c415a928-6241-11de-84c4-001d72193df1}]
shell\AutoRun\command - G:\gpcdt.cmd
shell\open\command - G:\gpcdt.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb559e7f-822d-11de-856f-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gphone.exe
shell\Open\command - G:\gphone.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1103274-1cf8-11de-838b-001d72193df1}]
shell\auto\command - G:\auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
======List of files/folders created in the last 1 months======
2009-10-14 21:09:32 ----D---- C:\Program Files\Broadcom
2009-10-14 12:25:16 ----SHD---- C:\found.000
2009-10-14 12:18:20 ----A---- C:\avenger.txt
2009-10-14 12:17:23 ----A---- C:\zip.exe
2009-10-14 12:17:23 ----A---- C:\cleanup.exe
2009-10-14 12:17:23 ----A---- C:\cleanup.bat
2009-10-13 16:21:19 ----D---- C:\Avenger
2009-10-05 12:01:34 ----SHD---- C:\RECYCLER
2009-10-05 11:22:38 ----A---- C:\ComboFix.txt
2009-10-05 11:10:17 ----D---- C:\WINDOWS\ERDNT
2009-10-05 11:07:55 ----D---- C:\Qoobox
2009-10-04 10:55:47 ----D---- C:\rsit
2009-10-01 15:51:19 ----D---- C:\WINDOWS\pss
2009-10-01 15:40:38 ----A---- C:\mbam-log-2009-10-01 (15-40-22).txt
2009-10-01 15:16:03 ----D---- C:\Program Files\CCleaner
2009-10-01 15:14:47 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Malwarebytes
2009-10-01 15:14:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-01 15:14:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-01 15:13:09 ----D---- C:\Program Files\Trend Micro
2009-09-29 20:18:39 ----D---- C:\Program Files\MSECache
2009-09-29 17:44:02 ----D---- C:\Program Files\AOFR
2009-09-19 21:03:02 ----D---- C:\Program Files\Microsoft
2009-09-19 21:02:30 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-19 21:02:00 ----D---- C:\Program Files\Windows Live
======List of files/folders modified in the last 1 months======
2009-10-16 13:14:02 ----AD---- C:\WINDOWS\Temp
2009-10-16 13:11:50 ----D---- C:\Program Files\Mozilla Firefox
2009-10-16 13:11:02 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-16 13:08:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-16 13:05:08 ----D---- C:\WINDOWS\Prefetch
2009-10-16 13:01:36 ----D---- C:\WINDOWS
2009-10-15 10:36:17 ----HD---- C:\WINDOWS\inf
2009-10-15 10:36:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-15 10:23:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-14 23:04:21 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Skype
2009-10-14 22:07:40 ----D---- C:\WINDOWS\system32\drivers
2009-10-14 22:04:44 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\skypePM
2009-10-14 21:16:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-14 21:16:24 ----SHD---- C:\WINDOWS\Installer
2009-10-14 21:09:32 ----RD---- C:\Program Files
2009-10-14 21:09:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-07 11:31:59 ----D---- C:\WINDOWS\Minidump
2009-10-07 11:31:59 ----D---- C:\WINDOWS\Debug
2009-10-06 22:15:31 ----D---- C:\WINDOWS\system
2009-10-05 12:02:07 ----D---- C:\WINDOWS\system32\config
2009-10-05 12:01:49 ----D---- C:\WINDOWS\system32\wbem
2009-10-05 12:01:49 ----D---- C:\WINDOWS\Registration
2009-10-05 12:01:36 ----D---- C:\WINDOWS\system32
2009-10-05 12:01:09 ----D---- C:\WINDOWS\system32\Restore
2009-10-05 11:17:13 ----A---- C:\WINDOWS\system.ini
2009-10-05 11:16:00 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-05 11:12:54 ----D---- C:\WINDOWS\AppPatch
2009-10-05 11:12:51 ----D---- C:\Program Files\Common Files
2009-10-04 14:56:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-01 15:52:15 ----SH---- C:\boot.ini
2009-10-01 15:52:15 ----A---- C:\WINDOWS\win.ini
2009-09-29 20:18:56 ----RD---- C:\WINDOWS\Fonts
2009-09-29 20:18:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-29 20:18:52 ----D---- C:\Program Files\Microsoft Office
2009-09-19 21:23:00 ----D---- C:\Program Files\Messenger
2009-09-19 21:03:20 ----D---- C:\WINDOWS\WinSxS
2009-09-19 21:02:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-19 20:58:51 ----SD---- C:\Documents and Settings\Shakya Sir\Application Data\Microsoft
2009-09-18 12:00:49 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\U3
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-01 226832]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-10 1163616]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 Cam5607;Acer Crystal Eye webcam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-07-27 974248]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-06 4613120]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 RapidPort;RapidPort; \??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-24 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-04-01 55352]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-24 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-24 67960]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 fuibhn;fuibhn; \??\C:\WINDOWS\system32\01.tmp []
S3 gaedsws;gaedsws; \??\C:\WINDOWS\system32\01.tmp []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 jgkxktxp;jgkxktxp; \??\C:\WINDOWS\System32\Drivers\jgkxktxp.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler; C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2007-02-09 169664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 MWAgent;MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [2007-12-13 415232]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 wampapache;wampapache; c:\wamp\apache\Apache.exe [2004-10-28 20545]
S3 wampmysqld;wampmysqld; c:\wamp\mysql\bin\mysqld-nt.exe [2004-12-15 3493888]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
i dont have a xp bootable cd now..i will do a scan when i get the xp cd...
my rist log is:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Shakya Sir at 2009-10-16 13:14:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (80%) free of 40 GB
Total RAM: 1014 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:26 PM, on 10/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shakya Sir\Desktop\RSIT.exe
C:\Program Files\trend micro\Shakya Sir.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=explorer.exe, C:\WINDOWS\system\svchost.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,\s,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{11FF3912-5791-4821-9CE1-6A023497FC21}: NameServer = 202.63.240.3,202.63.240.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{11FF3912-5791-4821-9CE1-6A023497FC21}: NameServer = 202.63.240.3,202.63.240.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{11FF3912-5791-4821-9CE1-6A023497FC21}: NameServer = 202.63.240.3,202.63.240.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 6946 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-02-04 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-21 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-11 251504]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-14 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-05-26 4351216]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-06-06 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rnaoonwe.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rqurmbxt.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e4ae1c6-54ea-11de-8478-001d72193df1}]
shell\AutoRun\command - G:\iph.exe %1
shell\Explore\command - G:\iph.exe %1
shell\Open\command - G:\iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13f7b3a0-5e62-11de-84aa-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22ed262c-5f22-11de-84ad-001d72193df1}]
shell\auTopLAy\command - G:\nwawki.exe
shell\AutoRun\command - G:\nwawki.exe
shell\exPlORE\command - G:\nwawki.exe
shell\Open\command - G:\nwawki.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3815d86e-23ea-11de-83a8-001d72193df1}]
shell\AutoRun\command - iph.exe %1
shell\Explore\command - iph.exe %1
shell\Open\command - iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f7f249a-3485-11de-83ed-001d72193df1}]
shell\Auto\command - Recycled/dllcache32.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
shell\explore\command - Recycled/dllcache32.exe
shell\open\command - Recycled/dllcache32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8b26ba-7bfb-11de-854f-001d72193df1}]
shell\AutoRun\command - G:\hm1bfpuj.exe
shell\open\command - G:\hm1bfpuj.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f6b3ecc-7be6-11de-854d-001d72193df1}]
shell\aUtopLAy\command - G:\rdql.pif
shell\AutoRun\command - G:\rdql.pif
shell\eXplore\command - G:\rdql.pif
shell\oPen\command - G:\rdql.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{736e7203-7dee-11de-8557-001d72193df1}]
shell\1\command - Recycled.exe
shell\2\command - Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
shell\Explore\command - iph.exe %1
shell\Open\command - iph.exe %1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a9bfae-7be7-11de-854e-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
shell\Open\command - G:\regsvr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{967a1bb1-a73b-11de-85e7-001d72193df1}]
shell\AutoRun\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
shell\open\command - J:\RECYCLER\S-1-6-21-9432276501-9644491937-600001250-3300\fileaccess.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14b90b4-63a5-11de-84cc-001d72193df1}]
shell\AuTOplaY\command - G:\kvkmy.exe
shell\AutoRun\command - G:\kvkmy.exe
shell\ExpLoRe\command - G:\kvkmy.exe
shell\opeN\command - G:\kvkmy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494da-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53494db-0bda-11de-8340-001d72193df1}]
shell\AutoRun\command - L:\rx.exe
shell\open\command - L:\rx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c415a928-6241-11de-84c4-001d72193df1}]
shell\AutoRun\command - G:\gpcdt.cmd
shell\open\command - G:\gpcdt.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb559e7f-822d-11de-856f-001d72193df1}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gphone.exe
shell\Open\command - G:\gphone.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1103274-1cf8-11de-838b-001d72193df1}]
shell\auto\command - G:\auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
======List of files/folders created in the last 1 months======
2009-10-14 21:09:32 ----D---- C:\Program Files\Broadcom
2009-10-14 12:25:16 ----SHD---- C:\found.000
2009-10-14 12:18:20 ----A---- C:\avenger.txt
2009-10-14 12:17:23 ----A---- C:\zip.exe
2009-10-14 12:17:23 ----A---- C:\cleanup.exe
2009-10-14 12:17:23 ----A---- C:\cleanup.bat
2009-10-13 16:21:19 ----D---- C:\Avenger
2009-10-05 12:01:34 ----SHD---- C:\RECYCLER
2009-10-05 11:22:38 ----A---- C:\ComboFix.txt
2009-10-05 11:10:17 ----D---- C:\WINDOWS\ERDNT
2009-10-05 11:07:55 ----D---- C:\Qoobox
2009-10-04 10:55:47 ----D---- C:\rsit
2009-10-01 15:51:19 ----D---- C:\WINDOWS\pss
2009-10-01 15:40:38 ----A---- C:\mbam-log-2009-10-01 (15-40-22).txt
2009-10-01 15:16:03 ----D---- C:\Program Files\CCleaner
2009-10-01 15:14:47 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Malwarebytes
2009-10-01 15:14:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-01 15:14:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-01 15:13:09 ----D---- C:\Program Files\Trend Micro
2009-09-29 20:18:39 ----D---- C:\Program Files\MSECache
2009-09-29 17:44:02 ----D---- C:\Program Files\AOFR
2009-09-19 21:03:02 ----D---- C:\Program Files\Microsoft
2009-09-19 21:02:30 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-19 21:02:00 ----D---- C:\Program Files\Windows Live
======List of files/folders modified in the last 1 months======
2009-10-16 13:14:02 ----AD---- C:\WINDOWS\Temp
2009-10-16 13:11:50 ----D---- C:\Program Files\Mozilla Firefox
2009-10-16 13:11:02 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-16 13:08:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-16 13:05:08 ----D---- C:\WINDOWS\Prefetch
2009-10-16 13:01:36 ----D---- C:\WINDOWS
2009-10-15 10:36:17 ----HD---- C:\WINDOWS\inf
2009-10-15 10:36:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-15 10:23:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-14 23:04:21 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\Skype
2009-10-14 22:07:40 ----D---- C:\WINDOWS\system32\drivers
2009-10-14 22:04:44 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\skypePM
2009-10-14 21:16:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-14 21:16:24 ----SHD---- C:\WINDOWS\Installer
2009-10-14 21:09:32 ----RD---- C:\Program Files
2009-10-14 21:09:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-07 11:31:59 ----D---- C:\WINDOWS\Minidump
2009-10-07 11:31:59 ----D---- C:\WINDOWS\Debug
2009-10-06 22:15:31 ----D---- C:\WINDOWS\system
2009-10-05 12:02:07 ----D---- C:\WINDOWS\system32\config
2009-10-05 12:01:49 ----D---- C:\WINDOWS\system32\wbem
2009-10-05 12:01:49 ----D---- C:\WINDOWS\Registration
2009-10-05 12:01:36 ----D---- C:\WINDOWS\system32
2009-10-05 12:01:09 ----D---- C:\WINDOWS\system32\Restore
2009-10-05 11:17:13 ----A---- C:\WINDOWS\system.ini
2009-10-05 11:16:00 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-05 11:12:54 ----D---- C:\WINDOWS\AppPatch
2009-10-05 11:12:51 ----D---- C:\Program Files\Common Files
2009-10-04 14:56:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-01 15:52:15 ----SH---- C:\boot.ini
2009-10-01 15:52:15 ----A---- C:\WINDOWS\win.ini
2009-09-29 20:18:56 ----RD---- C:\WINDOWS\Fonts
2009-09-29 20:18:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-29 20:18:52 ----D---- C:\Program Files\Microsoft Office
2009-09-19 21:23:00 ----D---- C:\Program Files\Messenger
2009-09-19 21:03:20 ----D---- C:\WINDOWS\WinSxS
2009-09-19 21:02:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-19 20:58:51 ----SD---- C:\Documents and Settings\Shakya Sir\Application Data\Microsoft
2009-09-18 12:00:49 ----D---- C:\Documents and Settings\Shakya Sir\Application Data\U3
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-01 226832]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-03-10 1163616]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-24 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-24 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 Cam5607;Acer Crystal Eye webcam; C:\WINDOWS\System32\Drivers\BisonC07.sys [2007-07-27 974248]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-06-06 5761728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-06 4613120]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 RapidPort;RapidPort; \??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-24 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-04-01 55352]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-24 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-24 67960]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 fuibhn;fuibhn; \??\C:\WINDOWS\system32\01.tmp []
S3 gaedsws;gaedsws; \??\C:\WINDOWS\system32\01.tmp []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 jgkxktxp;jgkxktxp; \??\C:\WINDOWS\System32\Drivers\jgkxktxp.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler; C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2007-02-09 169664]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-21 208616]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 MWAgent;MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE [2007-12-13 415232]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-10 602392]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 wampapache;wampapache; c:\wamp\apache\Apache.exe [2004-10-28 20545]
S3 wampmysqld;wampmysqld; c:\wamp\mysql\bin\mysqld-nt.exe [2004-12-15 3493888]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
QUOTE
that message doesnt go...
Hard to understand... please run Combofix again.
If it disable your wireless driver again, DO NOT restore your system ! Reinstall the driver from its original location instead.
Post the Combofix report along with a new rsit log.
Chris
i have run the scanf /scannow...and now the message is gone..before i forget to put / infront of scannow..thats why its not working i think...now that message doesnt appear...many many thanx for ur help ironbender..
You are welcome. Glad we could help.
You can now uninstall combofix:
<Start/Run> type in combofix /u (Enter) --> note there is a space before /u
This will remove quarantined files thus avoiding antivirus to trigger false positives in the future.
Deleting your system restore files may also be a good idea: Disable/re-enable system restore: http://www.bleepingcomputer.com/tutorials/tutorial56.html
Don't forget to create a new restore point just after.
Update Java: Go to your control Panel, click the Java Icon, update tab and click "update now".
This topic has been closed as the problem has been resolved. If there is a need to reopen this topic, please send a PM to a Moderator.
Chris
Glad we could help.You can now uninstall combofix:
<Start/Run> type in combofix /u (Enter) --> note there is a space before /u
This will remove quarantined files thus avoiding antivirus to trigger false positives in the future.
Deleting your system restore files may also be a good idea: Disable/re-enable system restore: http://www.bleepingcomputer.com/tutorials/tutorial56.html
Don't forget to create a new restore point just after.
Update Java: Go to your control Panel, click the Java Icon, update tab and click "update now".
This topic has been closed as the problem has been resolved. If there is a need to reopen this topic, please send a PM to a Moderator.
Chris
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.