check if i'm infected with virus

ramesh help · #1 (**permalink**) 28-09-2009, 12:56 PM

hi neal, how are you..?? long time never come to this website... but still trust that this is still the best website for help

i need your help... can you check for me if i am infected with virus...??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:06 PM, on 9/28/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\Tata Photon Whiz\Aide.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\Explo reExtPDF.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun
O4 - HKLM\..\Run: [Aide] "C:\Program Files\Tata Photon Whiz\Aide.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5020 bytes

Neal · #2 (**permalink**) 28-09-2009, 04:18 PM

Don't see anything bad.

Are you haveing problems?

ramesh help · #3 (**permalink**) 29-09-2009, 02:25 AM

yes, example, if the pendrive is clean when i inserted it, it shows viruses files like autorun.exe and also usb installer virus.. and it disappers after few seconds.. and also i feel that the computer loading is abit slow compare to before.. i dotn knoe what is the problem. i am using avast free edition and its always the updated version.

Neal · #4 (**permalink**) 30-09-2009, 04:46 PM

Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix

If you have previously downloaded ComboFix,please delete that version now.

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now

How To Disable

Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.

*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

ramesh help · #5 (**permalink**) 01-10-2009, 03:11 AM

this is the scans log file. after the scanning, i had an error. look at the attachemnt below. how can a recycle bin be corupted.?? when there is no files inside it. first time i am hearing this thing,

ComboFix 09-09-30.01 - ramesh 10/01/2009 5:58.1.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.957.336 [GMT 5.5:30]
Running from: c:\users\ramesh\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090713-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1335 [VPS 090713-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1150848165-368924685-4163801749-1000
c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCac he.dll
c:\programdata\Microsoft\VBExpress\9.0\1033\Resour ceCache.dll
c:\users\ramesh\Documents\smss.exe
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\msc.exe
c:\windows\system32\msxml71.dll
c:\windows\system32\tscct1.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 )))))))))))))))))))))))))))))))
.

2009-10-01 01:32 . 2009-10-01 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-30 14:05 . 2009-09-30 14:05 -------- d-----w- c:\windows\LastGood
2009-09-28 17:43 . 2009-09-28 17:43 -------- d-----w- c:\users\ramesh\AppData\Local\IsolatedStorage
2009-09-28 17:05 . 2009-09-28 17:43 -------- d-----w- c:\program files\Virtual Earth 3D
2009-09-28 11:39 . 2009-09-30 15:13 -------- d-----w- C:\dvdsanta
2009-09-28 11:39 . 2009-09-28 11:39 -------- d-----w- C:\TempDVD
2009-09-28 11:39 . 2007-04-22 16:39 921600 ----a-w- c:\windows\system32\vorbisenc.dll
2009-09-28 11:39 . 2007-04-22 16:39 188416 ----a-w- c:\windows\system32\vorbis.dll
2009-09-28 11:39 . 2007-04-22 16:39 45056 ----a-w- c:\windows\system32\ogg.dll
2009-09-28 11:39 . 2007-04-22 16:41 237568 ----a-w- c:\windows\system32\xvidvfw.dll
2009-09-28 11:39 . 2007-04-22 16:41 1216512 ----a-w- c:\windows\system32\xvidcore.dll
2009-09-28 11:39 . 2007-04-22 16:40 237568 ----a-w- c:\windows\system32\OggDS.dll
2009-09-28 11:39 . 2009-09-28 11:48 -------- d-----w- c:\program files\dvdSanta
2009-09-28 09:26 . 2009-09-28 09:26 -------- d-----w- c:\program files\Trend Micro
2009-09-26 01:00 . 2009-02-24 13:12 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-09-26 01:00 . 2009-09-26 01:02 -------- d-----w- c:\program files\MagicDisc
2009-09-26 00:08 . 2009-09-26 00:08 -------- d-----w- c:\users\ramesh\{0f94349c-78a1-4b61-9ddb-da9e4331b488}
2009-09-26 00:04 . 2009-09-26 00:04 -------- d-----w- c:\program files\ODEON
2009-09-23 17:58 . 2008-08-26 04:56 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-09-23 17:57 . 2009-09-23 17:57 -------- d-----w- c:\program files\PC Connectivity Solution
2009-09-22 17:08 . 2009-09-23 00:21 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2009-09-20 00:47 . 2009-09-20 00:49 -------- d-----w- c:\program files\SimpleOCR
2009-09-16 16:33 . 2009-09-16 16:33 -------- d-----w- c:\users\ramesh\AppData\Roaming\AdvancedTiffEditor
2009-09-16 16:32 . 2009-09-16 16:42 -------- d-----w- c:\program files\Advanced TIFF Editor
2009-09-16 15:45 . 2005-08-05 07:48 270409 ----a-w- c:\windows\system32\TifToPdfCtxMenu.dll
2009-09-16 15:45 . 2009-09-16 15:45 -------- d-----w- c:\program files\Tiff to PDF converter
2009-09-16 15:39 . 2009-09-16 15:39 1024 ----a-w- c:\windows\system32\PDF2TIFF.DAT
2009-09-16 15:39 . 2009-09-16 15:39 -------- d-----w- c:\program files\PDF Extract TIFF v2.0
2009-09-14 07:30 . 2009-09-14 07:31 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2009-09-12 00:53 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-11 21:31 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-11 21:31 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-11 21:29 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-11 21:29 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-11 21:29 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-11 21:29 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-11 21:29 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-11 21:29 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-11 21:29 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-11 21:29 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-11 21:29 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-11 21:29 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-11 21:29 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-11 21:09 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-11 21:09 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-11 21:09 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 21:09 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-11 21:09 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-11 21:09 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-11 21:09 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-11 21:09 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-11 21:09 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-11 21:08 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 21:08 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 21:08 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 21:08 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-11 21:08 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 21:08 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-09-11 21:07 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-09-11 21:07 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-09-11 21:07 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-09-11 21:07 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-11 21:06 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-11 21:06 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-11 21:06 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-11 17:32 . 2009-09-11 17:32 -------- d-----w- c:\programdata\WindowsSearch
2009-09-09 15:18 . 2008-08-26 10:48 113152 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-09-09 15:18 . 2008-07-24 06:33 101760 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-09-09 15:18 . 2008-04-14 04:06 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-09-09 15:18 . 2007-08-08 22:36 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-09-09 15:18 . 2009-09-09 15:19 -------- d-----w- c:\program files\Tata Photon Whiz

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-01 00:20 . 2009-07-07 17:50 -------- d-----w- c:\users\ramesh\AppData\Roaming\Skype
2009-09-30 18:30 . 2009-07-08 00:14 -------- d-----w- c:\users\ramesh\AppData\Roaming\skypePM
2009-09-29 12:38 . 2009-08-06 16:46 -------- d-----w- c:\users\ramesh\AppData\Roaming\SolidDocuments
2009-09-28 09:31 . 2009-07-24 16:31 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-27 08:47 . 2009-07-25 17:50 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-27 08:47 . 2009-07-25 17:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-27 08:45 . 2009-07-09 13:38 -------- d-----w- c:\program files\SWiSH Max2
2009-09-27 08:44 . 2009-07-09 07:25 -------- d-----w- c:\program files\SWiSH miniMax2
2009-09-27 08:42 . 2009-08-09 00:27 -------- d-----w- c:\program files\Pamela
2009-09-27 08:40 . 2009-08-30 01:32 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-26 16:41 . 2009-07-07 17:58 -------- d-----w- c:\users\ramesh\AppData\Roaming\TeamViewer
2009-09-25 14:56 . 2009-08-17 15:00 -------- d-----w- c:\users\ramesh\AppData\Roaming\PC Suite
2009-09-25 14:54 . 2009-09-25 14:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDrive r_01_07_00.Wdf
2009-09-25 14:53 . 2009-08-17 15:00 -------- d-----w- c:\programdata\PC Suite
2009-09-25 14:53 . 2009-09-25 14:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-09-23 17:58 . 2009-08-17 14:58 -------- d-----w- c:\program files\DIFX
2009-09-23 17:49 . 2009-08-17 14:54 -------- d-----w- c:\program files\Nokia
2009-09-23 17:46 . 2009-08-17 14:53 -------- d-----w- c:\programdata\Installations
2009-09-23 07:19 . 2009-07-07 13:05 108800 ----a-w- c:\users\ramesh\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-23 01:23 . 2009-07-31 08:03 -------- d-----w- c:\programdata\Microsoft Help
2009-09-23 01:17 . 2009-07-31 08:09 -------- d-----w- c:\program files\Microsoft Works
2009-09-22 17:08 . 2009-08-19 08:10 -------- d-----w- c:\program files\Pinnacle
2009-09-15 15:46 . 2009-07-22 16:38 -------- d-----w- c:\program files\Total Video Converter
2009-09-13 17:02 . 2009-07-19 04:44 -------- d-----w- c:\users\ramesh\AppData\Roaming\dvdcss
2009-09-13 15:11 . 2009-07-11 02:45 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 01:41 . 2009-07-07 17:46 -------- d-----w- c:\users\ramesh\AppData\Roaming\uTorrent
2009-08-30 12:16 . 2009-08-30 12:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 05.Wdf
2009-08-30 12:14 . 2009-08-30 12:13 -------- d-----w- c:\program files\Common Files\Nokia
2009-08-30 12:14 . 2009-08-30 12:14 -------- d-----w- c:\program files\Common Files\PCSuite
2009-08-30 11:02 . 2009-08-30 11:02 -------- d-----w- c:\program files\Phonewebcam
2009-08-30 01:34 . 2009-08-30 01:34 -------- d-----w- c:\users\ramesh\AppData\Roaming\Share-to-Web Upload Folder
2009-08-30 01:33 . 2009-08-30 01:33 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-29 14:41 . 2009-08-29 14:41 -------- d-----w- c:\program files\HDD Health
2009-08-19 15:12 . 2009-08-19 07:49 -------- d-----w- c:\programdata\PinnacleExtractor
2009-08-19 08:19 . 2009-08-19 08:19 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-08-19 08:18 . 2009-08-19 08:10 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2009-08-19 08:10 . 2009-08-19 08:10 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2009-08-19 08:10 . 2009-08-19 08:10 -------- d-----w- c:\programdata\Studio 12
2009-08-19 08:10 . 2009-08-19 08:10 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-08-19 08:10 . 2009-08-19 07:57 -------- d-----w- c:\programdata\Pinnacle
2009-08-17 16:10 . 2009-07-07 13:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-07-07 13:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-07-07 13:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-07-07 13:10 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-07-07 13:10 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-07-07 13:10 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-07-07 13:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 15:00 . 2009-08-17 15:00 -------- d-----w- c:\users\ramesh\AppData\Roaming\Nokia
2009-08-16 09:27 . 2009-08-16 09:25 -------- d-----w- c:\program files\S3
2009-08-16 09:27 . 2009-07-07 13:04 680 ----a-w- c:\users\ramesh\AppData\Local\d3d9caps.dat
2009-08-16 09:26 . 2009-07-09 19:20 -------- d-----w- c:\program files\CONEXANT
2009-08-16 08:52 . 2009-08-16 08:52 -------- d-----w- c:\program files\Stardock
2009-08-16 08:52 . 2009-08-16 08:52 -------- d-----w- c:\program files\Common Files\Stardock
2009-08-09 00:30 . 2009-08-09 00:28 -------- d-----w- c:\users\ramesh\AppData\Roaming\Pamela
2009-08-08 12:04 . 2009-07-12 11:39 -------- d-----w- c:\program files\KaraFun
2009-08-07 14:29 . 2009-08-07 14:29 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-06 16:46 . 2009-08-06 16:46 -------- d-----w- c:\program files\Common Files\SolidDocuments
2009-08-06 16:46 . 2009-08-06 16:44 -------- d-----w- c:\program files\SolidDocuments
2009-08-03 17:00 . 2009-08-03 17:00 -------- d-----w- c:\users\ramesh\AppData\Roaming\Corel
2009-08-03 16:05 . 2009-08-03 16:05 -------- d-----w- c:\programdata\InstallShield
2009-08-03 15:59 . 2009-08-03 15:59 -------- d-----w- c:\program files\Corel
2009-08-03 15:59 . 2009-08-03 15:59 -------- d-----w- c:\program files\Common Files\Corel
2009-08-02 22:24 . 2009-08-02 22:15 -------- d-----w- c:\program files\Microsoft SQL Server
2009-08-02 22:21 . 2009-07-31 08:08 -------- d-----w- c:\program files\Microsoft.NET
2009-08-02 22:15 . 2009-08-02 22:08 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-08-02 22:15 . 2009-08-02 22:15 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-08-02 22:15 . 2009-08-02 22:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-08-02 22:07 . 2009-08-02 22:07 -------- d-----w- c:\program files\Microsoft SDKs
2009-08-02 16:38 . 2009-08-02 16:38 -------- d-----w- c:\users\ramesh\AppData\Roaming\Download Manager
2009-08-02 07:40 . 2009-07-09 14:23 -------- d-----w- c:\program files\Microsoft
2009-07-21 21:52 . 2009-08-02 07:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-02 07:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-02 07:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-02 07:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 09:42 . 2009-07-19 09:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-15 15:15 . 2009-07-15 15:15 552 ----a-w- c:\users\ramesh\AppData\Local\d3d8caps.dat
2009-07-14 02:49 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-14 02:49 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-07-09 21:33 . 2009-07-09 21:33 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-07-09 18:57 . 2009-07-09 18:57 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-07 18:40 . 2009-07-07 18:40 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-07-07 18:40 . 2009-07-07 18:40 272896 ----a-w- c:\windows\system32\polstore.dll
2009-07-07 18:37 . 2009-07-07 18:37 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-07-07 18:29 . 2009-07-07 18:29 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-07-07 18:20 . 2009-07-07 18:20 623616 ----a-w- c:\windows\system32\localspl.dll
2009-07-07 18:07 . 2009-07-07 18:07 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2009-07-07 18:04 . 2009-07-07 21:36 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-07-07 18:00 . 2009-07-07 18:00 37888 ----a-w- c:\windows\system32\printcom.dll
2009-07-07 17:59 . 2009-07-07 17:59 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-07-07 17:55 . 2009-07-07 17:55 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-07-07 17:54 . 2009-07-07 17:54 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-07 17:48 . 2009-07-07 17:48 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-07-07 16:09 . 2009-07-07 16:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-07-07 16:09 . 2009-07-07 16:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-07 16:09 . 2009-07-07 16:09 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-07 16:09 . 2009-07-07 16:09 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-07-07 16:09 . 2009-07-07 16:09 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-07-07 16:09 . 2009-07-07 16:09 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-07-07 16:09 . 2009-07-07 16:09 34328 ----a-w- c:\windows\system32\wups.dll
2009-07-07 16:09 . 2009-07-07 16:09 162064 ----a-w- c:\windows\system32\wuwebv.dll
2006-11-22 14:58 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 102400]
"Aide"="c:\program files\Tata Photon Whiz\Aide.exe" [2009-03-31 77824]
"S3Trayp"="S3trayp.exe" - c:\windows\System32\s3trayp.exe [2007-06-26 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\users\ramesh\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-8-16 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1228c90675

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^ramesh^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\ramesh\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^ramesh^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^SMS Services.lnk]
path=c:\users\ramesh\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\SMS Services.lnk
backup=c:\windows\pss\SMS Services.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{5ABF32FA-1537-4158-BC09-983971A87A37}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2BD99464-FEB0-42EE-B534-B94BC9BB2402}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3D0CC3DF-6BF1-46ED-AF1C-86A8C9630D93}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{3D6571FA-D92F-43BD-B60D-585ED10C2996}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewe r Remote Control Application
"UDP Query User{96285B0C-221D-4554-BEA8-2B209DF25CB5}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewe r Remote Control Application
"TCP Query User{AB3ED296-248F-4537-B1F1-3D210E6100C2}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{DBDFC99B-3BB8-4F70-912D-F3D29F1062C1}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"{E559AE3D-6891-438A-911A-242B8EF26823}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{A1B91AF6-4B25-4CD4-A929-469ECCA63018}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{439B446E-E49D-46AA-9964-B8E483ABD69B}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{441383DB-D2F6-4B39-8B81-01D4A3990604}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{6DCB9D81-3105-4D46-8725-374C72A5C6D1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{EF542B88-8940-49DB-BD06-DA6BE034CFDD}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{0EC1BF3A-77D4-465B-9A0A-B0E78F11C2CB}"= UDP:c:\program files\Phonewebcam\PhonewebcamPublisher.exe:Phonewe bcam Publisher
"{52059FAA-1C35-4FB7-BF82-2E18614F0F1B}"= TCP:c:\program files\Phonewebcam\PhonewebcamPublisher.exe:Phonewe bcam Publisher
"{71A8A902-AD42-4E7A-B7E6-3355956B29A7}"= UDP:c:\program files\Phonewebcam\PhonewebcamPublisher.exe:Phonewe bcam Publisher
"{626D2C04-9A88-4993-8414-256B6024C87E}"= TCP:c:\program files\Phonewebcam\PhonewebcamPublisher.exe:Phonewe bcam Publisher
"{31EEA2F0-3169-4F9C-9B48-3DF72535959E}"= UDP:c:\program files\Phonewebcam\OTAMateSE.exe:OTAMate Service Engine
"{E369816B-3A87-458A-8770-45A40E8F4BED}"= TCP:c:\program files\Phonewebcam\OTAMateSE.exe:OTAMate Service Engine
"{77620B7D-97A4-4678-92D2-BD89A088356F}"= UDP:c:\program files\Phonewebcam\OTAMateSE.exe:OTAMate Service Engine
"{4DCBC41B-C0C8-4293-AD2A-D5DB5962D722}"= TCP:c:\program files\Phonewebcam\OTAMateSE.exe:OTAMate Service Engine
"TCP Query User{720118E8-75F8-4D3F-A935-3C6ADA83A989}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{C79760DC-9F43-4FE8-BCDD-F481A1E04B61}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{6BEE6843-23F7-439B-A3BB-EA9FFE9E7613}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{C78EDEA5-1184-48AF-9684-873DDEFFB4BD}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{A876327E-8A07-4914-AAEA-3B13AB020553}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{D272FA82-C9E5-4C18-A725-AA9BCD5ABB92}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{61F016F7-979E-412B-BE5D-A0812E5A4D55}"= UDP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pi nnacle VideoSpin
"{9ACA5AAE-997E-4856-8E62-E8E769C8928F}"= TCP:c:\program files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pi nnacle VideoSpin
"TCP Query User{F2C0E4B6-6A0D-4E24-BCA6-495044EE672A}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewe r Remote Control Application
"UDP Query User{86AEE6DA-C7E5-4EB4-9DFF-649CE25EFC16}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewe r Remote Control Application

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Users\\ramesh\\DOCUME~1\\smss.exe"= c:\users\ramesh\DOCUME~1\smss.exe:*:Enabled:SMS Services

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [7/7/2009 6:40 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [7/7/2009 6:40 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [7/7/2009 6:40 PM 53328]
R2 HsfXAudioService;HsfXAudioService;c:\windows\syste m32\svchost.exe -k HsfXAudioService [7/12/2009 11:10 AM 21504]
R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\System32\drivers\fetnd6v.sys [5/15/2009 5:17 AM 43520]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [5/24/2009 7:36 AM 501248]
R3 S3GIGP;S3GIGP;c:\windows\System32\drivers\VTGKMode DX32.sys [8/16/2009 2:55 PM 791040]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
S3 sit_bus;SIT_1x_usbmodem Device;c:\windows\System32\drivers\sit_bus.sys [4/17/2007 9:51 AM 22144]
S3 sit_flt;SUNGIL USB Filter Service;c:\windows\System32\drivers\sit_flt.sys [4/18/2007 1:27 PM 4352]
S3 sit_mdm;SIT_1x_usbmodem ;c:\windows\System32\drivers\sit_mdm.sys [4/17/2007 12:22 PM 39680]
S3 sit_prt;SIT_1x_usbmodem Port;c:\windows\System32\drivers\sit_prt.sys [4/17/2007 9:58 AM 38656]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 5:58 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 5:58 AM 369688]
S4 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [6/25/2009 12:52 PM 185640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{2E1303D8-C2D4-4411-A228-227D72E2D937}.job
- c:\windows\system32\msfeedssync.exe [2009-08-02 20:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ramesh\AppData\Roaming\Mozilla\Firefox\Pr ofiles\bvevblm3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-01 07:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Aide = "c:\program files\Tata Photon Whiz\Aide.exe"???????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-01 7:05
ComboFix-quarantined-files.txt 2009-10-01 01:35

Pre-Run: 13,623,160,832 bytes free
Post-Run: 13,477,433,344 bytes free

366 --- E O F --- 2009-09-23 01:25

Neal · #6 (**permalink**) 01-10-2009, 07:03 PM

info on your error:

Google

How is your computer behaveing now?

ramesh help · #7 (**permalink**) 02-10-2009, 06:06 AM

hey hmm i dont see much differents?? sometimes the computer just hangs for no reason and also when i copy files to pendrive, the whole copying process says not responding and it hangs. and also sometimes the computer gets stuck while loading the websites..

Neal · #8 (**permalink**) 02-10-2009, 07:22 PM

Download SDFIX and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:

* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

ramesh help · #9 (**permalink**) 13-10-2009, 04:08 AM

hi, the SDFIX does not seem to work.. last time onces we had this problem.. i'm using vista thats why not working.

the Dr.Web CureIt (ftp) file does not seem to download properly i dont knoe why..

what do to now?

Neal · #10 (**permalink**) 15-10-2009, 06:53 PM

I'm not seeing any more malware so try this:

* Click here to use the F-Secure Online Scanner

Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.