Hello Shaba,
Thanks for the reply. As directed by you, I performed the steps to disable the Teatimer. However after I reboot the system, the following error message appeared.
"Error loading C:\windows\system32\yhyyfexv.dll
The specified module could not be found."
I clicked OK to close the message window.
I downloaded combofix and ran the scan.
Here is the log generated after the scan.
ComboFix 08-06-20.4 - Jasbir Hansi 2008-06-30 10:43:40.1 - NTFSx86
Running from: C:\Documents and Settings\Jasbir Hansi\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jasbir Hansi\Application Data\macromedia\Flash Player\#SharedObjects\YQ22SQJD\iforex.com
C:\Documents and Settings\Jasbir Hansi\Application Data\macromedia\Flash Player\#SharedObjects\YQ22SQJD\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Jasbir Hansi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Jasbir Hansi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\BM313e2b3d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtustqO.dll
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\owcvwfnn.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.
2008-06-28 17:44 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-06-28 17:44 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-06-28 17:44 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-06-28 17:44 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-06-28 17:44 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-06-28 17:44 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-06-28 17:44 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-06-28 17:44 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-06-28 17:43 . 2001-08-17 13:28 771,581 --a------ C:\WINDOWS\system32\dllcache\winacisa.sys
2008-06-28 17:43 . 2004-08-03 22:31 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-06-28 17:43 . 2001-08-17 12:12 34,890 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-06-28 17:43 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-06-28 17:43 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-06-28 17:43 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2008-06-28 17:41 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-06-28 17:40 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-06-28 17:39 . 2001-08-17 14:56 315,520 --a------ C:\WINDOWS\system32\dllcache\trid3d.dll
2008-06-28 17:38 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-06-28 17:37 . 2001-08-17 14:56 147,200 --a------ C:\WINDOWS\system32\dllcache\smidispb.dll
2008-06-28 17:36 . 2004-08-04 08:00 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-06-28 17:35 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-06-28 17:34 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-06-28 17:33 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-06-28 17:32 . 2004-08-04 00:56 363,520 --a------ C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-06-28 17:31 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-06-28 17:30 . 2004-08-04 00:56 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-06-28 17:29 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-06-28 17:28 . 2001-08-17 12:50 320,384 --a------ C:\WINDOWS\system32\dllcache\mgaum.sys
2008-06-28 17:27 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-06-28 17:26 . 2001-08-17 22:36 242,176 --a------ C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-06-28 17:25 . 2004-08-04 00:56 702,845 --a------ C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-06-28 17:24 . 2004-08-04 08:00 1,041,536 --a------ C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-06-28 17:23 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-06-28 17:22 . 2001-08-17 13:28 595,647 --a------ C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-06-28 17:21 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-06-28 17:20 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-06-28 17:19 . 2001-08-17 14:02 272,640 --a------ C:\WINDOWS\system32\dllcache\cinemclc.sys
2008-06-28 17:18 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2008-06-28 17:17 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-06-28 17:16 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-06-28 17:15 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-06-28 12:19 . 2008-06-28 12:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-06-28 10:09 . 2008-06-28 10:09 81,920 --------- C:\WINDOWS\system32\nnfwvcwo.dll
2008-06-28 10:08 . 2008-06-28 10:08 103,424 --------- C:\WINDOWS\system32\xciokx.dll
2008-06-28 10:08 . 2008-06-28 10:08 103,424 --------- C:\WINDOWS\system32\bktbedrr.dll
2008-06-28 10:03 . 2008-06-28 10:03 90,624 --------- C:\WINDOWS\system32\grmleibm.dll
2008-06-27 16:21 . 2008-06-28 09:58 268 --a------ C:\WINDOWS\wininit.ini
2008-06-26 19:33 . 2008-06-26 18:32 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-26 19:33 . 2008-06-26 19:33 2,556 --a------ C:\WINDOWS\unins000.dat
2008-06-26 17:32 . 2008-06-26 17:32 80,896 --------- C:\WINDOWS\system32\draejjrp.dll
2008-06-26 17:31 . 2008-06-26 17:31 106,496 --------- C:\WINDOWS\system32\sbglgjdx.dll
2008-06-26 17:24 . 2008-06-26 17:24 106,496 --------- C:\WINDOWS\system32\ltxyuxtr.dll
2008-06-26 17:23 . 2008-06-26 17:23 91,648 --------- C:\WINDOWS\system32\lhovwafp.dll
2008-06-25 19:17 . 2008-06-25 19:17 <DIR> d-------- C:\Documents and Settings\Jasbir Hansi\System
2008-06-25 19:17 . 2008-06-25 21:31 <DIR> d-------- C:\Documents and Settings\Jasbir Hansi\Application Data\SmartDraw
2008-06-25 18:56 . 2008-06-25 18:56 91,136 --------- C:\WINDOWS\system32\ddmurjrw.dll
2008-06-25 18:29 . 2008-06-25 18:29 91,136 --------- C:\WINDOWS\system32\xkgukuem.dll
2008-06-24 22:18 . 2008-06-25 19:17 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-06-24 21:49 . 2008-06-28 21:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-24 21:49 . 2008-06-24 21:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-24 19:59 . 2008-06-24 20:12 <DIR> d-------- C:\Program Files\Driver Magician
2008-06-24 19:59 . 2005-01-12 11:19 456,536 --------- C:\WINDOWS\system32\XCEEDZIP.DLL
2008-06-24 19:59 . 2004-03-09 00:00 132,880 --------- C:\WINDOWS\system32\Msinet.ocx
2008-06-24 19:59 . 2004-08-11 15:55 110,602 --------- C:\WINDOWS\system32\xcdsfx32.bin
2008-06-24 19:01 . 2008-06-24 19:02 99,840 --------- C:\WINDOWS\system32\elfpcmhg.dll
2008-06-23 21:34 . 2008-06-23 21:35 <DIR> d-------- C:\Program Files\inDisc Recovery
2008-06-23 21:31 . 2008-06-23 21:31 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-06-23 21:31 . 2008-06-23 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2008-06-23 21:31 . 2006-11-22 12:35 42,496 --------- C:\WINDOWS\system32\AdvUninstCPL.cpl
2008-06-23 21:08 . 2008-06-24 20:14 42 --------- C:\WINDOWS\system32\Jiii_PNUCT.pnc
2008-06-23 21:08 . 2008-06-23 21:08 42 --------- C:\WINDOWS\system32\AK083E209605E394C.lie
2008-06-23 21:07 . 2008-06-23 21:07 <DIR> d-------- C:\Program Files\Perfect Uninstaller
2008-06-23 20:21 . 2008-06-23 20:21 <DIR> d-------- C:\Sandbox
2008-06-23 20:21 . 2008-06-24 22:18 2,114 --a------ C:\WINDOWS\Sandboxie.ini
2008-06-23 20:20 . 2008-06-23 20:20 <DIR> d-------- C:\Program Files\Sandboxie
2008-06-21 23:06 . 2008-06-21 23:06 <DIR> d-------- C:\Program Files\Nucleus
2008-06-21 20:28 . 2008-06-21 20:30 <DIR> d-------- C:\Program Files\Power CD DVD Recovery
2008-06-21 19:08 . 2008-06-21 19:08 <DIR> d-------- C:\Program Files\Smart Projects
2008-06-16 20:11 . 2008-06-16 20:11 145,408 --a------ C:\Interactive Tables for Kids 2003.xls
2008-06-16 19:53 . 2008-06-16 19:53 48,544 --a------ C:\Interactive Tables for Kids.xlsx
2008-06-16 19:44 . 2008-06-16 19:44 <DIR> d-------- C:\Documents and Settings\Baljot Hansi\Application Data\U3
2008-06-14 11:51 . 2008-06-14 11:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-12 17:40 . 2008-06-12 17:40 <DIR> d-------- C:\Documents and Settings\Baljot Hansi\Application Data\HotSync
2008-06-12 17:39 . 2005-10-20 00:19 <DIR> d-------- C:\Documents and Settings\Baljot Hansi\Application Data\Symantec
2008-06-12 17:39 . 2007-11-20 15:18 <DIR> d-------- C:\Documents and Settings\Baljot Hansi\Application Data\Apple Computer
2008-06-12 17:39 . 2008-06-12 17:39 <DIR> d-------- C:\Documents and Settings\Baljot Hansi
2008-06-11 09:09 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 09:09 . 2008-06-13 09:10 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 20:25 . 2008-06-03 20:27 <DIR> d-------- C:\Program Files\Microsoft Money
2008-06-03 20:19 . 2008-06-03 20:23 <DIR> d-------- C:\Money 2003
2008-05-12 19:26 . 2008-05-12 19:26 <DIR> d-------- C:\Documents and Settings\Ravneet Hansi\Application Data\Quark
2008-05-10 15:44 . 2008-05-10 15:44 <DIR> d-------- C:\Documents and Settings\Ravneet Hansi\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 14:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-30 14:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-29 01:45 --------- d-----w C:\Documents and Settings\Jasbir Hansi\Application Data\Corel
2008-06-28 16:13 --------- d-----w C:\Documents and Settings\Jasbir Hansi\Application Data\SlimBrowser
2008-06-27 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-26 23:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-26 02:24 --------- d-----w C:\Program Files\WebZIP 7
2008-06-24 22:44 --------- d-----w C:\Documents and Settings\Jasbir Hansi\Application Data\uTorrent
2008-06-21 20:55 --------- d-----w C:\Documents and Settings\Jasbir Hansi\Application Data\Ahead
2008-05-21 21:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-03-28 23:26 1,171,671 ----a-w C:\MapArt_TorontoArea_Atlas_Index.zip
2007-08-05 18:50 4,376,328 ----a-w C:\Program Files\DAP.exe
2006-12-27 14:56 476,752 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-01-02 16:36 32 --sha-w C:\WINDOWS\{8469FB5C-9AD0-4C1E-A42B-6E7525BC6694}.dat
2006-12-27 23:43 88 --sh--r C:\WINDOWS\system32\EEBA1201EC.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2007-09-26 14:14 4484816]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 18:03 94208]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2008-04-27 09:22 512512]
"Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe" [2008-05-29 16:18 920976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"SoundMan"="SOUNDMAN.EXE" [2005-08-16 17:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2005-07-13 05:55 49152 C:\WINDOWS\system32\SiSPower.dll]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 05:32 507904]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-12-08 23:31 413696]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04 1544192]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 00:04 84640]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152]
"320d18a1"="C:\WINDOWS\system32\yhyyfexv.dll" [ ]
C:\Documents and Settings\Ravneet Hansi\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 02:19:50 217193]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 15:27:34 471040]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-09-18 20:22:19 819200]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312}"= C:\WINDOWS\system32\efcAPFyX.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyp32]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"LaunchApp"=Alaunch
"Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe
"PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SetDefPrt"=C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
"BigDogPath"=C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 17:46]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-04-27 09:22]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 14:38]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 20:52:21 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-21 20:52:34 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Jasbir Hansi.job"
- C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exeh/TASK:
"2008-06-30 14:31:41 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
"2008-06-30 14:34:07 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1129ECBA-4CB3-45A8-8411-265426400316}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-30 10:50:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-30 10:53:24
ComboFix-quarantined-files.txt 2008-06-30 14:53:19
Pre-Run: 7,251,406,848 bytes free
Post-Run: 8,701,427,712 bytes free
238 --- E O F --- 2008-06-20 07:00:58
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:27 PM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.torontomls.net/Login.aspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\yhyyfexv.dll",b
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cabO16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
http://www.kodakgallery.ca/downloads/BU ... ofupld.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 12203 bytes
Thanks a lot,
Jay