1. ComboFix logfile =================================>>>
NSIS Error.JPG
ComboFix 08-05-12.1 - Administrator 2008-05-16 22:10:18.2 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\mngui.INI
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\mngui.INI
C:\WINDOWS\system32\runouce.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-13 00:24 . 2008-05-13 00:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-13 00:24 . 2008-05-13 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-09 07:49 . 2008-05-09 07:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-28 01:21 . 2008-04-28 05:10 <DIR> d-------- C:\mIRC
2008-04-25 01:40 . 2008-03-01 18:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-25 01:40 . 2007-04-17 14:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-25 01:40 . 2007-03-08 10:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-25 01:40 . 2008-03-01 18:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-25 01:40 . 2008-03-01 18:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-25 01:40 . 2008-03-01 18:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-25 01:40 . 2008-03-01 18:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-25 01:40 . 2008-03-01 18:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-25 01:40 . 2008-02-22 15:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-24 16:00 . 2008-04-24 16:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-22 06:29 . 2008-04-22 06:29 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-22 06:21 . 2008-04-22 06:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-22 03:18 . 2008-04-29 03:23 <DIR> d-------- C:\Program Files\speed-bit
2008-04-22 03:07 . 2008-05-16 21:35 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 03:06 . 2008-04-22 03:24 <DIR> d-------- C:\Program Files\DAP
2008-04-22 03:06 . 2008-04-22 03:06 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-04-22 03:06 . 2008-04-22 03:06 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-04-22 03:06 . 2008-04-22 03:06 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-04-21 21:02 . 2008-04-25 01:47 109,568 --a------ C:\WINDOWS\system32\drivers\zebrmdmc.sys
2008-04-21 21:02 . 2008-04-25 01:47 109,568 --a------ C:\WINDOWS\system32\drivers\zebrmdm.sys
2008-04-21 21:02 . 2008-04-25 01:47 91,264 --a------ C:\WINDOWS\system32\drivers\zebrsce.sys
2008-04-21 21:02 . 2008-04-25 01:47 83,200 --a------ C:\WINDOWS\system32\drivers\zebrbus.sys
2008-04-21 21:02 . 2008-04-25 01:47 14,848 --a------ C:\WINDOWS\system32\drivers\zebrmdfl.sys
2008-04-21 21:02 . 2008-04-25 01:47 12,160 --a------ C:\WINDOWS\system32\drivers\zebrcmnt.sys
2008-04-21 21:02 . 2008-04-25 01:47 12,160 --a------ C:\WINDOWS\system32\drivers\zebrcm.sys
2008-04-21 21:00 . 2008-05-01 18:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Teleca
2008-04-21 20:59 . 2008-04-25 01:47 63,360 --a------ C:\WINDOWS\system32\drivers\zebrceb.sys
2008-04-21 20:59 . 2008-04-25 01:47 12,160 --a------ C:\WINDOWS\system32\drivers\zebrwhnt.sys
2008-04-21 20:59 . 2008-04-25 01:47 12,160 --a------ C:\WINDOWS\system32\drivers\zebrwh.sys
2008-04-21 20:57 . 2008-04-21 20:57 <DIR> d-------- C:\Program Files\Symbian
2008-04-21 20:57 . 2008-04-21 20:57 <DIR> d-------- C:\Program Files\Intuwave
2008-04-21 20:57 . 2008-04-21 20:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2008-04-21 20:57 . 2005-06-08 15:53 288 --a------ C:\WINDOWS\mrinstu.iss
2008-04-21 20:56 . 2008-04-25 02:14 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-04-21 20:56 . 2008-04-21 20:56 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-04-21 20:56 . 2008-04-21 20:56 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-04-21 20:56 . 2008-04-21 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-04-21 20:56 . 2008-04-25 01:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 17:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-04-22 01:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-04-21 15:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-14_19.27.13.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
- 2008-05-14 13:55:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 16:34:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-03-29 18:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-12 16:44:11 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-03-29 18:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-12 16:32:02 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2004-08-03 22:56:44 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2004-08-03 22:56:44 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-03 22:56:44 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2004-08-03 22:56:44 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-07-17 09:34:48 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-03 22:56:44 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-03 22:56:44 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-03 22:56:44 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-03 22:56:44 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-03 22:56:44 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2004-08-03 22:56:44 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-03 22:56:44 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-03 22:56:44 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-03 22:56:44 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2004-08-03 22:56:46 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-03 22:56:46 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-03 22:56:46 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2008-03-29 18:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-12 16:33:19 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-03-29 18:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-12 16:38:45 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-03-29 18:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-12 16:38:25 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-03-29 18:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-12 16:34:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-03-29 18:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-12 16:36:18 77,904 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-03-29 18:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-12 16:33:38 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2004-08-03 22:56:44 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-03 22:56:44 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-03 22:56:44 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 09:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-03 22:56:44 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-03 22:56:44 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-03 22:56:44 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-03 22:56:44 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-03 22:56:44 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-03 22:56:44 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-03 22:56:44 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-03 22:56:44 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-03 22:56:46 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-03 22:56:46 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-03 22:56:46 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-05-14 16:10:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2008-04-29 03:25 1470488 --a------ C:\Program Files\speed-bit\tbspe1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "C:\Program Files\speed-bit\tbspe1.dll" [2008-04-29 03:25 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspe1.dll [2008-04-29 03:25 1470488]
[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-06 23:16 68856]
"mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 11:54 290816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-19 10:03 88209 C:\WINDOWS\AGRSMMSG.exe]
"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 09:08 143360]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 21:05 344064]
"LidPolicy"="C:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe" [2004-04-27 12:58 24576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 06:29 185896]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-02-20 12:06 741376]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-04-22 03:06 3053056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 21:39 79224]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-18 21:37:08 113664]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-18 21:37:08 113664]
BlueSoleil.lnk - D:\BlueSoleil\BlueSoleil.exe [2006-10-15 10:09:59 1044480]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"D:\\mIRC\\mirc.exe"=
"D:\\uTorrent\\utorrent.exe"=
"D:\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\mIRC\\mirc.exe"=
"C:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 21:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 21:38]
R3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2008-04-25 01:47]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2008-04-25 01:47]
R3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2008-04-25 01:47]
R3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2008-04-25 01:47]
R3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2008-04-25 01:47]
R3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2008-04-25 01:47]
S2 pciinfo;HP Pci Information;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 14:05]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5611d870-e438-11db-9d45-101111111111}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6930b760-f704-11db-9d54-101111111111}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-16 22:13:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-16 22:17:05
ComboFix-quarantined-files.txt 2008-05-16 17:16:55
ComboFix2.txt 2008-05-14 16:24:14
Pre-Run: 6,286,155,776 bytes free
Post-Run: 6,412,738,560 bytes free
259 --- E O F --- 2008-05-14 21:09:46
2. HJT logfile ================================>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:21 AM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\Program Files\Sony Ericsson\Mobile4\Mobile Networking Wizard\mngui.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sony Ericsson\Mobile4\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LidPolicy] C:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) -
https://h50203.www5.hp.com/HPISWeb/Cust ... anager.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) -
http://mail.abamco.com/dwa7W.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{11324915-9E89-4714-8638-AB77DE755F9D}: NameServer = 221.132.112.8 202.163.96.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8521 bytes
3. I tried to remove utorrent but I couldn't and this is what I got on my screen ... I don't need this program and I hardly ever used it. I tried to download the install file but it doesn't have uninstall option in it. Plz help (below screen shot of when I try to REMOVE it.)
NSIS Error.JPG
You do not have the required permissions to view the files attached to this post.