Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

virus alert!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

virus alert!

Unread postby mly » October 19th, 2008, 1:39 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21: VIRUS ALERT!, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\System32\alg.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NoAdware\NoAdware5.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O1 - Hosts: 172.16.1.2 mail.mailstreet.net
O1 - Hosts: 172.16.1.2 mail
O1 - Hosts: 172.16.1.3 mailstreet2.mailstreet.net
O1 - Hosts: 172.16.1.3 mailstreet2
O1 - Hosts: 1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Easy Read - {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} - C:\Program Files\eREAD\eREAD\EasyRead.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QXK Olive - {77062945-6728-43E4-ADC4-CF45E7E1AF1A} - C:\WINDOWS\grfxbanoxbw.dll (file missing)
O2 - BHO: (no name) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: rosqxvmn - {DD75AB82-CBE3-4096-825E-C24BFA82B5FF} - C:\WINDOWS\rosqxvmn.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9460490500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9460074765
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O21 - SSODL: ngwstxfd - {C5B6FB52-9EB3-4D7F-B903-F342CB064506} - C:\WINDOWS\ngwstxfd.dll
O21 - SSODL: qrbgltos - {7BB71C62-885B-4327-BCFF-409FF7D9F1A2} - C:\WINDOWS\qrbgltos.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: (no name) - http://images.abunawaf.com/2007/09/11/ramandan5copy.jpg

--
End of file - 11999 bytes
mly
Active Member
 
Posts: 13
Joined: October 19th, 2008, 1:31 am
Advertisement
Register to Remove

Re: virus alert!

Unread postby MikeSwim07 » October 19th, 2008, 9:08 am

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please note: All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: virus alert!

Unread postby mly » October 19th, 2008, 11:06 am

Hello Micheal

I will follow your instruction and be patient, thank you for your quick reply and for your help:). Hope we will solve the issue together.

<!--Here my uninstall list-->

ABBYY FineReader 6.0 Sprint
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe Captivate 3
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Presenter 7
Adobe Presenter 7
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Registry Optimizer
AHV content for Acrobat and Flash
ALPS Touch Pad Driver
Apple Software Update
Articulate Presenter 5 Professional
Articulate Rapid E-Learning PowerPoint Template Kit
Ask Toolbar
Atheros Driver Installation Program
ATSOnlineSupportFiles
Avanquest update
AVI DivX to DVD SVCD VCD Converter 2.2.2
Bonjour
Camtasia Studio 5
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Comic Sound Pack
Compatibility Pack for the 2007 Office system
Course Genie v2.2.0 CE
Dell Photo AIO Printer 944
DVD-RAM Driver
FairStars Audio Converter 1.54
Golden Al-Wafi Translator
GoldWave v5.06
Google Talk (remove only)
HijackThis 2.0.2
Hot Potatoes v 6.0.3.34
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
IHMC CmapTools v4.07
Inspiration 7.5
Intel(R) Graphics Media Accelerator Driver for Mobile
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 7
Jing
Kaspersky Anti-Virus 2009 8.0.0.454
Logitech Desktop Messenger
Macromedia Flash Player
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Mindjet MindManager Pro 6 Admin
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MyVideoConverter 1.39
Nero 6 Ultra Edition
NoAdware v5.0
Nokia Connectivity Cable Driver
OpenOffice.org Installer 1.0
Opera 9.60
PC Connectivity Solution
PDF Settings
PDF-XChange 3.0
QuickTime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Rhapsody Player Engine
Safari
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Sonic DLA
Sonic RecordNow!
Sony Ericsson PC Suite 3.207.00
Sony USB Driver
Spyware Doctor 6.0
StudyMate 2 Campus-Wide
SWiSH Max2
Texas Instruments PCIxx21/x515 drivers.
TextPad 4
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Trend Micro Internet Security
Trend Micro Internet Security
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VideoLAN VLC media player 0.8.6i
Windows Driver Package - Intel (NETw4x32) net (02/25/2007 11.1.0.86)
Windows Driver Package - Intel (w29n51) net (02/08/2007 9.0.4.33)
Windows Driver Package - Intel net (02/25/2007 11.1.0.86)
Windows Driver Package - Intel net (02/25/2007 11.1.0.86)
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.1
Word to PDF Converter 3.0
Yahoo! Toolbar

Best regards,
MLY
mly
Active Member
 
Posts: 13
Joined: October 19th, 2008, 1:31 am

Re: virus alert!

Unread postby MikeSwim07 » October 20th, 2008, 6:16 pm

Download and Run ComboFix

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    The ones that need to be closed/disabled are:
    Trend Micro Internet Security

  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: virus alert!

Unread postby mly » October 21st, 2008, 3:48 am

Here my logs but I didn't get these steps for ComboFix (Disclaimer + backing up the Windows Registry + AutoScan)

*it says that I don't have an internet connection.
*Also because I have wrong date (20/1/2009) and I can't fix it, it says that ComboFix has expire.

ComboFix log


ComboFix 08-10-19.04 - Mariam AL-Khamiri 2009-01-20 11:14:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.173 [GMT 4:00]
Running from: C:\Documents and Settings\Dr. Fatma Al Khamiri\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-19 20:21 . 2009-01-19 20:21 <DIR> d-------- C:\WINDOWS\system32\Service
2009-01-18 19:56 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2009-01-18 19:53 . 2009-01-18 19:53 <DIR> d-------- C:\Program Files\Panda Security
2009-01-18 11:46 . 2009-01-18 11:46 <DIR> d-------- C:\Program Files\AskBarDis
2009-01-18 10:44 . 2009-01-18 10:44 262,144 --a------ C:\Documents and Settings\Guest
2009-01-18 09:17 . 2009-01-18 19:16 <DIR> d-------- C:\Program Files\NoAdware
2009-01-17 04:06 . 2008-08-04 12:16 50,192 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2009-01-17 04:06 . 2008-08-04 12:16 49,680 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2009-01-17 04:05 . 2009-01-17 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-01-17 04:04 . 2009-01-18 09:20 <DIR> d-------- C:\Program Files\Trend Micro
2009-01-17 01:31 . 2009-01-17 01:31 661,808 --a------ C:\WINDOWS\system32\UfWSC.cpl
2009-01-17 01:30 . 2009-01-17 01:30 1,195,448 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2009-01-17 01:30 . 2009-01-17 01:30 334,352 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2009-01-17 01:30 . 2009-01-17 01:30 205,328 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2009-01-17 01:30 . 2009-01-17 01:30 80,400 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2009-01-17 01:30 . 2009-01-17 01:30 36,368 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2009-01-17 01:07 . 2008-08-04 12:16 144,912 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2009-01-17 01:06 . 2009-01-17 20:37 <DIR> d-------- C:\Documents and Settings\Dr. Fatma Al Khamiri\.housecall6.6
2009-01-17 00:32 . 2008-10-17 20:32 126,976 --a------ C:\WINDOWS\ebkq.exe
2009-01-17 00:32 . 2008-10-17 20:32 86,016 --a------ C:\WINDOWS\lomxeqsn.exe
2009-01-16 17:39 . 2009-01-16 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-01-16 17:36 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2009-01-16 17:36 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2009-01-16 17:35 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2009-01-16 17:35 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2009-01-16 17:35 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2009-01-16 17:35 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2009-01-16 17:35 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2009-01-16 17:35 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2009-01-16 17:35 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2009-01-16 17:33 . 2009-01-16 17:34 <DIR> d-------- C:\Program Files\Yahoo!
2009-01-16 17:03 . 2009-01-16 17:04 <DIR> d-------- C:\Program Files\Safari
2009-01-15 23:04 . 2008-09-08 14:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2009-01-15 23:03 . 2008-08-14 14:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2009-01-15 23:03 . 2008-08-14 14:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2009-01-15 23:03 . 2008-08-14 13:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2009-01-15 23:03 . 2008-08-14 13:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2009-01-15 23:03 . 2008-09-15 16:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2009-01-14 10:48 . 2009-01-14 11:31 1,319 --ah----- C:\IPH.PH
2009-01-14 10:25 . 2009-01-14 10:26 <DIR> d-------- C:\Program Files\Opera
2009-01-12 21:35 . 2009-01-16 00:23 1,374 --a------ C:\WINDOWS\imsins.BAK
2009-01-09 13:28 . 2009-01-09 13:28 <DIR> dr------- C:\Documents and Settings\Dr. Fatma Al Khamiri\My Pictures
2009-01-09 00:32 . 2009-01-09 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-08 23:51 . 2009-01-10 00:12 <DIR> d-------- C:\TEMP
2009-01-08 08:12 . 2009-01-08 08:12 0 --a------ C:\WINDOWS\nsreg.dat
2009-01-06 09:56 . 2007-08-13 18:45 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2009-01-06 09:29 . 2009-01-06 09:29 <DIR> d--hs---- C:\Documents and Settings\Dr. Fatma Al Khamiri\PrivacIE
2008-12-31 00:33 . 2008-12-31 00:33 <DIR> d-------- C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\DivX
2008-12-30 16:39 . 2009-01-16 16:56 <DIR> d-------- C:\Program Files\DivX
2008-12-30 16:39 . 2008-09-16 04:14 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-12-26 01:32 . 2008-12-26 01:32 <DIR> d-------- C:\Program Files\genial78

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 15:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-16 13:35 --------- d-----w C:\Program Files\Common Files\Ahead
2009-01-16 13:35 --------- d-----w C:\Program Files\Ahead
2009-01-16 13:26 --------- d-----w C:\Program Files\Save Flash
2009-01-16 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-01-13 04:03 --------- d-----w C:\Program Files\Dl_cats
2009-01-12 17:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2009-01-08 21:45 --------- d-----w C:\Program Files\Kaspersky Lab
2009-01-08 21:26 --------- d-----w C:\Program Files\LtUcx
2008-12-27 18:24 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\dvdcss
2008-12-25 19:52 --------- d-----w C:\Program Files\Avanquest update
2008-12-21 06:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-12-18 08:00 --------- d-----w C:\Program Files\Common Files\InstallShield Shared
2008-12-18 06:34 --------- d-----w C:\Program Files\Articulate
2008-12-17 06:02 --------- d-----w C:\Program Files\Everstrike Software
2008-12-16 16:50 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Ahead
2008-12-14 19:23 --------- d-----w C:\Program Files\iPod
2008-12-14 18:27 --------- d-----w C:\Program Files\topdownloads
2008-08-01 20:54 33,256,951 ----a-w C:\Program Files\kav.en.exe
2008-07-29 07:47 34,847,744 ----a-w C:\Program Files\kav.en.msi
2008-03-25 06:51 560 -c--a-w C:\Program Files\Global.sw
2007-05-30 17:17 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-05-30 17:16 25,990,392 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2003-04-17 13:43 416 -c--a-r C:\Program Files\start.ini
2002-12-23 06:01 126,976 -c--a-r C:\Program Files\start.exe
2008-09-08 20:09 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080901\index.dat
2008-09-08 20:09 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090920080910\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{235A3ACD-EBE5-46b2-9BAE-B1960F9DC791}]
2008-07-23 10:09 344064 --a------ C:\Program Files\eREAD\eREAD\EasyRead.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-01-17 497008]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-22 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-01-17 970808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-01-17 497008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-09-11 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ExplorerSpeedDelay"= 0%
"DriveSpeedDelay"= %0
"MenuShowDelay"= 0%
"MenuSpeedDelay"= 0%
"BrowseForFolderDelay"= 0%
"BrowseForFileDelay"= 0%

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Talk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Talk.lnk
backup=C:\WINDOWS\pss\Google Talk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Live Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Live Messenger.lnk
backup=C:\WINDOWS\pss\Windows Live Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dr. Fatma Al Khamiri^Start Menu^Programs^Startup^Shortcut to YahooMessenger.lnk]
path=C:\Documents and Settings\Dr. Fatma Al Khamiri\Start Menu\Programs\Startup\Shortcut to YahooMessenger.lnk
backup=C:\WINDOWS\pss\Shortcut to YahooMessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
--a--c--- 2008-07-16 13:44 726272 C:\Program Files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2007-04-26 21:28 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 17:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a--c--- 2008-02-20 16:19 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-22 21:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dlcdcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcdPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"1925:UDP"= 1925:UDP:Windows Media Format SDK (iexplore.exe)
"1924:UDP"= 1924:UDP:Windows Media Format SDK (iexplore.exe)
"1927:UDP"= 1927:UDP:Windows Media Format SDK (iexplore.exe)
"1926:UDP"= 1926:UDP:Windows Media Format SDK (iexplore.exe)
"1930:UDP"= 1930:UDP:Windows Media Format SDK (iexplore.exe)
"1932:UDP"= 1932:UDP:Windows Media Format SDK (iexplore.exe)
"2066:UDP"= 2066:UDP:Windows Media Format SDK (iexplore.exe)
"2067:UDP"= 2067:UDP:Windows Media Format SDK (iexplore.exe)
"2068:UDP"= 2068:UDP:Windows Media Format SDK (iexplore.exe)
"2071:UDP"= 2071:UDP:Windows Media Format SDK (iexplore.exe)
"2070:UDP"= 2070:UDP:Windows Media Format SDK (iexplore.exe)
"2073:UDP"= 2073:UDP:Windows Media Format SDK (iexplore.exe)
"2749:UDP"= 2749:UDP:Windows Media Format SDK (iexplore.exe)
"2748:UDP"= 2748:UDP:Windows Media Format SDK (iexplore.exe)
"2753:UDP"= 2753:UDP:Windows Media Format SDK (iexplore.exe)
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-06-22 491520]
S2 P1100B_CT_CDI;Creative PD1100B HAL Service;C:\WINDOWS\system32\DRIVERS\P1100bCd.sys [ ]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2004-08-11 63104]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2004-08-11 63104]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-03-13 27136]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0828bcfe-c6eb-11db-bb25-0013cecb6bbb}]
\Shell\AutoRun\command - '.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ee1551d-8e88-11db-8414-0013cecb6bbb}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f525f6e-e6af-11db-8756-0013cecb6bbb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af0c4aa-d505-11db-bb5c-0013cecb6bbb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ae4071-1683-11dc-8806-0013cecb6bbb}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6405f33f-b8f9-11dc-89dc-000fb0d7d750}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64e567a0-f956-11dc-8a91-000fb0d7d750}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afa1761e-dc3c-11da-87ea-000fb0d7d750}]
\Shell\AutoRun\command - '.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc5287ec-8d9a-11db-840e-0013cecb6bbb}]
\Shell\AutoRun\command - '.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbfa3dfc-e606-11dd-8247-000fb0d7d750}]
\Shell\AutoRun\command - WD_Windows_Tools\Setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2006-04-27 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:12]

2009-01-20 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Mozilla\Firefox\Profiles\xs0fxysq.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 11:15:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-20 11:22:01
ComboFix-quarantined-files.txt 2009-01-20 07:21:40
ComboFix2.txt 2009-01-20 07:12:27

Pre-Run: 56,822,579,200 bytes free
Post-Run: 56,804,462,592 bytes free

324 --- E O F --- 2009-01-15 20:23:19


HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36: VIRUS ALERT!, on 1/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O1 - Hosts: 172.16.1.2 mail.mailstreet.net
O1 - Hosts: 172.16.1.2 mail
O1 - Hosts: 172.16.1.3 mailstreet2.mailstreet.net
O1 - Hosts: 172.16.1.3 mailstreet2
O1 - Hosts: 1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Easy Read - {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} - C:\Program Files\eREAD\eREAD\EasyRead.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9460490500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9460074765
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: (no name) - http://images.abunawaf.com/2007/09/11/ramandan5copy.jpg

--
End of file - 9881 bytes
mly
Active Member
 
Posts: 13
Joined: October 19th, 2008, 1:31 am

Re: virus alert!

Unread postby MikeSwim07 » October 23rd, 2008, 7:31 am

Hello MLY,

  • Please right click on your clock on your taskbar
  • Click Adjust/Time Date
  • Please set the time/date to the correct time and date

Please then follow the instructions below.

Download and Run ComboFix

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    The ones that need to be closed/disabled are:
    Trend Micro Internet Security

  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: virus alert!

Unread postby mly » October 23rd, 2008, 9:12 am

Hi

Nothing appear after I click adjust time/date.

Don't know what is the problem.

Regards,
MLY
mly
Active Member
 
Posts: 13
Joined: October 19th, 2008, 1:31 am

Re: virus alert!

Unread postby MikeSwim07 » October 24th, 2008, 3:19 pm

Please try the following,

Click Start > Run - type CMD.EXE /K DATE

Please enter the current time and date.

Then please follow the ComboFix steps in the last post.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: virus alert!

Unread postby mly » October 24th, 2008, 5:11 pm

Hello Micheal

Successfully done :) thank you for your help & time..

Here my logs

ComboFix log

ComboFix 08-10-19.04 - Mariam AL-Khamiri 2008-10-25 0:33:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.216 [GMT 4:00]
Running from: C:\Documents and Settings\Dr. Fatma Al Khamiri\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dr. Fatma Al Khamiri\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Documents\Adobe PDF\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Videos\Desktop_.ini
C:\Documents and Settings\Dr. Fatma Al Khamiri\My Documents\College\MaryAnne\C&B\old\Behaviourism & Consrctivism\Desktop_.ini
C:\Documents and Settings\Dr. Fatma Al Khamiri\My Documents\College\MaryAnne\C&B\old\Behaviourism & Consrctivism\muna\Behaviourism\Desktop_.ini
C:\Documents and Settings\Dr. Fatma Al Khamiri\My Documents\College\MaryAnne\C&B\old\Behaviourism & Consrctivism\muna\constructivism\CONSTRUCTEVISM\Desktop_.ini
C:\Documents and Settings\Dr. Fatma Al Khamiri\My Documents\College\MaryAnne\C&B\old\Behaviourism & Consrctivism\muna\constructivism\Desktop_.ini
C:\Documents and Settings\Dr. Fatma Al Khamiri\My Documents\College\MaryAnne\C&B\old\Behaviourism & Consrctivism\muna\constructivism\images\Desktop_.ini
C:\Documents and Settings\KOoKOo\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\ebkq.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.

2009-01-19 20:21 . 2009-01-19 20:21 <DIR> d-------- C:\WINDOWS\system32\Service
2009-01-17 01:31 . 2009-01-17 01:31 661,808 --a------ C:\WINDOWS\system32\UfWSC.cpl
2009-01-17 00:32 . 2008-10-17 20:32 86,016 --a------ C:\WINDOWS\lomxeqsn.exe
2009-01-16 17:35 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2009-01-16 17:35 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2009-01-16 17:35 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2009-01-16 17:35 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2009-01-16 17:35 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2009-01-16 17:35 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2009-01-16 17:35 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2009-01-14 10:48 . 2009-01-14 11:31 1,319 --ah----- C:\IPH.PH
2009-01-12 21:35 . 2009-01-16 00:23 1,374 --a------ C:\WINDOWS\imsins.BAK
2009-01-08 23:51 . 2009-01-10 00:12 <DIR> d-------- C:\TEMP
2009-01-08 08:12 . 2009-01-08 08:12 0 --a------ C:\WINDOWS\nsreg.dat
2009-01-06 09:56 . 2007-08-13 18:45 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2008-12-30 16:39 . 2008-09-16 04:14 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-12-18 10:35 . 2008-12-18 10:35 <DIR> d-------- C:\WINDOWS\system32\Redist
2008-12-18 10:35 . 2008-09-18 05:28 290,304 --a------ C:\WINDOWS\system32\artEMFLib.dll
2008-12-18 10:35 . 2008-09-18 05:26 143,360 --a------ C:\WINDOWS\system32\vbuzip10.dll
2008-12-18 10:35 . 2008-09-18 05:15 90,112 --a------ C:\WINDOWS\system32\ccrpTmr6.dll
2008-12-17 10:03 . 2002-12-20 22:00 53,248 --a------ C:\gendel32.exe
2008-12-17 09:56 . 2008-12-18 10:35 88,064 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-12-17 00:50 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-12-14 22:25 . 2003-08-08 20:17 2,256,896 --a------ C:\WINDOWS\system32\Topdownloads Folder Protect_uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 15:53 --------- d-----w C:\Program Files\Panda Security
2009-01-18 15:16 --------- d-----w C:\Program Files\NoAdware
2009-01-18 15:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-18 07:46 --------- d-----w C:\Program Files\AskBarDis
2009-01-18 05:20 --------- d-----w C:\Program Files\Trend Micro
2009-01-17 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-01-16 21:30 80,400 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2009-01-16 21:30 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2009-01-16 21:30 334,352 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2009-01-16 21:30 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2009-01-16 21:30 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2009-01-16 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-01-16 13:35 --------- d-----w C:\Program Files\Common Files\Ahead
2009-01-16 13:35 --------- d-----w C:\Program Files\Ahead
2009-01-16 13:34 --------- d-----w C:\Program Files\Yahoo!
2009-01-16 13:26 --------- d-----w C:\Program Files\Save Flash
2009-01-16 13:04 --------- d-----w C:\Program Files\Safari
2009-01-16 12:56 --------- d-----w C:\Program Files\DivX
2009-01-16 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-01-14 06:26 --------- d-----w C:\Program Files\Opera
2009-01-13 04:03 --------- d-----w C:\Program Files\Dl_cats
2009-01-12 17:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2009-01-08 21:45 --------- d-----w C:\Program Files\Kaspersky Lab
2009-01-08 21:26 --------- d-----w C:\Program Files\LtUcx
2009-01-08 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-30 20:33 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\DivX
2008-12-27 18:24 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\dvdcss
2008-12-25 21:32 --------- d-----w C:\Program Files\genial78
2008-12-25 19:52 --------- d-----w C:\Program Files\Avanquest update
2008-12-21 06:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-12-18 08:00 --------- d-----w C:\Program Files\Common Files\InstallShield Shared
2008-12-18 06:34 --------- d-----w C:\Program Files\Articulate
2008-12-17 06:02 --------- d-----w C:\Program Files\Everstrike Software
2008-12-16 16:50 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Ahead
2008-12-14 19:23 --------- d-----w C:\Program Files\iPod
2008-12-14 18:27 --------- d-----w C:\Program Files\topdownloads
2008-09-16 00:14 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-09-12 17:08 --------- d-----w C:\Program Files\eREAD
2008-09-11 16:26 --------- d-----w C:\Program Files\Nero
2008-09-11 16:01 --------- d-----w C:\Program Files\Windows Live
2008-09-11 16:01 --------- d-----w C:\Program Files\SWiSH Max2
2008-09-11 15:34 --------- d-----w C:\Program Files\Tracker Software
2008-09-11 15:02 --------- d-----w C:\Program Files\PDF-Convert
2008-09-11 13:54 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-09-11 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-09-11 12:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 12:37 --------- d-----w C:\Program Files\InterVideo
2008-09-11 12:37 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Delicious IE Extension
2008-09-11 12:35 --------- d-----w C:\Program Files\MagicISO
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-08 07:00 --------- d-----w C:\Program Files\TechSmith
2008-09-06 17:59 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-30 16:22 --------- d-----w C:\Program Files\Circle Developement
2008-08-30 13:49 --------- d-----w C:\Program Files\Google
2008-08-30 13:39 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-29 20:47 --------- d-----w C:\Program Files\GiPo@Utilities
2008-08-29 15:15 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Apple Computer
2008-08-28 19:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-28 19:18 --------- d-----w C:\Program Files\Apple Software Update
2008-08-27 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-21 16:25 73,216 -c--a-w C:\WINDOWS\ST6UNST.EXE
2008-08-21 16:25 249,856 -c----w C:\WINDOWS\Setup1.exe
2008-08-01 20:54 33,256,951 ----a-w C:\Program Files\kav.en.exe
2008-07-29 07:47 34,847,744 ----a-w C:\Program Files\kav.en.msi
2008-03-25 06:51 560 -c--a-w C:\Program Files\Global.sw
2007-05-30 17:17 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-05-30 17:16 25,990,392 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2003-04-17 13:43 416 -c--a-r C:\Program Files\start.ini
2002-12-23 06:01 126,976 -c--a-r C:\Program Files\start.exe
.

Hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:06, on 2008-10-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ae/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Easy Read - {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} - C:\Program Files\eREAD\eREAD\EasyRead.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9460490500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9460074765
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC77A4D3-E4E9-40BA-B8E0-8B82EDC7A17E}: NameServer = 213.42.20.20,195.229.241.222
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: (no name) - http://images.abunawaf.com/2007/09/11/ramandan5copy.jpg

--
End of file - 10306 bytes
mly
Active Member
 
Posts: 13
Joined: October 19th, 2008, 1:31 am

Re: virus alert!

Unread postby MikeSwim07 » October 24th, 2008, 5:14 pm

That is not the whole ComboFix log,

Please post the log located at C:\ComboFix.txt
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: virus alert!

Unread postby mly » October 24th, 2008, 5:45 pm

ComboFix 08-10-19.04 - Mariam AL-Khamiri 2008-10-25 1:30:27.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.226 [GMT 4:00]
Running from: C:\Documents and Settings\Dr. Fatma Al Khamiri\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dr. Fatma Al Khamiri\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Documents\Adobe PDF\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Videos\Desktop_.ini
C:\Documents and Settings\Dr. Fatma Al Khamiri\My Documents\College\MaryAnne\C&B\old\Behaviourism & Consrctivism\Desktop_.ini
C:\Documents and Settings\Dr. Fatma Al Khamiri\My Documents\College\MaryAnne\C&B\old\Behaviourism & Consrctivism\muna\Behaviourism\Desktop_.ini
C:\Documents and Settings\Dr. Fatma Al Khamiri\My Documents\College\MaryAnne\C&B\old\Behaviourism & Consrctivism\muna\constructivism\CONSTRUCTEVISM\Desktop_.ini
C:\Documents and Settings\Dr. Fatma Al Khamiri\My Documents\College\MaryAnne\C&B\old\Behaviourism & Consrctivism\muna\constructivism\Desktop_.ini
C:\Documents and Settings\Dr. Fatma Al Khamiri\My Documents\College\MaryAnne\C&B\old\Behaviourism & Consrctivism\muna\constructivism\images\Desktop_.ini
C:\Documents and Settings\KOoKOo\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\ebkq.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
.

2009-01-19 20:21 . 2009-01-19 20:21 <DIR> d-------- C:\WINDOWS\system32\Service
2009-01-17 01:31 . 2009-01-17 01:31 661,808 --a------ C:\WINDOWS\system32\UfWSC.cpl
2009-01-17 00:32 . 2008-10-17 20:32 86,016 --a------ C:\WINDOWS\lomxeqsn.exe
2009-01-16 17:35 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2009-01-16 17:35 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2009-01-16 17:35 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2009-01-16 17:35 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2009-01-16 17:35 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2009-01-16 17:35 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2009-01-16 17:35 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2009-01-14 10:48 . 2009-01-14 11:31 1,319 --ah----- C:\IPH.PH
2009-01-12 21:35 . 2009-01-16 00:23 1,374 --a------ C:\WINDOWS\imsins.BAK
2009-01-08 23:51 . 2009-01-10 00:12 <DIR> d-------- C:\TEMP
2009-01-08 08:12 . 2009-01-08 08:12 0 --a------ C:\WINDOWS\nsreg.dat
2009-01-06 09:56 . 2007-08-13 18:45 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2008-12-30 16:39 . 2008-09-16 04:14 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-12-18 10:35 . 2008-12-18 10:35 <DIR> d-------- C:\WINDOWS\system32\Redist
2008-12-18 10:35 . 2008-09-18 05:28 290,304 --a------ C:\WINDOWS\system32\artEMFLib.dll
2008-12-18 10:35 . 2008-09-18 05:26 143,360 --a------ C:\WINDOWS\system32\vbuzip10.dll
2008-12-18 10:35 . 2008-09-18 05:15 90,112 --a------ C:\WINDOWS\system32\ccrpTmr6.dll
2008-12-17 10:03 . 2002-12-20 22:00 53,248 --a------ C:\gendel32.exe
2008-12-17 09:56 . 2008-12-18 10:35 88,064 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-12-17 00:50 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-12-14 22:25 . 2003-08-08 20:17 2,256,896 --a------ C:\WINDOWS\system32\Topdownloads Folder Protect_uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 15:16 --------- d-----w C:\Program Files\NoAdware
2009-01-18 15:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-18 07:46 --------- d-----w C:\Program Files\AskBarDis
2009-01-18 05:20 --------- d-----w C:\Program Files\Trend Micro
2009-01-17 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-01-16 21:30 80,400 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2009-01-16 21:30 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2009-01-16 21:30 334,352 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2009-01-16 21:30 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2009-01-16 21:30 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2009-01-16 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-01-16 13:35 --------- d-----w C:\Program Files\Common Files\Ahead
2009-01-16 13:35 --------- d-----w C:\Program Files\Ahead
2009-01-16 13:34 --------- d-----w C:\Program Files\Yahoo!
2009-01-16 13:26 --------- d-----w C:\Program Files\Save Flash
2009-01-16 13:04 --------- d-----w C:\Program Files\Safari
2009-01-16 12:56 --------- d-----w C:\Program Files\DivX
2009-01-16 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-01-13 04:03 --------- d-----w C:\Program Files\Dl_cats
2009-01-12 17:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2009-01-08 21:45 --------- d-----w C:\Program Files\Kaspersky Lab
2009-01-08 21:26 --------- d-----w C:\Program Files\LtUcx
2009-01-08 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-30 20:33 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\DivX
2008-12-27 18:24 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\dvdcss
2008-12-25 21:32 --------- d-----w C:\Program Files\genial78
2008-12-25 19:52 --------- d-----w C:\Program Files\Avanquest update
2008-12-18 08:00 --------- d-----w C:\Program Files\Common Files\InstallShield Shared
2008-12-18 06:34 --------- d-----w C:\Program Files\Articulate
2008-12-17 06:02 --------- d-----w C:\Program Files\Everstrike Software
2008-12-16 16:50 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Ahead
2008-12-14 19:23 --------- d-----w C:\Program Files\iPod
2008-12-14 18:27 --------- d-----w C:\Program Files\topdownloads
2008-10-24 21:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-24 21:14 --------- d-----w C:\Program Files\Panda Security
2008-10-24 21:13 --------- d-----w C:\Program Files\Opera
2008-09-18 01:22 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
2008-09-16 00:14 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-09-16 00:14 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-12 17:08 --------- d-----w C:\Program Files\eREAD
2008-09-11 16:26 --------- d-----w C:\Program Files\Nero
2008-09-11 16:01 --------- d-----w C:\Program Files\Windows Live
2008-09-11 16:01 --------- d-----w C:\Program Files\SWiSH Max2
2008-09-11 15:34 --------- d-----w C:\Program Files\Tracker Software
2008-09-11 15:02 --------- d-----w C:\Program Files\PDF-Convert
2008-09-11 13:54 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-09-11 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-09-11 12:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 12:37 --------- d-----w C:\Program Files\InterVideo
2008-09-11 12:37 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Delicious IE Extension
2008-09-11 12:35 --------- d-----w C:\Program Files\MagicISO
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-08 07:00 --------- d-----w C:\Program Files\TechSmith
2008-09-06 17:59 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-30 16:22 --------- d-----w C:\Program Files\Circle Developement
2008-08-30 13:49 --------- d-----w C:\Program Files\Google
2008-08-30 13:39 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-29 20:47 --------- d-----w C:\Program Files\GiPo@Utilities
2008-08-29 15:15 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Apple Computer
2008-08-28 19:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-28 19:18 --------- d-----w C:\Program Files\Apple Software Update
2008-08-27 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 17:54 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-22 17:54 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-21 16:25 73,216 -c--a-w C:\WINDOWS\ST6UNST.EXE
2008-08-21 16:25 249,856 -c----w C:\WINDOWS\Setup1.exe
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 13:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-08-01 20:54 33,256,951 ----a-w C:\Program Files\kav.en.exe
2008-07-29 07:47 34,847,744 ----a-w C:\Program Files\kav.en.msi
2008-03-25 06:51 560 -c--a-w C:\Program Files\Global.sw
2007-05-30 17:17 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-05-30 17:16 25,990,392 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2003-04-17 13:43 416 -c--a-r C:\Program Files\start.ini
2002-12-23 06:01 126,976 -c--a-r C:\Program Files\start.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-20_11.11.15.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-10-15 16:34:24 337,408 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2008-04-14 00:12:01 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{235A3ACD-EBE5-46b2-9BAE-B1960F9DC791}]
2008-07-23 10:09 344064 --a------ C:\Program Files\eREAD\eREAD\EasyRead.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-01-17 497008]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-22 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-01-17 970808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-01-17 497008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-09-11 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ExplorerSpeedDelay"= 0%
"DriveSpeedDelay"= %0
"MenuShowDelay"= 0%
"MenuSpeedDelay"= 0%
"BrowseForFolderDelay"= 0%
"BrowseForFileDelay"= 0%

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.HFYU"= huffyuv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Talk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Talk.lnk
backup=C:\WINDOWS\pss\Google Talk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Live Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Live Messenger.lnk
backup=C:\WINDOWS\pss\Windows Live Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dr. Fatma Al Khamiri^Start Menu^Programs^Startup^Shortcut to YahooMessenger.lnk]
path=C:\Documents and Settings\Dr. Fatma Al Khamiri\Start Menu\Programs\Startup\Shortcut to YahooMessenger.lnk
backup=C:\WINDOWS\pss\Shortcut to YahooMessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
--a--c--- 2008-07-16 13:44 726272 C:\Program Files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2007-04-26 21:28 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 17:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a--c--- 2008-02-20 16:19 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-22 21:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dlcdcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcdPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"1925:UDP"= 1925:UDP:Windows Media Format SDK (iexplore.exe)
"1924:UDP"= 1924:UDP:Windows Media Format SDK (iexplore.exe)
"1927:UDP"= 1927:UDP:Windows Media Format SDK (iexplore.exe)
"1926:UDP"= 1926:UDP:Windows Media Format SDK (iexplore.exe)
"1930:UDP"= 1930:UDP:Windows Media Format SDK (iexplore.exe)
"1932:UDP"= 1932:UDP:Windows Media Format SDK (iexplore.exe)
"2066:UDP"= 2066:UDP:Windows Media Format SDK (iexplore.exe)
"2067:UDP"= 2067:UDP:Windows Media Format SDK (iexplore.exe)
"2068:UDP"= 2068:UDP:Windows Media Format SDK (iexplore.exe)
"2071:UDP"= 2071:UDP:Windows Media Format SDK (iexplore.exe)
"2070:UDP"= 2070:UDP:Windows Media Format SDK (iexplore.exe)
"2073:UDP"= 2073:UDP:Windows Media Format SDK (iexplore.exe)
"2749:UDP"= 2749:UDP:Windows Media Format SDK (iexplore.exe)
"2748:UDP"= 2748:UDP:Windows Media Format SDK (iexplore.exe)
"2753:UDP"= 2753:UDP:Windows Media Format SDK (iexplore.exe)
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-06-22 491520]
S2 P1100B_CT_CDI;Creative PD1100B HAL Service;C:\WINDOWS\system32\DRIVERS\P1100bCd.sys [ ]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2004-08-11 63104]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2004-08-11 63104]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-03-13 27136]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0828bcfe-c6eb-11db-bb25-0013cecb6bbb}]
\Shell\AutoRun\command - '.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ee1551d-8e88-11db-8414-0013cecb6bbb}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f525f6e-e6af-11db-8756-0013cecb6bbb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ae4071-1683-11dc-8806-0013cecb6bbb}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6405f33f-b8f9-11dc-89dc-000fb0d7d750}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64e567a0-f956-11dc-8a91-000fb0d7d750}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afa1761e-dc3c-11da-87ea-000fb0d7d750}]
\Shell\AutoRun\command - '.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc5287ec-8d9a-11db-840e-0013cecb6bbb}]
\Shell\AutoRun\command - '.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbfa3dfc-e606-11dd-8247-000fb0d7d750}]
\Shell\AutoRun\command - WD_Windows_Tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2006-04-27 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:12]

2008-10-24 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Mozilla\Firefox\Profiles\xs0fxysq.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 01:34:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-25 1:37:53
ComboFix-quarantined-files.txt 2008-10-24 21:36:50
ComboFix2.txt 2009-01-20 07:22:03
ComboFix3.txt 2009-01-20 07:12:27

Pre-Run: 56,494,518,272 bytes free
Post-Run: 56,480,845,824 bytes free

368 --- E O F --- 2008-10-24 20:59:17
mly
Active Member
 
Posts: 13
Joined: October 19th, 2008, 1:31 am

Re: virus alert!

Unread postby MikeSwim07 » October 25th, 2008, 7:21 am

Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File::
C:\WINDOWS\lomxeqsn.exe
C:\gendel32.exe
C:\WINDOWS\system32\Topdownloads Folder Protect_uninstall.exe

Folder::
C:\Program Files\NoAdware
C:\Program Files\AskBarDis

DirLook::
C:\WINDOWS\system32\Service

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-


Save it to your desktop as CFScript.txt

Refering to the picture below, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Please post the ComboFix log, the Malwarebyte' anti malware, and a new Hijackthis log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: virus alert!

Unread postby mly » October 25th, 2008, 1:35 pm

Here my logs

ComboFix


ComboFix 08-10-19.04 - Mariam AL-Khamiri 2008-10-25 16:31:56.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.163 [GMT 4:00]
Running from: C:\Documents and Settings\Dr. Fatma Al Khamiri\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dr. Fatma Al Khamiri\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\gendel32.exe
C:\WINDOWS\lomxeqsn.exe
C:\WINDOWS\system32\Topdownloads Folder Protect_uninstall.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\gendel32.exe
C:\Program Files\NoAdware
C:\Program Files\NoAdware\logs\Date(18-1-2009) Time(9-45-26).txt
C:\Program Files\NoAdware\NoAdwareBackup\1,18,2009_9,45,18.zip
C:\WINDOWS\lomxeqsn.exe
C:\WINDOWS\system32\Topdownloads Folder Protect_uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
.

2009-01-19 20:21 . 2009-01-19 20:21 <DIR> d-------- C:\WINDOWS\system32\Service
2009-01-18 19:53 . 2008-10-25 01:14 <DIR> d-------- C:\Program Files\Panda Security
2009-01-17 04:04 . 2009-01-18 09:20 <DIR> d-------- C:\Program Files\Trend Micro
2009-01-17 01:31 . 2009-01-17 01:31 661,808 --a------ C:\WINDOWS\system32\UfWSC.cpl
2009-01-17 01:06 . 2009-01-17 20:37 <DIR> d-------- C:\Documents and Settings\Dr. Fatma Al Khamiri\.housecall6.6
2009-01-16 17:33 . 2008-10-25 01:53 <DIR> d-------- C:\Program Files\Yahoo!
2009-01-16 17:03 . 2009-01-16 17:04 <DIR> d-------- C:\Program Files\Safari
2009-01-14 10:48 . 2009-01-14 11:31 1,319 --ah----- C:\IPH.PH
2009-01-14 10:25 . 2008-10-25 01:13 <DIR> d-------- C:\Program Files\Opera
2009-01-09 13:28 . 2009-01-22 21:13 <DIR> dr------- C:\Documents and Settings\Dr. Fatma Al Khamiri\My Pictures
2009-01-08 23:51 . 2009-01-10 00:12 <DIR> d-------- C:\TEMP
2009-01-08 08:12 . 2009-01-08 08:12 0 --a------ C:\WINDOWS\nsreg.dat
2009-01-06 09:56 . 2007-08-13 18:45 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2009-01-06 09:29 . 2009-01-06 09:29 <DIR> d--hs---- C:\Documents and Settings\Dr. Fatma Al Khamiri\PrivacIE
2008-12-30 16:39 . 2009-01-16 16:56 <DIR> d-------- C:\Program Files\DivX
2008-12-30 16:39 . 2008-09-16 04:14 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-12-18 10:35 . 2008-12-18 10:35 <DIR> d-------- C:\WINDOWS\system32\Redist
2008-12-18 10:35 . 2008-09-18 05:28 290,304 --a------ C:\WINDOWS\system32\artEMFLib.dll
2008-12-18 10:35 . 2008-09-18 05:26 143,360 --a------ C:\WINDOWS\system32\vbuzip10.dll
2008-12-18 10:35 . 2008-09-18 05:15 90,112 --a------ C:\WINDOWS\system32\ccrpTmr6.dll
2008-12-17 09:56 . 2008-12-18 10:35 88,064 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-12-17 00:50 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-12-14 23:23 . 2008-12-14 23:23 <DIR> d-------- C:\Program Files\iPod
2008-12-14 22:27 . 2008-12-14 22:27 <DIR> d-------- C:\Program Files\topdownloads
2008-10-25 05:19 . 2008-10-25 05:27 <DIR> d-------- C:\Program Files\RegCure
2008-10-25 02:14 . 2008-10-25 02:14 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-25 02:01 . 2008-10-25 02:20 <DIR> d-------- C:\Program Files\Delicious Add-on for Internet Explorer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 15:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-17 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-01-16 21:30 80,400 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2009-01-16 21:30 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2009-01-16 21:30 334,352 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2009-01-16 21:30 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2009-01-16 21:30 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2009-01-16 13:26 --------- d-----w C:\Program Files\Save Flash
2009-01-16 12:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-01-13 04:03 --------- d-----w C:\Program Files\Dl_cats
2009-01-12 17:38 --------- d-----w C:\Program Files\Windows Media Connect 2
2009-01-08 21:45 --------- d-----w C:\Program Files\Kaspersky Lab
2009-01-08 21:26 --------- d-----w C:\Program Files\LtUcx
2009-01-08 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-30 20:33 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\DivX
2008-12-27 18:24 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\dvdcss
2008-12-25 19:52 --------- d-----w C:\Program Files\Avanquest update
2008-12-18 06:34 --------- d-----w C:\Program Files\Articulate
2008-12-17 06:02 --------- d-----w C:\Program Files\Everstrike Software
2008-10-25 01:39 --------- d-----w C:\Program Files\Common Files\Ahead
2008-10-24 22:19 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Delicious IE Extension
2008-10-24 22:13 --------- d-----w C:\Program Files\Common Files\Real
2008-10-24 22:10 --------- d-----w C:\Program Files\Google
2008-10-24 21:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-18 01:22 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
2008-09-16 00:14 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-09-16 00:14 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-12 17:08 --------- d-----w C:\Program Files\eREAD
2008-09-11 16:26 --------- d-----w C:\Program Files\Nero
2008-09-11 16:01 --------- d-----w C:\Program Files\Windows Live
2008-09-11 16:01 --------- d-----w C:\Program Files\SWiSH Max2
2008-09-11 15:34 --------- d-----w C:\Program Files\Tracker Software
2008-09-11 15:02 --------- d-----w C:\Program Files\PDF-Convert
2008-09-11 13:54 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-09-11 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-09-11 12:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-11 12:37 --------- d-----w C:\Program Files\InterVideo
2008-09-11 12:35 --------- d-----w C:\Program Files\MagicISO
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-08 07:00 --------- d-----w C:\Program Files\TechSmith
2008-09-06 17:59 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-30 16:22 --------- d-----w C:\Program Files\Circle Developement
2008-08-30 13:39 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-29 20:47 --------- d-----w C:\Program Files\GiPo@Utilities
2008-08-29 15:15 --------- d-----w C:\Documents and Settings\Dr. Fatma Al Khamiri\Application Data\Apple Computer
2008-08-28 19:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-28 19:18 --------- d-----w C:\Program Files\Apple Software Update
2008-08-27 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 17:54 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-22 17:54 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-21 16:25 73,216 -c--a-w C:\WINDOWS\ST6UNST.EXE
2008-08-21 16:25 249,856 -c----w C:\WINDOWS\Setup1.exe
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 13:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-29 07:47 34,847,744 ----a-w C:\Program Files\kav.en.msi
2008-03-25 06:51 560 -c--a-w C:\Program Files\Global.sw
2007-05-30 17:17 2,874,926 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-05-30 17:16 25,990,392 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2003-04-17 13:43 416 -c--a-r C:\Program Files\start.ini
2002-12-23 06:01 126,976 -c--a-r C:\Program Files\start.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\Service ----

2009-01-19 20:21 928 --a------ C:\WINDOWS\system32\Service\19012009_TIS17_SfFniAU.log


((((((((((((((((((((((((((((( snapshot@2009-01-20_11.11.15.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-10-15 16:34:24 337,408 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:04 235,936 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-01-16 12:52:58 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-10-24 22:34:25 84,661 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-04-14 00:12:01 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2008-08-22 17:54:44 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
+ 2008-10-24 22:12:22 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
- 2008-08-22 17:54:47 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
+ 2008-10-24 22:12:31 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
- 2008-08-22 17:54:47 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
+ 2008-10-24 22:12:31 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
- 2008-08-22 17:55:07 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
+ 2008-10-24 22:13:38 185,920 ----a-w C:\WINDOWS\system32\rmoc3260.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{235A3ACD-EBE5-46b2-9BAE-B1960F9DC791}]
2008-07-23 10:09 344064 --a------ C:\Program Files\eREAD\eREAD\EasyRead.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-01-17 497008]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-01-17 970808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-01-17 497008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-09-11 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ExplorerSpeedDelay"= 0%
"DriveSpeedDelay"= %0
"MenuShowDelay"= 0%
"MenuSpeedDelay"= 0%
"BrowseForFolderDelay"= 0%
"BrowseForFileDelay"= 0%

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.HFYU"= huffyuv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Talk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Talk.lnk
backup=C:\WINDOWS\pss\Google Talk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Live Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Live Messenger.lnk
backup=C:\WINDOWS\pss\Windows Live Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dr. Fatma Al Khamiri^Start Menu^Programs^Startup^Shortcut to YahooMessenger.lnk]
path=C:\Documents and Settings\Dr. Fatma Al Khamiri\Start Menu\Programs\Startup\Shortcut to YahooMessenger.lnk
backup=C:\WINDOWS\pss\Shortcut to YahooMessenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
--a--c--- 2008-07-16 13:44 726272 C:\Program Files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2007-04-26 21:28 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 17:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a--c--- 2008-02-20 16:19 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-25 02:12 185872 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dlcdcoms.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcdPSWX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"1925:UDP"= 1925:UDP:Windows Media Format SDK (iexplore.exe)
"1924:UDP"= 1924:UDP:Windows Media Format SDK (iexplore.exe)
"1927:UDP"= 1927:UDP:Windows Media Format SDK (iexplore.exe)
"1926:UDP"= 1926:UDP:Windows Media Format SDK (iexplore.exe)
"1930:UDP"= 1930:UDP:Windows Media Format SDK (iexplore.exe)
"1932:UDP"= 1932:UDP:Windows Media Format SDK (iexplore.exe)
"2066:UDP"= 2066:UDP:Windows Media Format SDK (iexplore.exe)
"2067:UDP"= 2067:UDP:Windows Media Format SDK (iexplore.exe)
"2068:UDP"= 2068:UDP:Windows Media Format SDK (iexplore.exe)
"2071:UDP"= 2071:UDP:Windows Media Format SDK (iexplore.exe)
"2070:UDP"= 2070:UDP:Windows Media Format SDK (iexplore.exe)
"2073:UDP"= 2073:UDP:Windows Media Format SDK (iexplore.exe)
"2749:UDP"= 2749:UDP:Windows Media Format SDK (iexplore.exe)
"2748:UDP"= 2748:UDP:Windows Media Format SDK (iexplore.exe)
"2753:UDP"= 2753:UDP:Windows Media Format SDK (iexplore.exe)
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-06-22 491520]
S2 P1100B_CT_CDI;Creative PD1100B HAL Service;C:\WINDOWS\system32\DRIVERS\P1100bCd.sys [ ]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2004-08-11 63104]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;C:\WINDOWS\system32\DRIVERS\ewusbser.sys [2004-08-11 63104]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [ ]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-03-13 27136]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0828bcfe-c6eb-11db-bb25-0013cecb6bbb}]
\Shell\AutoRun\command - '.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ee1551d-8e88-11db-8414-0013cecb6bbb}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f525f6e-e6af-11db-8756-0013cecb6bbb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55ae4071-1683-11dc-8806-0013cecb6bbb}]
\Shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6405f33f-b8f9-11dc-89dc-000fb0d7d750}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64e567a0-f956-11dc-8a91-000fb0d7d750}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afa1761e-dc3c-11da-87ea-000fb0d7d750}]
\Shell\AutoRun\command - '.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc5287ec-8d9a-11db-840e-0013cecb6bbb}]
\Shell\AutoRun\command - '.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbfa3dfc-e606-11dd-8247-000fb0d7d750}]
\Shell\AutoRun\command - WD_Windows_Tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-25 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-04-22 01:21]

2008-10-25 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-04-22 01:21]

2006-04-27 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2008-04-14 04:12]

2008-10-25 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM Startup - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 16:38:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-25 16:48:40
ComboFix-quarantined-files.txt 2008-10-25 12:48:31
ComboFix2.txt 2008-10-24 21:37:54
ComboFix3.txt 2009-01-20 07:22:03
ComboFix4.txt 2009-01-20 07:12:27

Pre-Run: 56,150,556,672 bytes free
Post-Run: 56,141,189,120 bytes free

355 --- E O F --- 2008-10-24 20:59:17

Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:59 PM, on 10/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ae/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Easy Read - {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} - C:\Program Files\eREAD\eREAD\EasyRead.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9460490500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9460074765
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC77A4D3-E4E9-40BA-B8E0-8B82EDC7A17E}: NameServer = 213.42.20.20,195.229.241.222
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: (no name) - http://images.abunawaf.com/2007/09/11/ramandan5copy.jpg

--
End of file - 10100 bytes

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.30
Database version: 1316
Windows 5.1.2600 Service Pack 3

10/25/2008 8:54:34 PM
mbam-log-2008-10-25 (20-54-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 202764
Time elapsed: 3 hour(s), 51 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\rosqxvmn.btsx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rosqxvmn.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0011903-00111) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Dr. Fatma Al Khamiri\Favorites\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr. Fatma Al Khamiri\Favorites\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dr. Fatma Al Khamiri\Favorites\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
mly
Active Member
 
Posts: 13
Joined: October 19th, 2008, 1:31 am

Re: virus alert!

Unread postby MikeSwim07 » October 26th, 2008, 7:35 am

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    O2 - BHO: (no name) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - (no file)
    O3 - Toolbar: (no name) - {1F385865-F3D4-41ff-960D-7B7D0A7A72F6} - (no file)


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Please restart your computer.

Please post a new Hijackthis log. How is everything running now?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: virus alert!

Unread postby mly » October 26th, 2008, 9:26 am

Everything is great, thanks to you :)

HijackThis logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:23 PM, on 10/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ae/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Easy Read - {235A3ACD-EBE5-46b2-9BAE-B1960F9DC791} - C:\Program Files\eREAD\eREAD\EasyRead.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 9460490500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9460074765
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC77A4D3-E4E9-40BA-B8E0-8B82EDC7A17E}: NameServer = 213.42.20.20,195.229.241.222
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: (no name) - http://images.abunawaf.com/2007/09/11/ramandan5copy.jpg

--
End of file - 9997 bytes
mly
Active Member
 
Posts: 13
Joined: October 19th, 2008, 1:31 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 310 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware