Trojan Horse Dropper.Agent.GIT - Free Antivirus Forum

Trojan Horse Dropper.Agent.GIT

BullGuard Antivirus Forum > Bullguard zone > BullGuard Trial users > Trojan Horse Dropper.Agent.GIT

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Jesus-Rocker
New Member

Date Joined Jan 2008
Total Posts : 19

Posted 1-17-2008 11:40 (GMT +1)

im always encountering this prompt at start up....

C:\WINDOWS\system32\jkkjk.exe
Windows cannot access the specified device, path, or file. You may not have
the appropriate permissions to access the item.

DESKTOP
Could not load or run 'C:\WINDOWS\system32\jkkjk.exe' specified in the
registry. Make sure the file exist on your computer or remove the reference to
it in the registry.

and when i manually(because it didn't work at start up) run AVG, threats of Trojan Horse Dropper.Agent.GIT is found.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13590

Posted 1-17-2008 1:12 (GMT +1)

Hello

Let´s see what´s running on Your computer -

Click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Jesus-Rocker
New Member

Date Joined Jan 2008
Total Posts : 19

Posted 1-17-2008 1:30 (GMT +1)

but the problem is i don't know how to check security updates., im using SP2.. im just new in using this and im confused of what to do..

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13590

Posted 1-17-2008 1:33 (GMT +1)

That´s good You have SP2, no need to check for security updates then. Just continue with rest of the instructions

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Jesus-Rocker
New Member

Date Joined Jan 2008
Total Posts : 19

Posted 1-17-2008 1:46 (GMT +1)

how about the instruction

if you have SP@, just check for security patches
Apply the Update.

Jesus-Rocker
New Member

Date Joined Jan 2008
Total Posts : 19

Posted 1-17-2008 2:31 (GMT +1)

this is my log including the ccleaner but i wasn't able to download AVG anti-spyware because the server cannot be found., can this work without that?

CLEANING COMPLETE - (0.168 secs)
------------------------------------------------------------------------------------------
19.8MB removed.
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (1 files) 48.00KB
Removed Cookie: yahoo.com
Removed Cookie: mail.yahoo.com
Removed Cookie: adinterax.com
Removed Cookie: richmedia.yahoo.com
Removed Cookie: indextools.com
Removed Cookie: www.bullguard.com
Removed Cookie: questionmarket.com
Removed Cookie: doubleclick.net
Removed Cookie: friendster.com
Removed Cookie: www.friendster.com
Removed Cookie: slide.com
Removed Cookie: gigya.com
Removed Cookie: imeem.com
Removed Cookie: zwani.com
Removed Cookie: google.com
Removed Cookie: bullguard.com
Removed Cookie: ad.yieldmanager.com
Removed Cookie: forums.whatthetech.com
Removed Cookie: sc.intellitxt.com
Removed Cookie: www.yahoo.com
Removed Cookie: mozilla.com
Removed Cookie: atdmt.com
Removed Cookie: mediaplex.com
Removed Cookie: icrontic.com
Removed Cookie: answers.yahoo.com
Removed Cookie: forums.majorgeeks.com
Removed Cookie: majorgeeks.com
Removed Cookie: quantserve.com
Removed Cookie: tribalfusion.com
Removed Cookie: mozilla.org
Removed Cookie: www.grisoft.com
Removed Cookie: grisoft.com
Removed Cookie: ssl-hints.netflame.cc
Removed Cookie: ads.pointroll.com
Removed Cookie: aus2.mozilla.org
Removed Cookie: youtube.com
Removed Cookie: specificclick.net
Removed Cookie: adrevolver.com
Removed Cookie: media.adrevolver.com
Removed Cookie: perfspot.com
Removed Cookie: server.iad.liveperson.net
Removed Cookie: www.ultimate-guitar.com
Removed Cookie: mediamgr.ugo.com
Removed Cookie: truveo.com
Removed Cookie: fastclick.net
Removed Cookie: artistdirect.com
Removed Cookie: securesites.com
Removed Cookie: counter.hitslink.com
Removed Cookie: forums.spybot.info
Removed Cookie: techguy.org
Removed Cookie: forums.techguy.org
Removed Cookie: ads.techguy.org
Removed Cookie: dvhardware.net
Removed Cookie: www.dvhardware.net
Removed Cookie: clearspring.com
Removed Cookie: recaptcha.net
Removed Cookie: soft32.com
Removed Cookie: ads.soft32.com
Removed Cookie: www.regnow.com
Removed Cookie: rotator.adjuggler.com
Removed Cookie: digitalpoint.com
Removed Cookie: tacktech.com
Removed Cookie: www.tacktech.com
Removed Cookie: www.microsoft.com
Removed Cookie: amazon.com
Removed Cookie: mydigitallife.info
Removed Cookie: apmebf.com
Removed Cookie: statcounter.com
Removed Cookie: yadro.ru
Removed Cookie: www.flmsdown.net
Removed Cookie: layer-ads.de
Removed Cookie: clicksor.com
Removed Cookie: toplist.cz
Removed Cookie: www.warezquality.com
Removed Cookie: fulldownloads.us
Removed Cookie: filekicker.com
Removed Cookie: food.yahoo.com
Removed Cookie: google.com.ph
Removed Cookie: flixster.com
Removed Cookie: casalemedia.com
Removed Cookie: 2o7.net
Removed Cookie: geocities.com
Removed Cookie: groups.google.com
Removed Cookie: forums.searchenginewatch.com
Removed Cookie: javascript.com
Removed Cookie: internet.com
Removed Cookie: com.com
Removed Cookie: revsci.net
Removed Cookie: download.com
Removed Cookie: javascript.internet.com
Removed Cookie: topdownloads.nl.intellitxt.com
Removed Cookie: classmates.com
Removed Cookie: suitesmart.com
Firefox/Mozilla Temporary Internet Cache (167 files) 18.9MB
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\354x802s.default\history.dat 0.93MB
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 405 bytes
------------------------------------------------------------------------------------------
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Thu 01/17/2008 21:01:32.39

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 21:01:32
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...
IPC error: 2 The system cannot find the file specified.

scanning hidden registry entries ...

scanning hidden files ...
IPC error: 2 The system cannot find the file specified.

hidden processes: 0
hidden services: 0
hidden files: 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:41 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkjk.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6859 bytes

ComboFix 08-01-17.5 - Administrator 2008-01-17 21:18:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.691 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-17 21:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 21:10 . 2008-01-17 21:10 <DIR> d-------- C:\HiJackThis
2008-01-17 18:07 . 2008-01-17 18:07 3,584 --a------ C:\WINDOWS\system32\jkkjk.exe
2008-01-16 22:58 . 2008-01-16 22:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-16 22:58 . 2008-01-16 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 22:58 . 2008-01-17 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-16 22:58 . 2008-01-17 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-16 19:02 . 2008-01-16 19:03 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-16 18:46 . 2008-01-16 19:21 116,960 --a------ C:\WINDOWS\hpoins11.dat
2008-01-16 17:28 . 2008-01-16 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-01-16 13:55 . 2008-01-16 13:55 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-16 13:55 . 2001-07-06 00:19 164 -r------- C:\WINDOWS\avrack.ini
2008-01-16 09:47 . 2008-01-16 09:47 <DIR> d-------- C:\WINDOWS\Freecorder Toolbar
2008-01-16 09:47 . 2008-01-16 09:47 <DIR> d-------- C:\Program Files\Freecorder Toolbar
2008-01-16 09:47 . 2008-01-16 09:47 <DIR> d-------- C:\Program Files\Freecorder
2008-01-16 09:46 . 2008-01-16 09:47 2,293,848 --a------ C:\Program Files\FLV PlayerFCSetup.exe
2008-01-16 09:45 . 2008-01-16 09:45 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2008-01-16 09:45 . 2008-01-16 14:15 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-01-16 09:44 . 2007-03-04 20:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-01-16 09:44 . 2007-03-04 20:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-01-16 09:42 . 2008-01-16 14:17 <DIR> d-------- C:\Program Files\Replay Converter
2008-01-16 09:42 . 2008-01-16 09:45 3,955,352 --a------ C:\Program Files\FLV PlayerRCATSetup.exe
2008-01-16 09:30 . 2008-01-16 09:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
2008-01-16 09:29 . 2008-01-16 09:29 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-01-16 09:29 . 2008-01-16 09:29 <DIR> d-------- C:\Program Files\FLV Player
2008-01-16 09:29 . 2008-01-16 09:30 411,248 --a------ C:\Program Files\FLV PlayerRCSetup.exe
2008-01-16 09:28 . 2008-01-16 09:28 0 --a------ C:\WINDOWS\Infob.dat
2008-01-16 09:28 . 2008-01-16 09:28 0 --a------ C:\WINDOWS\Infoa.dat
2008-01-15 22:22 . 2008-01-16 16:11 <DIR> d-------- C:\VideoOutput
2008-01-15 22:17 . 2008-01-15 22:22 <DIR> d-------- C:\Program Files\Allok QuickTime to AVI MPEG DVD Converter
2008-01-15 22:17 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-01-14 21:55 . 2008-01-14 21:55 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-11 14:23 . 2008-01-15 21:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-11 14:23 . 2008-01-11 14:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 13:11 . 2008-01-11 13:11 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-01-10 21:37 . 2008-01-10 21:37 <DIR> d-------- C:\Program Files\WinASO
2008-01-10 19:22 . 2008-01-17 20:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-09 21:19 . 2008-01-09 21:19 <DIR> d-------- C:\Program Files\Apple Computer
2008-01-09 21:19 . 2003-11-21 16:15 29,156 --a------ C:\WINDOWS\system32\drivers\DVDAccss.sys
2008-01-09 19:04 . 1995-01-13 14:10 149,504 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2008-01-09 19:04 . 1995-01-13 14:10 108,032 --a------ C:\WINDOWS\system32\MFCUIA32.DLL
2008-01-09 19:04 . 1995-08-30 02:02 82,432 --a------ C:\WINDOWS\system32\CTWFLT32.DLL
2008-01-09 19:04 . 1994-12-05 03:11 53,552 --a------ C:\WINDOWS\CTCCW.DLL
2008-01-09 19:04 . 1995-07-13 02:01 26,768 --a------ C:\WINDOWS\system32\CTL3D.DLL
2008-01-09 19:04 . 1996-05-23 02:24 24,976 --a------ C:\WINDOWS\CTRES.DLL
2008-01-09 19:04 . 2008-01-09 19:04 296 --a------ C:\WINDOWS\SBWIN.INI
2008-01-09 19:03 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-01-09 19:03 . 2007-12-30 20:28 231 --a------ C:\WINDOWS\SYSTEM.I~I
2008-01-09 19:02 . 2008-01-09 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-09 16:44 . 2008-01-09 16:44 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-09 16:21 . 2008-01-09 16:21 4,096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys
2008-01-06 16:53 . 1999-10-11 09:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-01-06 16:50 . 2004-06-03 12:10 71,596 --------- C:\WINDOWS\system32\drivers\PfModNT.sys
2008-01-06 16:50 . 1999-12-13 09:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-01-06 16:50 . 1999-11-18 09:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-01-06 15:32 . 2008-01-06 15:32 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-01-06 15:32 . 2008-01-06 15:32 <DIR> d-------- C:\WINDOWS\Profiles
2008-01-06 15:32 . 2008-01-06 15:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-06 15:13 . 2008-01-06 15:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-01-06 14:55 . 2004-10-19 15:02 38,402 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-01-06 14:54 . 2008-01-16 14:18 <DIR> d-------- C:\Program Files\Creative
2008-01-05 21:14 . 2008-01-07 17:43 30,632 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-01-05 19:01 . 2008-01-05 19:01 <DIR> d-------- C:\WINDOWS\Sun
2008-01-04 12:18 . 2008-01-05 19:57 <DIR> d-------- C:\sega genesis
2008-01-04 10:55 . 2008-01-17 17:11 <DIR> d-------- C:\Program Files\Ares
2008-01-03 14:09 . 2008-01-03 14:09 684,313 --a------ C:\WINDOWS\unins000.exe
2008-01-03 14:09 . 2008-01-03 14:09 4,027 --a------ C:\WINDOWS\unins000.dat
2008-01-03 12:46 . 2008-01-03 12:47 <DIR> d-------- C:\My Documents
2008-01-02 10:35 . 2008-01-16 09:28 <DIR> d-------- C:\Program Files\Total Video Converter
2008-01-02 10:35 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-01-02 08:53 . 2008-01-11 15:52 0 --a------ C:\dump_dvd.vob
2008-01-02 08:01 . 2001-12-10 17:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-01-02 08:01 . 2001-12-10 17:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-01-02 08:01 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-01-02 08:01 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-01-02 08:01 . 2001-12-10 17:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-01-02 08:01 . 2001-12-10 17:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-01-02 08:01 . 2003-09-19 01:47 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2008-01-02 07:59 . 2003-09-10 23:36 21,060 --a------ C:\WINDOWS\system32\iviaspi.sys
2008-01-02 07:59 . 2003-09-10 23:36 21,060 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
2008-01-02 07:58 . 2008-01-02 08:00 <DIR> d-------- C:\Program Files\InterVideo
2008-01-02 07:53 . 2008-01-02 07:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-02 04:46 . 2008-01-02 04:46 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-02 04:46 . 2008-01-02 04:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-02 00:52 . 2005-05-03 18:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-01-02 00:45 . 2008-01-16 11:09 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-02 00:37 . 2008-01-02 00:37 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-01-02 00:37 . 2008-01-16 13:56 <DIR> d-------- C:\Program Files\AvRack
2008-01-02 00:37 . 2006-05-11 07:18 10,527,232 -ra------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-02 00:37 . 2006-05-19 15:44 3,965,056 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-02 00:37 . 2002-02-05 13:54 141,016 -ra------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-02 00:37 . 2004-07-01 15:02 584 -r------- C:\WINDOWS\system32\drivers\alcxinit.dat
2008-01-02 00:36 . 2006-03-20 11:48 315,392 -r------- C:\WINDOWS\alcupd.exe
2008-01-02 00:36 . 2005-11-18 11:20 217,088 -r------- C:\WINDOWS\alcrmv.exe
2008-01-01 22:00 . 2007-07-09 21:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-01 09:00 . 2006-08-21 17:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-01 09:00 . 2006-08-21 17:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-01 09:00 . 2006-08-21 20:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-01 08:59 . 2008-01-01 08:59 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-01 08:59 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 12:45 --------- d-----w C:\Program Files\CCleaner
2008-01-16 22:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-01-16 22:33 --------- d-----w C:\Program Files\Free Download Manager
2008-01-16 04:54 --------- d-----w C:\Program Files\TaskSwitchXP
2008-01-09 13:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 07:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-03 06:33 --------- d-----w C:\Program Files\Google
2008-01-01 16:52 --------- d-----w C:\Program Files\Realtek
2007-12-30 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-30 12:41 --------- d-----w C:\Program Files\Vimicro
2007-12-30 12:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2007-12-30 10:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-30 05:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-30 04:59 --------- d-----w C:\Program Files\01 Com
2007-12-30 04:55 --------- d-----w C:\Program Files\DivX
2007-12-30 04:53 --------- d-----w C:\Program Files\Intel
2007-12-30 04:37 --------- d-----w C:\Program Files\Real Alternative
2007-12-30 04:37 --------- d-----w C:\Program Files\MozBackup
2007-12-30 04:37 --------- d-----w C:\Program Files\Media Player Classic
2007-12-30 04:36 107,132 ----a-w C:\WINDOWS\UninstallThunderbird.exe
2007-12-30 04:36 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe
2007-12-30 04:36 --------- d-----w C:\Program Files\Java
2007-12-30 04:36 --------- d-----w C:\Program Files\Common Files\Java
2007-12-30 04:32 --------- d-----w C:\Program Files\RegShot
2007-12-30 04:32 --------- d-----w C:\Program Files\Attribute Changer
2003-03-21 05:37 16,056 ----a-w C:\Program Files\owcstp16.dll
.

<pre>
----a-w         2,449,455 2008-01-16 22:10:15  C:\Program Files\Free Download Manager\fdm .exe
----a-w           406,016 2008-01-16 22:10:11  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w           146,432 2008-01-16 14:04:20  C:\Program Files\Grisoft\AVG7\avgw .exe
----a-w            49,152 2008-01-16 14:56:46  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w         4,670,704 2008-01-16 14:56:54  C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
----a-w         4,670,704 2008-01-16 22:10:24  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{1392B8D2-5C05-419F-A8F6-B9F15A596612}

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [2007-07-31 16:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16:48 16208384 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-17 06:12 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-04 09:26 388608 C:\WINDOWS\system32\cmd.exe]
"nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2004-08-04 09:26 99840]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 07:29 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [2008-01-09 21:19:58]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-02 07:58:57]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"DisableCAD"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyaayy]
xxyaayy.dll

R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys [2003-11-21 16:15]
S1 ensqio;ensqio;C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;VIBRA 128;C:\WINDOWS\system32\DRIVERS\sbpcint4.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f613136-be48-11dc-9627-001921ff42f1}]
\Shell\AutoRun\command - jay.exe
\Shell\explore\Command - jay.exe
\Shell\open\Command - jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ef1e236-b8db-11dc-960b-001921ff42f1}]
\Shell\AutoRun\command - jay.exe
\Shell\explore\Command - jay.exe
\Shell\open\Command - jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7102ea2-b69c-11dc-95f7-001921ff42f1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 00:57:47 C:\WINDOWS\Tasks\WebReg psc C3100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
"2008-01-17 12:01:40 C:\WINDOWS\Tasks\WinASORegistryOptimizerForAdministrator.job"
- C:\Program Files\WinASO\Registry Optimizer 3.1\RegOpt.exe.-auto -second15 -param111111111111111111111CD0C:\Program Files\WinASO\Registry Optimizer 3.1\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 21:20:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 21:22:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 13:22:09
.
2008-01-03 03:23:06 --- E O F ---

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13590

Posted 1-17-2008 2:59 (GMT +1)

Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.

Click fix checked.

F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkjk.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.

Reboot to Safe mode

Delete the following files or folders (delete item in bold). Please do not be concerned if

any of the items are not found as they may have been automatically removed by actions I had

you take earlier in the cleaning process.

Open Folder Options in Controlpanel >view and check your settings:

Select

Show hidden files and folders

Display the contents of system folders

Uncheck: Hide protected operating system files

Delete:

Files:

C:\WINDOWS\system32\jkkjk.exe

Reboot normally

Please download to desktop:
http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Run it, and post the log it produce - (log txt in next reply along with new hijackthis log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Jesus-Rocker
New Member

Date Joined Jan 2008
Total Posts : 19

Posted 1-17-2008 3:53 (GMT +1)

i have finished everyrhing about RenV.exe but combofix didnt automatically run so i manually run it...
below is the result of RenV.exe and Log.txt followed by new hijackthis and at the bottom is the result after manually running combofix..

Ran on Thu 01/17/2008 - 22:48:57.39

Entries:                0  (0)
Directories:            0  Files:             0
Bytes:                  0  Blocks:            0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:38 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: xxyaayy - xxyaayy.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7639 bytes

ComboFix 08-01-17.5 - Administrator 2008-01-17 22:49:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.678 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-17 22:13 . 2008-01-17 22:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-17 22:13 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-17 21:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 21:10 . 2008-01-17 22:47 <DIR> d-------- C:\HiJackThis
2008-01-16 22:58 . 2008-01-16 22:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-16 22:58 . 2008-01-17 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 22:58 . 2008-01-17 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-16 22:58 . 2008-01-17 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-16 19:02 . 2008-01-16 19:03 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-16 18:46 . 2008-01-16 19:21 116,960 --a------ C:\WINDOWS\hpoins11.dat
2008-01-16 17:28 . 2008-01-16 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-01-16 13:55 . 2008-01-16 13:55 <DIR> d-------- C:\Program Files\Realtek AC97
2008-01-16 13:55 . 2001-07-06 00:19 164 -r------- C:\WINDOWS\avrack.ini
2008-01-16 09:47 . 2008-01-16 09:47 <DIR> d-------- C:\WINDOWS\Freecorder Toolbar
2008-01-16 09:47 . 2008-01-16 09:47 <DIR> d-------- C:\Program Files\Freecorder Toolbar
2008-01-16 09:47 . 2008-01-16 09:47 <DIR> d-------- C:\Program Files\Freecorder
2008-01-16 09:46 . 2008-01-16 09:47 2,293,848 --a------ C:\Program Files\FLV PlayerFCSetup.exe
2008-01-16 09:45 . 2008-01-16 09:45 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2008-01-16 09:45 . 2008-01-16 14:15 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-01-16 09:44 . 2007-03-04 20:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-01-16 09:44 . 2007-03-04 20:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-01-16 09:42 . 2008-01-16 14:17 <DIR> d-------- C:\Program Files\Replay Converter
2008-01-16 09:42 . 2008-01-16 09:45 3,955,352 --a------ C:\Program Files\FLV PlayerRCATSetup.exe
2008-01-16 09:30 . 2008-01-16 09:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
2008-01-16 09:29 . 2008-01-16 09:29 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-01-16 09:29 . 2008-01-16 09:29 <DIR> d-------- C:\Program Files\FLV Player
2008-01-16 09:29 . 2008-01-16 09:30 411,248 --a------ C:\Program Files\FLV PlayerRCSetup.exe
2008-01-16 09:28 . 2008-01-16 09:28 0 --a------ C:\WINDOWS\Infob.dat
2008-01-16 09:28 . 2008-01-16 09:28 0 --a------ C:\WINDOWS\Infoa.dat
2008-01-15 22:22 . 2008-01-16 16:11 <DIR> d-------- C:\VideoOutput
2008-01-15 22:17 . 2008-01-15 22:22 <DIR> d-------- C:\Program Files\Allok QuickTime to AVI MPEG DVD Converter
2008-01-15 22:17 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-01-14 21:55 . 2008-01-14 21:55 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-11 14:23 . 2008-01-15 21:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-11 14:23 . 2008-01-11 14:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 13:11 . 2008-01-11 13:11 <DIR> d-------- C:\Program Files\Guitar Pro 5
2008-01-10 21:37 . 2008-01-10 21:37 <DIR> d-------- C:\Program Files\WinASO
2008-01-10 19:22 . 2008-01-17 20:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-09 21:19 . 2008-01-09 21:19 <DIR> d-------- C:\Program Files\Apple Computer
2008-01-09 21:19 . 2003-11-21 16:15 29,156 --a------ C:\WINDOWS\system32\drivers\DVDAccss.sys
2008-01-09 19:04 . 1995-01-13 14:10 149,504 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2008-01-09 19:04 . 1995-01-13 14:10 108,032 --a------ C:\WINDOWS\system32\MFCUIA32.DLL
2008-01-09 19:04 . 1995-08-30 02:02 82,432 --a------ C:\WINDOWS\system32\CTWFLT32.DLL
2008-01-09 19:04 . 1994-12-05 03:11 53,552 --a------ C:\WINDOWS\CTCCW.DLL
2008-01-09 19:04 . 1995-07-13 02:01 26,768 --a------ C:\WINDOWS\system32\CTL3D.DLL
2008-01-09 19:04 . 1996-05-23 02:24 24,976 --a------ C:\WINDOWS\CTRES.DLL
2008-01-09 19:04 . 2008-01-09 19:04 296 --a------ C:\WINDOWS\SBWIN.INI
2008-01-09 19:03 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-01-09 19:03 . 2007-12-30 20:28 231 --a------ C:\WINDOWS\SYSTEM.I~I
2008-01-09 19:02 . 2008-01-09 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-09 16:44 . 2008-01-09 16:44 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-09 16:21 . 2008-01-09 16:21 4,096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys
2008-01-06 16:53 . 1999-10-11 09:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-01-06 16:50 . 2004-06-03 12:10 71,596 --------- C:\WINDOWS\system32\drivers\PfModNT.sys
2008-01-06 16:50 . 1999-12-13 09:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-01-06 16:50 . 1999-11-18 09:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-01-06 15:32 . 2008-01-06 15:32 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-01-06 15:32 . 2008-01-06 15:32 <DIR> d-------- C:\WINDOWS\Profiles
2008-01-06 15:32 . 2008-01-06 15:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-06 15:13 . 2008-01-06 15:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-01-06 14:55 . 2004-10-19 15:02 38,402 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-01-06 14:54 . 2008-01-16 14:18 <DIR> d-------- C:\Program Files\Creative
2008-01-05 21:14 . 2008-01-07 17:43 30,632 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-01-05 19:01 . 2008-01-05 19:01 <DIR> d-------- C:\WINDOWS\Sun
2008-01-04 12:18 . 2008-01-05 19:57 <DIR> d-------- C:\sega genesis
2008-01-04 10:55 . 2008-01-17 17:11 <DIR> d-------- C:\Program Files\Ares
2008-01-03 14:09 . 2008-01-03 14:09 684,313 --a------ C:\WINDOWS\unins000.exe
2008-01-03 14:09 . 2008-01-03 14:09 4,027 --a------ C:\WINDOWS\unins000.dat
2008-01-03 12:46 . 2008-01-03 12:47 <DIR> d-------- C:\My Documents
2008-01-02 10:35 . 2008-01-16 09:28 <DIR> d-------- C:\Program Files\Total Video Converter
2008-01-02 10:35 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-01-02 08:53 . 2008-01-11 15:52 0 --a------ C:\dump_dvd.vob
2008-01-02 08:01 . 2001-12-10 17:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-01-02 08:01 . 2001-12-10 17:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-01-02 08:01 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-01-02 08:01 . 2001-12-10 17:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-01-02 08:01 . 2001-12-10 17:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-01-02 08:01 . 2001-12-10 17:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-01-02 08:01 . 2003-09-19 01:47 10,368 --------- C:\WINDOWS\system32\drivers\pfc.sys
2008-01-02 07:59 . 2003-09-10 23:36 21,060 --a------ C:\WINDOWS\system32\iviaspi.sys
2008-01-02 07:59 . 2003-09-10 23:36 21,060 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
2008-01-02 07:58 . 2008-01-02 08:00 <DIR> d-------- C:\Program Files\InterVideo
2008-01-02 07:53 . 2008-01-02 07:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-02 04:46 . 2008-01-02 04:46 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-02 04:46 . 2008-01-02 04:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-02 00:52 . 2005-05-03 18:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-01-02 00:45 . 2008-01-16 11:09 169 --a------ C:\WINDOWS\RtlRack.ini
2008-01-02 00:37 . 2008-01-02 00:37 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-01-02 00:37 . 2008-01-16 13:56 <DIR> d-------- C:\Program Files\AvRack
2008-01-02 00:37 . 2006-05-11 07:18 10,527,232 -ra------ C:\WINDOWS\system32\RTLCPL.exe
2008-01-02 00:37 . 2006-05-19 15:44 3,965,056 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-02 00:37 . 2002-02-05 13:54 141,016 -ra------ C:\WINDOWS\system32\alsndmgr.wav
2008-01-02 00:37 . 2004-07-01 15:02 584 -r------- C:\WINDOWS\system32\drivers\alcxinit.dat
2008-01-02 00:36 . 2006-03-20 11:48 315,392 -r------- C:\WINDOWS\alcupd.exe
2008-01-02 00:36 . 2005-11-18 11:20 217,088 -r------- C:\WINDOWS\alcrmv.exe
2008-01-01 22:00 . 2007-07-09 21:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-01 09:00 . 2006-08-21 17:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-01 09:00 . 2006-08-21 17:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-01 09:00 . 2006-08-21 20:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-01 08:59 . 2008-01-01 08:59 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 14:45 --------- d-----w C:\Program Files\Free Download Manager
2008-01-17 12:45 --------- d-----w C:\Program Files\CCleaner
2008-01-16 22:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2008-01-16 04:54 --------- d-----w C:\Program Files\TaskSwitchXP
2008-01-09 13:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 07:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-03 06:33 --------- d-----w C:\Program Files\Google
2008-01-01 16:52 --------- d-----w C:\Program Files\Realtek
2007-12-30 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-30 12:41 --------- d-----w C:\Program Files\Vimicro
2007-12-30 12:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2007-12-30 10:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-30 05:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-30 04:59 --------- d-----w C:\Program Files\01 Com
2007-12-30 04:55 --------- d-----w C:\Program Files\DivX
2007-12-30 04:53 --------- d-----w C:\Program Files\Intel
2007-12-30 04:37 --------- d-----w C:\Program Files\Real Alternative
2007-12-30 04:37 --------- d-----w C:\Program Files\MozBackup
2007-12-30 04:37 --------- d-----w C:\Program Files\Media Player Classic
2007-12-30 04:36 107,132 ----a-w C:\WINDOWS\UninstallThunderbird.exe
2007-12-30 04:36 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe
2007-12-30 04:36 --------- d-----w C:\Program Files\Java
2007-12-30 04:36 --------- d-----w C:\Program Files\Common Files\Java
2007-12-30 04:32 --------- d-----w C:\Program Files\RegShot
2007-12-30 04:32 --------- d-----w C:\Program Files\Attribute Changer
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 09:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2003-03-21 05:37 16,056 ----a-w C:\Program Files\owcstp16.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2007-07-31 16:33 1391640 --a------ C:\Program Files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{1392B8D2-5C05-419F-A8F6-B9F15A596612}

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder\tbFree.dll [2007-07-31 16:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16:48 16208384 C:\WINDOWS\RTHDCPL.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-04 09:26 388608 C:\WINDOWS\system32\cmd.exe]
"nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2004-08-04 09:26 99840]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 07:29 44544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [2008-01-09 21:19:58]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-02 07:58:57]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"DisableCAD"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyaayy]
xxyaayy.dll

R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys [2003-11-21 16:15]
S1 ensqio;ensqio;C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;VIBRA 128;C:\WINDOWS\system32\DRIVERS\sbpcint4.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f613136-be48-11dc-9627-001921ff42f1}]
\Shell\AutoRun\command - jay.exe
\Shell\explore\Command - jay.exe
\Shell\open\Command - jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ef1e236-b8db-11dc-960b-001921ff42f1}]
\Shell\AutoRun\command - jay.exe
\Shell\explore\Command - jay.exe
\Shell\open\Command - jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7102ea2-b69c-11dc-95f7-001921ff42f1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-09 00:57:47 C:\WINDOWS\Tasks\WebReg psc C3100 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
"2008-01-17 12:01:40 C:\WINDOWS\Tasks\WinASORegistryOptimizerForAdministrator.job"
- C:\Program Files\WinASO\Registry Optimizer 3.1\RegOpt.exe.-auto -second15 -param111111111111111111111CD0C:\Program Files\WinASO\Registry Optimizer 3.1\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 22:50:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 22:50:18
ComboFix-quarantined-files.txt 2008-01-17 14:50:17
ComboFix2.txt 2008-01-17 13:22:11
.
2008-01-03 03:23:06 --- E O F ---

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13590

Posted 1-17-2008 5:38 (GMT +1)

Looks clean. How are things running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Jesus-Rocker
New Member

Date Joined Jan 2008
Total Posts : 19

Posted 1-17-2008 10:45 (GMT +1)

yeah., it's running better now., i've installed the free edition of AVG anti virus and now it's running normally at start up.,. also i don't have to install yahoo evrytime i open my computer..., is it ok if im just using the free avg edition???

thanks for the great help...

godbless us always... Jesus Rockz!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13590

Posted 1-18-2008 8:24 (GMT +1)

Was glad to help smile

free avg edition is a excellent Avirus program

-->>> Now that You are clean:

Here are some additional software you may wish to consider using, to prevent malicious software installing in your PC - >

Spyware Guard Background process to check applications as they begin to run for known spyware and malicious code, produces an alert if necessary.

Freeware.

SpywareBlaster This is not a scanner, it blocks malicious objects and code from being downloaded, in addition to blocking access to sites known to download malware. Spyware Blaster runs silently in the background and does not need to be open to protect your PC.

Freeware

Boclean BOClean is designed to run quietly without intrusion if no malware "attack" exists and will scan through any suspicious files with signature analysis to preclude false alarms or possible damage to valid configurations.
Think of your antivirus as a burglar alarm. BOClean is a motion detector.
Freeware

Make sure to keep these programs up-to-date

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Thursday, November 20, 2008 11:38 AM (GMT +1)
There are a total of 63.926 posts in 15.824 threads.
In the last 3 days there were 37 new threads and 150 reply posts. View Active Threads