PDA

View Full Version : Cannot view hidden files....



aditya
2008-11-13, 19:05
1) I had this same problem a year ago.
When i try to select "show hidden files" option n click Apply->OK..
hidden files are still hidden.

2) And whenever tried to open any drive(by double-clicking it) a new window appears even when "Open each folder in the same window" is selected...

Last Time Mr. Katana told me virus could have been come from a pen-drive.
This time I'm certain that it came from my pen-drive...(coz i wanted some vry important documents frm my college's PC, which was infected, so I had no options...)
:sad:

katana
2008-11-15, 02:28
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Welcome back Aditya :police:


Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.

aditya
2008-11-15, 18:38
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-15 22:05:57
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (68%) free of 19 GB
Total RAM: 375 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:00 PM, on 11/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Speed+\Configurator\ventcfg.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Speed+\Client\ventc.exe
C:\Program Files\Speed+\squid\ventcsquid.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcdnsserver.exe
C:\Program Files\Speed+\squid\ventcunlinkd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinDriveGuard\DriveGuard.exe
C:\Program Files\EpiValley\TATA Indicom Dialer\TATA Indicom Dialer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Speed+\Configurator\ventcfg.exe -nomsgbox
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DriveGuard.lnk = C:\Program Files\WinDriveGuard\DriveGuard.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5235215B-ECD2-4B3A-B745-4BA44C4A4113}: NameServer = 202.54.29.5 202.54.10.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Speed+\Client\ventc.exe

--
End of file - 5565 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-04-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-04-06 114688]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2007-12-04 79224]
"Venturi Configurator"=C:\Program Files\Speed+\Configurator\ventcfg.exe [2007-08-16 959880]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-11-14 4376328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kamsoft"=C:\WINDOWS\system32\ckvo.exe [2008-08-19 91498]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DriveGuard.lnk - C:\Program Files\WinDriveGuard\DriveGuard.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Speed+\squid\ventcsquid.exe"="C:\Program Files\Speed+\squid\ventcsquid.exe:*:Enabled:ventcsquid"
"C:\Program Files\Speed+\squid\ventcdnsserver.exe"="C:\Program Files\Speed+\squid\ventcdnsserver.exe:*:Enabled:ventcdnsserver"
"C:\Program Files\Speed+\Configurator\ventcfg.exe"="C:\Program Files\Speed+\Configurator\ventcfg.exe:*:Enabled:ventcfg"
"C:\Program Files\Speed+\Configurator\VClientUpdate.exe"="C:\Program Files\Speed+\Configurator\VClientUpdate.exe:*:Enabled:VClientUpdate.exe"
"C:\Program Files\Speed+\Client\VentC.exe"="C:\Program Files\Speed+\Client\VentC.exe:*:Enabled:VentC.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\StubInstaller.exe"="D:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Speed+\squid\ventcsquid.exe"="C:\Program Files\Speed+\squid\ventcsquid.exe:*:Enabled:ventcsquid"
"C:\Program Files\Speed+\squid\ventcdnsserver.exe"="C:\Program Files\Speed+\squid\ventcdnsserver.exe:*:Enabled:ventcdnsserver"
"C:\Program Files\Speed+\Configurator\ventcfg.exe"="C:\Program Files\Speed+\Configurator\ventcfg.exe:*:Enabled:ventcfg"
"C:\Program Files\Speed+\Configurator\VClientUpdate.exe"="C:\Program Files\Speed+\Configurator\VClientUpdate.exe:*:Enabled:VClientUpdate.exe"
"C:\Program Files\Speed+\Client\VentC.exe"="C:\Program Files\Speed+\Client\VentC.exe:*:Enabled:VentC.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62be75be-affd-11dd-ae91-00138f1c8fec}]
shell\AutoRun\command - I:\2.cmd
shell\explore\command - I:\2.cmd
shell\open\command - I:\2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff6ffd75-ac24-11dd-8a71-806d6172696f}]
shell\AutoRun\command - C:\2.cmd
shell\explore\command - C:\2.cmd
shell\open\command - C:\2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff6ffd76-ac24-11dd-8a71-806d6172696f}]
shell\AutoRun\command - E:\2.cmd
shell\explore\command - E:\2.cmd
shell\open\command - E:\2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff6ffd77-ac24-11dd-8a71-806d6172696f}]
shell\AutoRun\command - D:\2.cmd
shell\explore\command - D:\2.cmd
shell\open\command - D:\2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff6ffd78-ac24-11dd-8a71-806d6172696f}]
shell\AutoRun\command - F:\2.cmd
shell\explore\command - F:\2.cmd
shell\open\command - F:\2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff6ffd79-ac24-11dd-8a71-806d6172696f}]
shell\AutoRun\command - G:\2.cmd
shell\explore\command - G:\2.cmd
shell\open\command - G:\2.cmd


======List of files/folders created in the last 1 months======

2008-11-15 21:53:14 ----D---- C:\rsit
2008-11-15 21:53:14 ----D---- C:\Program Files\trend micro
2008-11-14 22:29:09 ----D---- C:\Program Files\LimeWire
2008-11-14 21:40:17 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-11-14 15:05:02 ----A---- C:\WINDOWS\system32\wbhelp2.dll
2008-11-14 15:04:58 ----D---- C:\Program Files\DAP
2008-11-13 23:46:07 ----D---- C:\Program Files\EVE Interactive
2008-11-13 16:50:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-11 23:40:19 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-11-11 23:15:21 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-11-11 23:13:41 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-11-11 23:12:46 ----D---- C:\Program Files\Common Files\Adobe
2008-11-11 23:12:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-11 23:12:14 ----D---- C:\Program Files\Adobe
2008-11-11 22:53:43 ----D---- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-11-11 22:53:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Flood Light Games
2008-11-11 01:17:34 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-09 18:54:01 ----D---- C:\Hrithik n Ranbir
2008-11-09 18:46:27 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-11-09 18:44:26 ----D---- C:\Program Files\Microsoft Works
2008-11-09 18:44:09 ----D---- C:\Program Files\MSBuild
2008-11-09 18:43:28 ----D---- C:\Program Files\Microsoft Visual Studio
2008-11-09 18:43:27 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-09 18:37:03 ----D---- C:\WINDOWS\SHELLNEW
2008-11-09 18:36:14 ----D---- C:\Program Files\Microsoft Office
2008-11-09 18:36:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-09 18:35:23 ----RHD---- C:\MSOCache
2008-11-09 18:08:41 ----D---- C:\WINDOWS\UfdApp
2008-11-06 23:00:06 ----A---- C:\WINDOWS\system32\h323log.txt
2008-11-06 22:55:44 ----A---- C:\WINDOWS\system32\usbui.dll
2008-11-06 22:54:20 ----A---- C:\WINDOWS\imsins.BAK
2008-11-06 22:54:16 ----SHD---- C:\WINDOWS\Installer
2008-11-06 22:54:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-06 22:54:15 ----D---- C:\Program Files\Common Files\ODBC
2008-11-06 22:54:15 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-06 22:54:12 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-11-06 22:54:11 ----RD---- C:\Program Files
2008-11-06 22:54:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-06 22:54:11 ----D---- C:\Program Files\Common Files
2008-11-06 22:54:09 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-11-06 22:54:09 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-11-06 22:54:09 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-11-06 22:54:07 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-11-06 22:54:05 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-11-06 22:54:05 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-11-06 22:54:05 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-11-06 22:54:05 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-11-06 22:54:05 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-11-06 22:54:05 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-11-06 22:54:05 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-11-06 22:54:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-11-06 22:54:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-11-06 22:54:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-11-06 22:54:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-11-06 22:54:04 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-11-06 22:54:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-11-06 22:53:59 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-11-06 22:53:59 ----A---- C:\WINDOWS\system32\irclass.dll
2008-11-06 22:53:59 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-11-06 22:53:59 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-11-06 22:53:59 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-11-06 22:53:57 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-11-06 22:53:57 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-11-06 22:53:57 ----A---- C:\WINDOWS\system32\batt.dll
2008-11-06 22:53:56 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-11-06 22:53:55 ----A---- C:\WINDOWS\system32\storprop.dll
2008-11-06 22:53:45 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-11-06 22:53:40 ----RA---- C:\WINDOWS\SET8.tmp
2008-11-06 22:53:36 ----RA---- C:\WINDOWS\SET4.tmp
2008-11-06 22:53:34 ----RA---- C:\WINDOWS\SET3.tmp
2008-11-06 22:53:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-06 22:53:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-06 22:53:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-06 22:53:05 ----A---- C:\WINDOWS\setuplog.txt
2008-11-06 22:53:01 ----D---- C:\Documents and Settings
2008-11-06 22:52:06 ----SH---- C:\boot.ini
2008-11-06 22:51:22 ----SHD---- C:\System Volume Information
2008-11-06 22:47:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-06 22:47:40 ----RSD---- C:\WINDOWS\Fonts
2008-11-06 22:47:40 ----RD---- C:\WINDOWS\Web
2008-11-06 22:47:40 ----HD---- C:\WINDOWS\inf
2008-11-06 22:47:40 ----D---- C:\WINDOWS\WinSxS
2008-11-06 22:47:40 ----D---- C:\WINDOWS\twain_32
2008-11-06 22:47:40 ----D---- C:\WINDOWS\Temp
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\wins
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\wbem
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\usmt
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\spool
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\ShellExt
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\Setup
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\ras
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\oobe
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\npp
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\mui
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\IME
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\icsxml
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\ias
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\export
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\drivers
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\dhcp
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\config
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\3com_dmi
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\3076
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\2052
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\1054
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\1042
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\1041
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\1037
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\1033
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\1031
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\1028
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32\1025
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system32
2008-11-06 22:47:40 ----D---- C:\WINDOWS\system
2008-11-06 22:47:40 ----D---- C:\WINDOWS\security
2008-11-06 22:47:40 ----D---- C:\WINDOWS\Resources
2008-11-06 22:47:40 ----D---- C:\WINDOWS\repair
2008-11-06 22:47:40 ----D---- C:\WINDOWS\Provisioning
2008-11-06 22:47:40 ----D---- C:\WINDOWS\PeerNet
2008-11-06 22:47:40 ----D---- C:\WINDOWS\pchealth
2008-11-06 22:47:40 ----D---- C:\WINDOWS\mui
2008-11-06 22:47:40 ----D---- C:\WINDOWS\msapps
2008-11-06 22:47:40 ----D---- C:\WINDOWS\msagent
2008-11-06 22:47:40 ----D---- C:\WINDOWS\Media
2008-11-06 22:47:40 ----D---- C:\WINDOWS\java
2008-11-06 22:47:40 ----D---- C:\WINDOWS\ime
2008-11-06 22:47:40 ----D---- C:\WINDOWS\Help
2008-11-06 22:47:40 ----D---- C:\WINDOWS\ehome
2008-11-06 22:47:40 ----D---- C:\WINDOWS\Driver Cache
2008-11-06 22:47:40 ----D---- C:\WINDOWS\Debug
2008-11-06 22:47:40 ----D---- C:\WINDOWS\Cursors
2008-11-06 22:47:40 ----D---- C:\WINDOWS\Connection Wizard
2008-11-06 22:47:40 ----D---- C:\WINDOWS\Config
2008-11-06 22:47:40 ----D---- C:\WINDOWS\AppPatch
2008-11-06 22:47:40 ----D---- C:\WINDOWS\addins
2008-11-06 22:47:40 ----D---- C:\WINDOWS
2008-11-06 22:11:21 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2008-11-06 22:11:21 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2008-11-06 22:11:21 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-11-06 22:11:21 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-06 22:11:13 ----D---- C:\Program Files\Alwil Software
2008-11-06 18:01:20 ----RSH---- C:\2.cmd
2008-11-06 18:01:20 ----RASH---- C:\autorun.inf.bak
2008-11-06 18:00:54 ----RSH---- C:\WINDOWS\system32\ckvo0.dll
2008-11-06 18:00:54 ----RSH---- C:\WINDOWS\system32\ckvo.exe
2008-11-06 17:57:36 ----D---- C:\Intel
2008-11-06 17:57:35 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-11-06 17:55:33 ----D---- C:\WINDOWS\OPTIONS
2008-11-06 17:55:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-06 17:54:54 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-06 17:54:54 ----A---- C:\WINDOWS\system32\igfxtray.exe
2008-11-06 17:54:54 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2008-11-06 17:54:52 ----A---- C:\WINDOWS\system32\igfxress.dll
2008-11-06 17:54:51 ----A---- C:\WINDOWS\system32\igfxpph.dll
2008-11-06 17:54:51 ----A---- C:\WINDOWS\system32\igfxhk.dll
2008-11-06 17:54:50 ----A---- C:\WINDOWS\system32\igfxext.exe
2008-11-06 17:54:50 ----A---- C:\WINDOWS\system32\igfxexps.dll
2008-11-06 17:54:50 ----A---- C:\WINDOWS\system32\igfxeud.dll
2008-11-06 17:54:50 ----A---- C:\WINDOWS\system32\igfxdo.dll
2008-11-06 17:54:50 ----A---- C:\WINDOWS\system32\igfxdiag.exe
2008-11-06 17:54:50 ----A---- C:\WINDOWS\system32\igfxdgps.dll
2008-11-06 17:54:50 ----A---- C:\WINDOWS\system32\igfxdev.dll
2008-11-06 17:54:50 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2008-11-06 17:54:50 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
2008-11-06 17:54:50 ----A---- C:\WINDOWS\system32\ialmrem.dll
2008-11-06 17:54:49 ----A---- C:\WINDOWS\system32\ialmgicd.dll
2008-11-06 17:54:49 ----A---- C:\WINDOWS\system32\ialmgdev.dll
2008-11-06 17:54:49 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
2008-11-06 17:54:49 ----A---- C:\WINDOWS\system32\ialmdev5.dll
2008-11-06 17:54:49 ----A---- C:\WINDOWS\system32\ialmdd5.dll
2008-11-06 17:54:49 ----A---- C:\WINDOWS\system32\iAlmCoIn_v13_1.dll
2008-11-06 17:54:49 ----A---- C:\WINDOWS\system32\hkcmd.exe
2008-11-06 17:54:49 ----A---- C:\WINDOWS\system32\hccutils.dll
2008-11-06 17:54:48 ----D---- C:\WINDOWS\Drivers
2008-11-06 17:54:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-06 17:53:29 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-11-06 17:53:21 ----A---- C:\WINDOWS\CMISETUP.INI
2008-11-06 17:53:21 ----A---- C:\WINDOWS\CMCDPLAY.INI
2008-11-06 17:53:20 ----A---- C:\WINDOWS\system32\udaprop.dll
2008-11-06 17:53:19 ----A---- C:\WINDOWS\system32\cmuda.dll
2008-11-06 17:53:19 ----A---- C:\WINDOWS\system32\cmirmdrv.exe
2008-11-06 17:53:19 ----A---- C:\WINDOWS\system32\cmirmdrv.dll
2008-11-06 17:53:17 ----A---- C:\WINDOWS\system32\Audio3D.dll
2008-11-06 17:53:17 ----A---- C:\WINDOWS\system32\a3d.dll
2008-11-06 17:53:15 ----A---- C:\WINDOWS\CMIUninstall.exe
2008-11-06 17:53:14 ----D---- C:\Program Files\C-Media 3D Audio
2008-11-06 17:53:14 ----A---- C:\WINDOWS\CmiRmRedundDir.exe
2008-11-06 17:53:14 ----A---- C:\WINDOWS\CMIRmDriver.dll
2008-11-06 17:52:59 ----A---- C:\WINDOWS\IsUninst.exe
2008-11-06 17:52:48 ----A---- C:\WINDOWS\Ascd_tmp.ini
2008-11-06 17:44:05 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2008-11-06 17:44:03 ----HD---- C:\Program Files\Uninstall Information
2008-11-06 17:43:55 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-11-06 17:43:54 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-11-06 17:43:44 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-06 17:43:42 ----D---- C:\WINDOWS\Prefetch
2008-11-06 17:43:41 ----SD---- C:\WINDOWS\system32\Microsoft
2008-11-06 17:43:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-06 17:38:51 ----D---- C:\WINDOWS\system32\xircom
2008-11-06 17:38:51 ----D---- C:\Program Files\xerox
2008-11-06 17:38:51 ----D---- C:\Program Files\microsoft frontpage
2008-11-06 17:38:02 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-06 17:37:56 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-11-06 17:36:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-06 17:36:37 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-06 17:36:37 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-06 17:36:28 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-06 17:36:21 ----HD---- C:\Program Files\WindowsUpdate
2008-11-06 17:35:58 ----D---- C:\WINDOWS\system32\DirectX
2008-11-06 17:35:39 ----A---- C:\WINDOWS\system32\atrace.dll
2008-11-06 17:35:37 ----A---- C:\WINDOWS\system32\desktop.ini
2008-11-06 17:35:36 ----A---- C:\WINDOWS\desktop.ini
2008-11-06 17:35:30 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-11-06 17:35:29 ----D---- C:\Program Files\Common Files\Services
2008-11-06 17:35:29 ----A---- C:\WINDOWS\system32\acctres.dll
2008-11-06 17:35:26 ----SD---- C:\WINDOWS\Tasks
2008-11-06 17:35:26 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-11-06 17:35:25 ----D---- C:\Program Files\Common Files\MSSoap
2008-11-06 17:35:22 ----D---- C:\WINDOWS\srchasst
2008-11-06 17:35:21 ----D---- C:\WINDOWS\system32\Macromed
2008-11-06 17:35:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-11-06 17:35:18 ----A---- C:\WINDOWS\system32\wups.dll
2008-11-06 17:35:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-11-06 17:35:18 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-11-06 17:35:18 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-11-06 17:35:18 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-11-06 17:35:17 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-11-06 17:35:17 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-11-06 17:35:17 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-11-06 17:35:17 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-11-06 17:35:17 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-11-06 17:35:17 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-11-06 17:35:17 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-11-06 17:35:13 ----D---- C:\Program Files\Movie Maker
2008-11-06 17:35:10 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-11-06 17:35:10 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-11-06 17:35:10 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-11-06 17:35:09 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-11-06 17:35:06 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-11-06 17:35:06 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-11-06 17:35:05 ----D---- C:\WINDOWS\system32\Restore
2008-11-06 17:35:05 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-11-06 17:35:05 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-11-06 17:35:05 ----A---- C:\WINDOWS\system32\srclient.dll
2008-11-06 17:35:05 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-11-06 17:35:05 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-11-06 17:35:05 ----A---- C:\WINDOWS\system32\ils.dll
2008-11-06 17:35:04 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-11-06 17:35:04 ----A---- C:\WINDOWS\system32\msconf.dll
2008-11-06 17:35:04 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-11-06 17:35:02 ----D---- C:\Program Files\NetMeeting
2008-11-06 17:35:02 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-11-06 17:35:02 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-11-06 17:35:01 ----A---- C:\WINDOWS\system32\inetres.dll
2008-11-06 17:35:00 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-11-06 17:34:59 ----D---- C:\Program Files\Outlook Express
2008-11-06 17:34:59 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-11-06 17:34:59 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-11-06 17:34:58 ----A---- C:\WINDOWS\system32\mstask.dll
2008-11-06 17:34:58 ----A---- C:\WINDOWS\system32\isign32.dll
2008-11-06 17:34:58 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-11-06 17:34:58 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-11-06 17:34:58 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-11-06 17:34:53 ----D---- C:\Program Files\Common Files\System
2008-11-06 17:34:50 ----D---- C:\Program Files\Internet Explorer
2008-11-06 17:34:00 ----D---- C:\Program Files\ComPlus Applications
2008-11-06 17:33:57 ----A---- C:\WINDOWS\vbaddin.ini
2008-11-06 17:33:57 ----A---- C:\WINDOWS\vb.ini
2008-11-06 17:33:52 ----D---- C:\WINDOWS\Registration
2008-11-06 17:33:43 ----D---- C:\Program Files\Windows Media Player
2008-11-06 17:33:43 ----D---- C:\Program Files\Online Services
2008-11-06 17:33:36 ----D---- C:\Program Files\Messenger
2008-11-06 17:33:32 ----D---- C:\Program Files\MSN Gaming Zone
2008-11-06 17:33:32 ----A---- C:\WINDOWS\system32\write.exe
2008-11-06 17:33:23 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-11-06 17:33:23 ----A---- C:\WINDOWS\system32\hticons.dll
2008-11-06 17:33:23 ----A---- C:\WINDOWS\system32\avwav.dll
2008-11-06 17:33:23 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-11-06 17:33:23 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-11-06 17:33:22 ----A---- C:\WINDOWS\system32\winchat.exe
2008-11-06 17:33:16 ----A---- C:\WINDOWS\system32\getuname.dll
2008-11-06 17:33:16 ----A---- C:\WINDOWS\system32\charmap.exe
2008-11-06 17:33:16 ----A---- C:\WINDOWS\system32\calc.exe
2008-11-06 17:33:15 ----A---- C:\WINDOWS\system32\winmine.exe
2008-11-06 17:33:15 ----A---- C:\WINDOWS\system32\sol.exe
2008-11-06 17:33:15 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-11-06 17:33:15 ----A---- C:\WINDOWS\system32\freecell.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\tskill.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\tscon.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\shadow.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\reset.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\regini.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-11-06 17:33:14 ----A---- C:\WINDOWS\system32\msg.exe
2008-11-06 17:33:13 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-11-06 17:33:13 ----A---- C:\WINDOWS\system32\logoff.exe
2008-11-06 17:33:13 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-11-06 17:33:13 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-11-06 17:33:12 ----A---- C:\WINDOWS\system32\stclient.dll
2008-11-06 17:33:12 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-11-06 17:33:12 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-11-06 17:33:12 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-11-06 17:33:12 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-11-06 17:33:12 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-11-06 17:33:12 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-11-06 17:33:07 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-11-06 17:32:57 ----D---- C:\Program Files\MSN
2008-11-06 17:32:56 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-11-06 17:32:56 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-11-06 17:32:56 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-11-06 17:32:55 ----D---- C:\Program Files\Windows NT
2008-11-06 17:32:55 ----A---- C:\WINDOWS\system32\spider.exe
2008-11-06 17:32:55 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-11-06 17:32:55 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-11-06 17:32:55 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-11-06 17:32:54 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-11-06 17:32:54 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-11-06 17:32:54 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-11-06 17:32:54 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-11-06 17:32:54 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-11-06 17:32:53 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-11-06 17:32:53 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-06 17:32:53 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-11-06 17:32:53 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-11-06 17:32:53 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-11-06 17:32:53 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-11-06 17:32:53 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-11-06 17:32:53 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-11-06 17:32:53 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-11-06 17:32:53 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-11-06 17:32:52 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-06 17:32:52 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-11-06 17:32:52 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-11-06 17:32:52 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-11-06 17:32:52 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-11-06 17:32:52 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-11-06 17:32:52 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-11-06 17:32:51 ----D---- C:\WINDOWS\system32\Com
2008-11-06 17:32:51 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-11-06 17:32:51 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-11-06 17:32:51 ----A---- C:\WINDOWS\system32\colbact.dll
2008-11-06 17:32:51 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-11-06 17:32:51 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-11-06 17:32:50 ----A---- C:\WINDOWS\system32\comuid.dll
2008-11-06 17:32:50 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-11-06 17:32:50 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-11-06 17:32:50 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-11-06 17:32:49 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-11-06 17:32:43 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-11-06 17:32:43 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-11-06 17:32:43 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-11-06 17:32:43 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2008-11-15 21:57:55 ----A---- C:\WINDOWS\ModemLog_SIT_1x_usbmodem #2.txt
2008-11-15 21:00:22 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-14 23:12:01 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-10 20:02:49 ----A---- C:\WINDOWS\ModemLog_SIT_1x_usbmodem.txt
2008-11-09 20:13:58 ----D---- C:\Documents and Settings\Administrator\Application Data\EditPlus 3
2008-11-09 18:37:27 ----A---- C:\WINDOWS\win.ini
2008-11-06 22:54:11 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2007-12-04 26624]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-12-04 42912]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2007-12-04 94544]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-12-04 23152]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-12-15 127248]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 sit_bus;SIT_1x_usbmodem Device; C:\WINDOWS\System32\Drivers\sit_bus.sys [2008-07-01 22144]
R3 sit_flt;SUNGIL USB Filter Service; C:\WINDOWS\system32\DRIVERS\sit_flt.sys [2008-07-01 4352]
R3 sit_mdm;SIT_1x_usbmodem ; C:\WINDOWS\System32\Drivers\sit_mdm.sys [2008-07-01 39680]
R3 sit_prt;SIT_1x_usbmodem Port; C:\WINDOWS\System32\Drivers\sit_prt.sys [2008-07-01 38656]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vwinter;Venturi Wireless Intercepter; \??\C:\WINDOWS\system32\drivers\vwinter.sys []
R3 vwredir;Venturi Wireless Redirector; \??\C:\WINDOWS\system32\drivers\vwredir.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-12-04 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007-12-04 140664]
R2 VenturiClient;Venturi Client; C:\Program Files\Speed+\Client\ventc.exe [2007-08-16 2475360]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2007-12-04 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007-12-04 345464]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-11 72704]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

aditya
2008-11-15, 18:41
info.txt logfile of random's system information tool 1.04 2008-11-15 21:53:19

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
avast! Antivirus-->rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
EditPlus 3-->C:\Program Files\EditPlus 3\remove.exe
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) SE Development Kit 6 Update 1-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Nero 7 Demo-->MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
Real Alternative 1.50-->"C:\Program Files\Real Alternative\unins000.exe"
Recover My Files-->"C:\Program Files\GetData\Recover My Files\unins000.exe"
Retail Virtual EVE-->MsiExec.exe /X{EDA2E9CA-8B7E-4BC0-9B0F-34B299555BF3}
RTLSetup for Realtek RTL8139/810x Family NIC 3.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Speed+-->C:\Program Files\InstallShield Installation Information\{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}\setup.exe -runfromtemp -l0x0009 -vuninstall -removeonly
TATA Indicom Dialer-->MsiExec.exe /I{9B5FE330-0E0C-4CE2-BD96-303E4E9827CE}
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Womens Murder Club Death In Scarlet-->"C:\Program Files\Womens Murder Club Death In Scarlet\ReflexiveArcade\unins000.exe"

======Security center information======

AV: avast! antivirus 4.7.1098 [VPS 071205-1] (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

katana
2008-11-15, 20:04
Information


REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire 4.16.6

Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

----------------------------------------------------------- -----------------------------------------------------------

Step 1


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------- -----------------------------------------------------------
Step 2


Flash Disinfector by sUBs
Please download Flash_Disinfector.exe (http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe) by sUBs and save it to your desktop:


* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.


Please restart your computer.

----------------------------------------------------------- -----------------------------------------------------------
Step 3


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See HERE (http://www.bleepingcomputer.com/forums/topic114351.html) for help

Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

----------------------------------------------------------- -----------------------------------------------------------
Step 4


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Now download and install Java Runtime Environment (JRE) (http://java.sun.com/javase/downloads/index.jsp).

----------------------------------------------------------- -----------------------------------------------------------
Step 5


Logs/Information to Post in Reply
Please post the following logs/Information in your reply

MalwareBytes Log
Combofix Log
How are things running now ?

aditya
2008-11-16, 12:48
Malwarebytes' Anti-Malware 1.30
Database version: 1401
Windows 5.1.2600 Service Pack 2

11/16/2008 3:07:25 PM
mbam-log-2008-11-16 (15-07-25).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 125055
Time elapsed: 1 hour(s), 7 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ckvo.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

aditya
2008-11-16, 12:49
ComboFix 08-11-13.02 - Administrator 2008-11-16 16:01:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.154 [GMT 5.5:30]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2.cmd
C:\Autorun.inf
c:\windows\system32\ckvo0.dll
D:\2.cmd
E:\2.cmd
E:\Autorun.inf
F:\2.cmd
F:\Autorun.inf
G:\2.cmd

.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-16 15:33 . 2008-11-16 15:33 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2008-11-16 13:53 . 2008-11-16 13:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-16 13:53 . 2008-11-16 13:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-16 13:53 . 2008-11-16 13:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-16 13:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-16 13:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 21:53 . 2008-11-15 21:53 <DIR> d-------- C:\rsit
2008-11-15 21:53 . 2008-11-15 22:05 <DIR> d-------- c:\program files\trend micro
2008-11-14 15:05 . 2008-11-14 15:05 479,298 --a------ c:\windows\system32\wbocx.ocx
2008-11-14 15:05 . 2008-11-14 15:05 172,032 --a------ c:\windows\system32\AniGIF.ocx
2008-11-14 15:05 . 2008-11-14 15:05 50,688 --a------ c:\windows\system32\wbhelp2.dll
2008-11-14 15:04 . 2008-11-14 15:52 <DIR> d-------- c:\program files\DAP
2008-11-14 15:03 . 2008-11-14 23:58 <DIR> d-------- c:\documents and settings\Administrator\.limewire
2008-11-13 23:46 . 2008-11-13 23:46 <DIR> d-------- c:\program files\EVE Interactive
2008-11-13 22:12 . 2004-08-04 00:56 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-11-13 22:12 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2008-11-13 22:12 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2008-11-13 22:12 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2008-11-13 22:12 . 2001-08-17 22:36 17,408 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2008-11-13 22:12 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2008-11-13 22:10 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2008-11-13 22:09 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2008-11-13 22:08 . 2004-08-03 22:41 404,990 --a--c--- c:\windows\system32\dllcache\slntamr.sys
2008-11-13 22:07 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2008-11-13 22:06 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2008-11-13 22:05 . 2004-08-04 00:56 4,274,816 --a--c--- c:\windows\system32\dllcache\nv4_disp.dll
2008-11-13 22:04 . 2004-08-04 00:56 1,737,856 --a--c--- c:\windows\system32\dllcache\mtxparhd.dll
2008-11-13 22:03 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2008-11-13 22:02 . 2001-08-17 13:28 727,786 --a--c--- c:\windows\system32\dllcache\ltck000c.sys
2008-11-13 22:01 . 2004-08-04 00:56 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2008-11-13 22:00 . 2004-08-03 22:41 1,041,536 --a--c--- c:\windows\system32\dllcache\hsfdpsp2.sys
2008-11-13 21:59 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2008-11-13 21:58 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2008-11-13 21:57 . 2001-08-17 22:36 419,357 --a--c--- c:\windows\system32\dllcache\dgconfig.dll
2008-11-13 21:56 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2008-11-13 21:55 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2008-11-13 21:54 . 2004-08-04 00:56 1,888,992 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2008-11-13 21:53 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys
2008-11-13 21:52 . 2004-08-03 23:18 2,148,352 --a--c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-13 21:52 . 2001-08-17 14:56 66,048 --a--c--- c:\windows\system32\dllcache\s3legacy.dll
2008-11-13 16:50 . 2008-11-13 16:50 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-11 23:15 . 2008-11-11 23:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-11-11 23:13 . 2008-11-11 23:13 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2008-11-11 23:12 . 2008-11-11 23:18 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-11 22:53 . 2008-11-11 22:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Flood Light Games
2008-11-11 22:53 . 2008-11-11 22:53 <DIR> d-------- c:\documents and settings\Administrator\Saved Games
2008-11-11 22:53 . 2008-11-11 22:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Flood Light Games
2008-11-09 18:54 . 2008-11-09 19:13 <DIR> d-------- C:\Hrithik n Ranbir
2008-11-09 18:46 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-11-09 18:44 . 2008-11-09 18:44 <DIR> d-------- c:\program files\MSBuild
2008-11-09 18:44 . 2008-11-09 18:44 <DIR> d-------- c:\program files\Microsoft Works
2008-11-09 18:37 . 2008-11-09 18:43 <DIR> d-------- c:\windows\SHELLNEW
2008-11-09 18:36 . 2008-11-09 18:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-09 18:35 . 2008-11-09 18:35 <DIR> dr-h----- C:\MSOCache
2008-11-09 18:08 . 2008-11-09 18:08 <DIR> d-------- c:\windows\UfdApp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 10:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-09 14:43 --------- d-----w c:\documents and settings\Administrator\Application Data\EditPlus 3
2008-11-06 16:41 --------- d-----w c:\program files\Alwil Software
2008-11-06 12:24 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-06 12:23 --------- d-----w c:\program files\C-Media 3D Audio
2008-11-06 12:08 --------- d-----w c:\program files\microsoft frontpage
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"Venturi Configurator"="c:\program files\Speed+\Configurator\ventcfg.exe" [2007-08-16 959880]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-11-14 4376328]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DriveGuard.lnk - c:\program files\WinDriveGuard\DriveGuard.exe [2004-06-01 434353]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Speed+\\squid\\ventcsquid.exe"=
"c:\\Program Files\\Speed+\\squid\\ventcdnsserver.exe"=
"c:\\Program Files\\Speed+\\Configurator\\ventcfg.exe"=
"c:\\Program Files\\Speed+\\Client\\VentC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\StubInstaller.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=

R2 VenturiClient;Venturi Client;c:\program files\Speed+\Client\ventc.exe [2004-06-01 2475360]
R3 sit_bus;SIT_1x_usbmodem Device;c:\windows\system32\Drivers\sit_bus.sys [2008-07-01 22144]
R3 sit_flt;SUNGIL USB Filter Service;c:\windows\system32\DRIVERS\sit_flt.sys [2008-07-01 4352]
R3 sit_mdm;SIT_1x_usbmodem ;c:\windows\system32\Drivers\sit_mdm.sys [2008-07-01 39680]
R3 sit_prt;SIT_1x_usbmodem Port;c:\windows\system32\Drivers\sit_prt.sys [2008-07-01 38656]
R3 vwinter;Venturi Wireless Intercepter;\??\c:\windows\system32\drivers\vwinter.sys [2004-06-01 47392]
R3 vwredir;Venturi Wireless Redirector;\??\c:\windows\system32\drivers\vwredir.sys [2004-06-01 85792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62be75be-affd-11dd-ae91-00138f1c8fec}]
\Shell\AutoRun\command - I:\2.cmd
\Shell\explore\Command - I:\2.cmd
\Shell\open\Command - I:\2.cmd

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EC04D97-5F10-DD1B-0306-020403060503}]
c:\windows\system32\SecSystem.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.in/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - c:\program files\DAP\dapextie.htm
O8 -: Download &all with DAP - c:\program files\DAP\dapextie2.htm
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{5235215B-ECD2-4B3A-B745-4BA44C4A4113}: NameServer = 202.54.29.5 202.54.10.2
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 16:02:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-16 16:03:57
ComboFix-quarantined-files.txt 2008-11-16 10:33:46

Pre-Run: 9,163,915,264 bytes free
Post-Run: 9,655,795,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

169

aditya
2008-11-16, 13:26
:bow:Everything back to normal... as if nothing happened...

THE GREATEST GIFT YOU CAN GIVE TO SOMEONE IS YOUR TIME

Even though my prblm was a piece of cake for you, you dedicated your valuable time to kick that viruses ass...(dats wat u love to do)

What kind of infection was my PC suffering frm?

And one more thing...
My college PC's are infected with all kinds of virus, worms, spyware/adware... that cause severe damage to the system.. so if i wanted files frm cllg's pc, how can i copy it into my system(frm my pen drive) without letting the virus enter my system???
(Sumtimes antivirus are not able to detect them(worst case scenario))

can copying frm MS-DOS(without opening the pen drive) prevent the virus frm entering at all????

:police:Thanks once again...

aditya
2008-11-16, 13:45
AND one more thing i forgot to ask...
When i click on log out the screen becomes gray like when we want to shut down/restart our system(in WIN XP)dat time the whole screen becomes gray... how do u apply this effect?? please tell me.. please..:)

katana
2008-11-16, 13:55
Even though my prblm was a piece of cake for you,
Only because I have spent a lot of time studying malware removal



What kind of infection was my PC suffering frm?
Exactly the same as last time, a USB infection


how can i copy it into my system(frm my pen drive) without letting the virus enter my system???
To be honest, I'm not sure how you managed to get infected this time.
The infection spreads by the USB autorun feature, and we disabled that last time you were here.
Have you re-enabled it ?



When i click on log out the screen becomes gray like when we want to shut down/restart our system(in WIN XP)dat time the whole screen becomes gray... how do u apply this effect?? please tell me.. please..:)
:laugh: I have no idea, that is a question for a Tech forum.


Let's make sure we got everything.

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.