can't enable automatic updates..

**ken545** · 2008-10-05, 18:12

Hello,

Bitfrost <-- Are you aware that this program is installed and do you use it??

You also have entries on your Combofix log for these, although it does not look like the programs are installed, did you uninstall these at one time??
uTorrent
BearShare

Please read our policy

We have noticed that many people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we changed our malware forum's policy on the use of P2P file sharing programs.

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programs, volunteer analysts will refuse their help.

We do not ask you to do this without reason.

P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You also have marker on your Combofix log for the Lop Infection

Lets proceed like this, if uTorrent and Bearshare are in your Add Remove Programs than uninstall them.

Please Download No Lop to your desktop

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labeled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should pop-up from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log after completing the next steps.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

Drag Combofix to the trash and grab a fresh copy via the links I provided earlier, its updated on a regular basis, download it to your desktop but don't run it yet

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

Code:

File::
C:\WINDOWS\system32\prxfnsdc.dll

Folder::
C:\Documents and Settings\Administrator\Application Data\uTorrent
C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes
C:\Program Files\BearShare

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM5b7b2d32"=-

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Post the NoLop log, the new Combofix log and a new HJT log please, if they won't fit all in one reply take as many replies as you need to post them all

**sayanwader** · 2008-10-06, 16:53

about the Bitfrost ,i deleted it manually bcoz it was opening unnecessary sites..thought it was also a malware..

**sayanwader** · 2008-10-06, 16:54

i've uninstalled bearshare and utorrent..
and here r the logs:

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:23 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VIA\RAID\raid_tool.exe
H:\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Real Player\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - g:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - G:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Babylon Client] g:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Veoh] "G:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Nokia.PCSync] "G:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "G:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: RocketDock.lnk = H:\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Download All with FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Translate with &Babylon - res://G:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - g:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - g:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1223009094218
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D2FBEEC-67B0-41B0-AA9B-EEA32046BCD3}: NameServer = 218.248.240.181 218.248.240.23
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5621 bytes

**sayanwader** · 2008-10-06, 16:55

NoLop! Log :

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Administrator\Desktop
[10/6/2008]
[8:12:35 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Babylon
C:\Documents and Settings\Administrator\Application Data\Eset
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Malwarebytes
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\Nokia
C:\Documents and Settings\Administrator\Application Data\Openoffice.org2
C:\Documents and Settings\Administrator\Application Data\Pc Suite
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes
C:\Documents and Settings\Administrator\Application Data\Tuneup Software
C:\Documents and Settings\Administrator\Application Data\Utorrent
C:\Documents and Settings\Administrator\Application Data\Vlc
C:\Documents and Settings\Administrator\Application Data\Winamp
C:\Documents and Settings\Administrator\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Babylon
C:\Documents and Settings\All Users\Application Data\Eset
C:\Documents and Settings\All Users\Application Data\Hagel Technologies
C:\Documents and Settings\All Users\Application Data\Installations
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nos
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft

**sayanwader** · 2008-10-06, 16:55

ComboFix log:

ComboFix 08-10-05.08 - Administrator 2008-10-06 20:14:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.627 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\prxfnsdc.dll
.
/wow section - STAGE 41

/wow section - STAGE 47
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes
C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes\CubeDesktop\Wallpapers\1.bmp
C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes\CubeDesktop\Wallpapers\2.bmp
C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes\CubeDesktop\Wallpapers\3.bmp
C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes\CubeDesktop\Wallpapers\4.bmp
C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes\CubeDesktop\Wallpapers\5.bmp
C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes\CubeDesktop\Wallpapers\6.bmp
C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes\CubeDesktop\Wallpapers\system.bmp
C:\Documents and Settings\Administrator\Application Data\uTorrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\[CD]Limp.Bizkit-Chocolate.Starfish.and.Hot.Dog.Flavoured.Water.torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\Born to Run [FLAC].torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\BRYAN ADAMS[THE BEST OF ME ALBUM][CD320K RIP]-JOCKTHERIPPER.torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\Coldplay - Viva La Vida.torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\dht.dat
C:\Documents and Settings\Administrator\Application Data\uTorrent\dht.dat.old
C:\Documents and Settings\Administrator\Application Data\uTorrent\DJ Fade {ny}Akon, T-pain - Konvict Muziik Part 2.torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\Eminem Discography (1995-2005).torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\IRON_MAIDEN B_O_B.torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\Jay-Z-American_Gangster-Retail-2007-CR.torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\Metallica - Death Magnetic [2008][CD+SkidVid_XviD+Cov].torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\Metallica.torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\Ozzy Osbourne - Discography.torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\Papa Roach Discography.torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\resume.dat
C:\Documents and Settings\Administrator\Application Data\uTorrent\resume.dat.old
C:\Documents and Settings\Administrator\Application Data\uTorrent\rss.dat
C:\Documents and Settings\Administrator\Application Data\uTorrent\rss.dat.old
C:\Documents and Settings\Administrator\Application Data\uTorrent\settings.dat
C:\Documents and Settings\Administrator\Application Data\uTorrent\settings.dat.old
C:\Documents and Settings\Administrator\Application Data\uTorrent\System of a Down - 5 Albums (MP3@320Kbps).torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\System Of A Down - Toxicity.torrent
C:\Documents and Settings\Administrator\Application Data\uTorrent\VA-Lil_Wayne_And_T-Pain-The_T-Wayne_Show-(Bootleg)-2008-CR.torrent
C:\Program Files\BearShare
C:\Program Files\BearShare\Logs\console.txt

.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.

2008-10-06 20:12 . 2008-10-06 20:12 106 --a------ C:\delete.bat
2008-10-06 20:11 . 2008-10-06 20:12 1,066,176 --a------ C:\WINDOWS\system32\mscomctl.ocx
2008-10-06 19:17 . 2008-10-06 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-10-06 19:17 . 2008-10-06 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Babylon
2008-10-06 07:08 . 2008-10-06 07:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-10-06 07:08 . 2008-10-06 07:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-10-06 07:08 . 2008-10-06 07:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2008-10-06 06:48 . 2008-10-06 06:48 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-10-06 06:48 . 2008-10-06 06:48 <DIR> d-------- C:\Program Files\DIFX
2008-10-06 06:48 . 2008-10-06 06:48 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-10-06 06:48 . 2008-10-06 06:48 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-10-06 06:48 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-10-06 06:47 . 2008-10-06 06:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-06 06:47 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-10-06 06:46 . 2008-10-06 06:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-10-06 06:43 . 2008-10-06 06:43 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-06 06:25 . 2008-10-06 06:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-10-06 06:25 . 2005-02-24 20:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-05 11:24 . 2008-10-05 11:24 19 --a------ C:\disconn.bat
2008-10-04 17:30 . 2008-10-04 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-04 17:30 . 2008-10-04 17:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-10-04 17:30 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 17:30 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-04 15:29 . 2008-10-04 15:29 <DIR> d-------- C:\Program Files\Lonely Cat Games
2008-10-02 21:36 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-10-02 21:36 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-10-02 21:36 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-10-02 21:36 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-10-02 21:36 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-02 15:12 . 2008-10-02 15:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2008-10-02 11:30 . 2008-10-02 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-10-02 11:30 . 2008-10-02 11:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-10-02 11:30 . 2008-10-02 11:30 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-10-02 11:30 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-10-02 11:29 . 2008-10-02 11:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-02 10:13 . 2008-10-06 17:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-10-01 22:45 . 2008-10-01 22:45 <DIR> d-------- C:\Documents and Settings\sayan sajith
2008-10-01 22:31 . 2004-08-03 18:07 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-01 22:27 . 2008-10-01 22:27 11 --a------ C:\shutpc.bat
2008-10-01 22:26 . 2008-10-01 22:26 26 --a------ C:\conn.bat
2008-10-01 14:47 . 2008-10-01 15:29 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-01 14:33 . 2008-10-01 14:44 <DIR> d-------- C:\Program Files\SpyZooka
2008-10-01 14:32 . 2008-10-01 14:32 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-10-01 13:56 . 2008-10-01 23:23 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-10-01 10:41 . 2008-10-01 10:41 24,250 --a------ C:\WINDOWS\Aware40.mch
2008-10-01 10:40 . 2008-10-01 10:41 <DIR> d-------- C:\WINDOWS\A4W_DATA
2008-10-01 10:40 . 2008-10-01 10:40 35 --a------ C:\WINDOWS\A4W.INI
2008-10-01 10:38 . 2008-10-01 10:39 <DIR> d-------- C:\Program Files\Pals e-Dictionary
2008-09-30 21:40 . 2008-10-04 17:58 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-30 19:27 . 2008-10-01 16:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-30 19:14 . 2008-10-02 20:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2008-09-30 17:26 . 2008-09-30 17:26 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-30 17:01 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-09-30 17:01 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-09-30 17:01 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-09-30 17:01 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-09-30 16:48 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-30 16:46 . 2008-09-30 16:46 <DIR> d-------- C:\Program Files\NOS
2008-09-30 16:46 . 2008-10-01 13:53 <DIR> d-------- C:\Program Files\Java
2008-09-30 16:46 . 2008-09-30 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-30 16:44 . 2008-09-30 16:45 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-09-30 16:44 . 2008-09-30 16:44 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-30 16:26 . 2008-09-30 16:26 <DIR> d-------- C:\Program Files\%temp&
2008-09-30 16:26 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-09-30 16:25 . 2008-09-30 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ESET
2008-09-30 16:23 . 2008-09-30 16:23 <DIR> d-------- C:\Program Files\ESET
2008-09-30 16:23 . 2008-09-30 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-09-30 16:04 . 2008-09-30 16:04 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
2008-09-30 15:58 . 2008-09-30 15:58 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-30 15:54 . 2008-09-30 15:54 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-09-30 15:53 . 2008-09-30 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-30 15:53 . 2008-09-30 15:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-09-30 15:51 . 2004-07-30 01:15 28,160 --a------ C:\WINDOWS\system32\tuscaenc.dll
2008-09-30 15:48 . 2008-09-30 15:48 53,248 --a------ C:\WINDOWS\system32\suppdll.dll
2008-09-30 15:48 . 2008-09-30 15:48 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-09-30 15:46 . 2008-10-05 18:45 2,764 --a------ C:\WINDOWS\system32\$$$mclip.cfg
2008-09-30 15:43 . 2008-09-30 15:43 <DIR> d-------- C:\Program Files\Jiao System, Ltd.VCDCutter
2008-09-30 15:43 . 2008-09-30 15:46 564 --a------ C:\WINDOWS\system\cdplayer.dat
2008-09-30 15:38 . 2008-09-30 15:38 <DIR> d-------- C:\Program Files\VstPlugins
2008-09-30 15:38 . 2008-09-30 15:38 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2008-09-30 15:38 . 2002-07-07 15:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-09-30 15:38 . 2006-06-20 01:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-09-30 15:37 . 2008-09-30 15:37 <DIR> d-------- C:\Program Files\Outsim
2008-09-30 15:37 . 2008-09-30 23:00 <DIR> d-------- C:\Program Files\Image-Line
2008-09-30 15:35 . 2008-09-30 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-30 15:32 . 2008-09-30 15:35 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-30 15:27 . 2008-09-30 15:27 <DIR> d-------- C:\Program Files\Google
2008-09-30 15:25 . 2008-09-30 15:25 <DIR> d-------- C:\Program Files\SlySoft
2008-09-30 15:21 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-09-30 15:18 . 2008-09-30 15:18 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-30 15:18 . 2008-09-30 15:18 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-30 15:18 . 2008-09-30 15:18 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-09-30 15:18 . 2008-09-30 15:18 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-09-30 15:12 . 2007-03-07 13:27 4,245,008 --a------ C:\WINDOWS\system32\qtp-mt334.dll
2008-09-30 15:12 . 2007-03-07 13:27 247,824 --a------ C:\WINDOWS\system32\prgiso.dll
2008-09-30 15:12 . 2007-03-07 13:27 38,448 --a------ C:\WINDOWS\system32\drivers\hotcore3.sys
2008-09-30 15:12 . 2007-03-07 13:27 13,840 --a------ C:\WINDOWS\system32\wnaspi32.dll
2008-09-30 15:10 . 2008-09-30 15:10 <DIR> d-------- C:\Program Files\DU Meter
2008-09-30 15:10 . 2008-09-30 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-09-30 14:56 . 2008-09-30 14:56 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-30 14:56 . 2008-09-30 14:56 55,466 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-09-30 14:55 . 2008-09-30 14:55 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-09-30 14:55 . 2008-09-30 14:56 4,590 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-30 14:54 . 2008-09-30 14:54 <DIR> d-------- C:\DOWNLOADS
2008-09-30 14:54 . 2008-09-30 14:54 <DIR> d-------- C:\!Temp
2008-09-30 14:48 . 2008-09-30 14:48 <DIR> d-------- C:\POD
2008-09-30 14:48 . 2008-09-30 14:48 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-30 14:48 . 1996-11-05 16:19 247,648 --a------ C:\WINDOWS\UNINST16.EXE
2008-09-30 14:48 . 1995-07-13 18:43 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2008-09-30 14:48 . 2008-10-06 19:47 208 --a------ C:\WINDOWS\POD.INI
2008-09-30 14:48 . 2008-09-30 14:48 8 --a------ C:\WINDOWS\Q.TRD
2008-09-30 14:48 . 2008-09-30 14:48 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-09-30 14:43 . 2008-09-30 14:43 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-09-30 14:43 . 2008-09-30 14:43 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-09-30 14:43 . 2008-09-30 14:43 <DIR> d-------- C:\Program Files\AvRack
2008-09-30 14:42 . 2008-09-30 14:44 <DIR> d-------- C:\Program Files\VIA
2008-09-30 14:42 . 2008-10-04 17:59 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-30 14:42 . 2008-09-30 14:42 <DIR> d-------- C:\Program Files\AMD
2008-09-30 14:42 . 2005-03-07 19:50 3,453,824 -ra------ C:\WINDOWS\system32\vtdisp.dll
2008-09-30 14:41 . 2008-09-30 14:43 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-09-30 14:41 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-30 14:40 . 2004-10-05 16:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-09-30 14:35 . 2008-09-30 14:35 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-30 14:17 . 2008-09-30 14:17 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-30 14:17 . 2008-09-30 14:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 21:56 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:08 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
.

------- Sigcheck -------

2008-06-23 08:38 659456 9eea04bc4c3fa521d256d89940fab4db C:\WINDOWS\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp2gdr\wininet.dll
2008-06-23 09:12 667136 611ace3f4201e9610af8452f7c268995 C:\WINDOWS\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp2qfe\wininet.dll
2008-06-23 08:09 666112 f12fbb673de9cc802c5dc518fe99aa2f C:\WINDOWS\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp3gdr\wininet.dll
2008-06-23 07:54 666624 972299b7241ec325d8c7e5638c884925 C:\WINDOWS\SoftwareDistribution\Download\1c0a4d9681e4b56278490848f7545aa5\sp3qfe\wininet.dll
2004-08-03 18:07 690176 3a5ee0514f56b1b775d7641cfba5ad37 C:\WINDOWS\system32\wininet.dll
2004-08-03 18:07 690176 3a5ee0514f56b1b775d7641cfba5ad37 C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-03 18:07 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\explorer.exe
2004-08-03 18:07 974336 a5c1f2cf7c31874e66478910b43d6513 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-05_21.14.27.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-06 13:48:30 10,134 ----a-r C:\WINDOWS\Installer\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}\ARPPRODUCTICON.exe
+ 2008-10-06 13:49:20 15,086 ----a-r C:\WINDOWS\Installer\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\ARPPRODUCTICON.exe
+ 2008-10-06 13:48:09 3,262 ----a-r C:\WINDOWS\Installer\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}\ARPPRODUCTICON.exe
+ 2003-03-19 02:05:50 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
+ 2007-03-30 06:00:40 203,264 ----a-r C:\WINDOWS\system32\CddbCdda.dll
+ 2008-05-07 14:38:20 17,536 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmb.sys
+ 2008-05-07 14:38:24 90,624 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcls.dll
+ 2008-05-07 14:38:34 659,968 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcocls.dll
+ 2008-05-07 14:39:22 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\wdfcoinstaller01005.dll
+ 2008-05-07 14:38:36 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbcj_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerfltj.sys
+ 2008-06-06 16:24:44 8,064 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbm_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerflt.sys
+ 2008-05-07 14:38:20 20,864 -c--a-w C:\WINDOWS\system32\DRVSTORE\ccdcmbo_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmbo.sys
+ 2007-09-17 22:53:26 21,632 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys
+ 2008-05-20 17:37:00 525,824 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\PCCSWpdDriver.dll
+ 2008-05-20 17:32:30 831,048 -c--a-w C:\WINDOWS\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\WudfUpdate_01005.dll
+ 2003-03-19 04:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2003-03-19 04:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
- 2005-05-03 19:58:20 13,536 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2005-02-25 03:35:05 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-12-02 05:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 07:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 07:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 07:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Veoh"="G:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"Nokia.PCSync"="G:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="G:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 1582616]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-04-23 1443072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-30 185896]
"Babylon Client"="g:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-02-14 3165920]
"VTTimer"="VTTimer.exe" [2005-03-07 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-10 C:\WINDOWS\system32\VTTrayp.exe]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
RocketDock.lnk - H:\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-09-30 585728]

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 G:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 12:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-30 20:58 133104 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 14:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-07-07 00:34 167936 H:\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-09-30 15:18 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-09-26 19:14 3660848 G:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"getPlus(R) Helper"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"G:\\Program Files\\FlashGet\\flashget.exe"=
"G:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 38448]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-02 307968]
S4 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8540f86f-90b3-11dd-af32-000fea9f72b5}]
\Shell\AutoRun\command - AutoRun\AutoStart.exe
\Shell\Explore\Command - AutoRun\AutoStart.exe
\Shell\Open\Command - AutoRun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8540f870-90b3-11dd-af32-000fea9f72b5}]
\Shell\AutoRun\command - AutoRun\AutoStart.exe
\Shell\Explore\Command - AutoRun\AutoStart.exe
\Shell\Open\Command - AutoRun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9245485c-8f38-11dd-80c9-000fea9f72b5}]
\Shell\AutoRun\command - AutoRun\AutoStart.exe
\Shell\Explore\Command - AutoRun\AutoStart.exe
\Shell\Open\Command - AutoRun\AutoStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{99DA742A-B779-C873-FF30-45979E1478C8}]
C:\WINDOWS\system32\Bifrost\server.exe s
.
Contents of the 'Scheduled Tasks' folder

2008-10-07 C:\WINDOWS\Tasks\1-Click Maintenance.job
- G:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:24]

2008-10-06 C:\WINDOWS\Tasks\bear.job
- C:\Program Files\BearShare\Bearshare.exe []

2008-10-06 C:\WINDOWS\Tasks\connect.job
- C:\conn.bat [2008-10-01 22:26]

2008-10-03 C:\WINDOWS\Tasks\discon.job
- C:\disconn.bat [2008-10-05 11:24]

2008-10-03 C:\WINDOWS\Tasks\shut.job
- C:\shutpc.bat [2008-10-01 22:27]

2008-10-06 C:\WINDOWS\Tasks\torr.job
- G:\Program Files\uTorrent\uTorrent.exe []

2008-10-06 C:\WINDOWS\Tasks\veo.job
- G:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 19:14]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 20:16:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\sccfg.sys 264 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-10-06 20:18:20
ComboFix-quarantined-files.txt 2008-10-07 03:18:10
ComboFix2.txt 2008-10-06 04:14:54

Pre-Run: 924,119,040 bytes free
Post-Run: 916,832,256 bytes free

348 --- E O F --- 2008-10-06 13:25:36

**sayanwader** · 2008-10-06, 16:57

i forgot to tell u, "I GOT MY AUTOMATIC UPDATES ACTIVATED"

thanks pal..

**ken545** · 2008-10-06, 18:36

Please download OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\prxfnsdc.dll
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Post the OTMoveIt log and a new HJT log and let me know how things are running now???

**sayanwader** · 2008-10-07, 19:05

OTMoveIt log:

File/Folder C:\WINDOWS\system32\prxfnsdc.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10072008_100121

HijackThis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:40 AM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
H:\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Real Player\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - g:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - G:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Babylon Client] g:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - Startup: RocketDock.lnk = H:\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Download All with FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Translate with &Babylon - res://G:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - g:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - g:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1223009094218
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D2FBEEC-67B0-41B0-AA9B-EEA32046BCD3}: NameServer = 218.248.240.181 218.248.240.23
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5201 bytes

**sayanwader** · 2008-10-07, 19:06

thanks pal

...everything is working fine now..i can enable automatic updates and downloaded some patches..

is evertyhing ok now?

**ken545** · 2008-10-07, 19:31

Looking good

OTMoveIt <---Drag it to the trash

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Hijackthis <---Your call, hopefully you won't need it again, if you do you can redownload it

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
TonyKlein CastleCops
Grinler BleepingComputer
GeeksTo Go
Dslreports

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

Thread: can't enable automatic updates..

Thread Tools

Display

Tags for this Thread

Posting Permissions