Jump to content

Trojan and Rootkit trace


Recommended Posts

Hi,

I need help to remove the (C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) and HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) from my system.

Each time I run the Malware ,It says it will delete it on restart but every time I restart it will find it again.

Here is the log of my quick scan.

I tried to update the Malware Bytes But I got the error code 732 (0,0).

Please some one help me. Thank you for spending your valuable time on this.

==========================================================

Malwarebytes' Anti-Malware 1.40

Database version: 2551

Windows 5.1.2600 Service Pack 3

8/24/2009 10:00:26 PM

mbam-log-2009-08-24 (22-00-26).txt

Scan type: Quick Scan

Objects scanned: 102009

Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

==============================================================

Thanks

Link to post
Share on other sites

Hi. :lol:

Download ComboFix from one of the locations below, and save it to your Desktop as something.exe

Double click something.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

Hi. :D

Download ComboFix from one of the locations below, and save it to your Desktop as something.exe

Double click something.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

Thanks a lot for spending your valuable time in helping me.

Here is the Combofix logs. Please instruct further directions.

=============================================================================

ComboFix 09-08-26.05 - shaanu 08/26/2009 20:14.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1433 [GMT -5:00]

Running from: c:\documents and settings\shaanu\Desktop\test1234.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\gyvecak.bin

c:\documents and settings\All Users\Application Data\hucyvac.com

c:\documents and settings\All Users\Application Data\sikykuj.sys

c:\documents and settings\All Users\Application Data\tibe._sy

c:\documents and settings\All Users\Application Data\unypixuj.ban

c:\documents and settings\All Users\Application Data\xidyliw._sy

c:\documents and settings\All Users\Application Data\yvigyda.bin

c:\documents and settings\All Users\Documents\hevirab.inf

c:\documents and settings\shaanu\Application Data\fasy.inf

c:\documents and settings\shaanu\Application Data\felocety.com

c:\documents and settings\shaanu\Application Data\itysaticu.sys

c:\documents and settings\shaanu\Application Data\kymuzetibo.pif

c:\documents and settings\shaanu\Application Data\lujezug.bin

c:\documents and settings\shaanu\Application Data\odyvezor.ban

c:\documents and settings\shaanu\Cookies\vijocuxi.dat

c:\documents and settings\shaanu\Local Settings\Application Data\ekosicaj.com

c:\documents and settings\shaanu\Local Settings\Application Data\ilecunebaw.vbs

c:\documents and settings\shaanu\Local Settings\Application Data\izapam.bat

c:\documents and settings\shaanu\Local Settings\Temporary Internet Files\ukobad.sys

c:\program files\Common Files\akalevom.ban

c:\program files\Common Files\taxevu.sys

c:\program files\Common Files\wakubuc.dll

c:\windows\AegisP.inf

c:\windows\atozipom.inf

c:\windows\evuto.ban

c:\windows\Installer\1beb8d7.msp

c:\windows\Installer\1beb8dd.msp

c:\windows\Installer\1beb93f.msp

c:\windows\Installer\1beb945.msp

c:\windows\Installer\1e379b6.msp

c:\windows\Installer\1e37a0e.msp

c:\windows\Installer\1e37a15.msp

c:\windows\Installer\1e37a1a.msp

c:\windows\Installer\24e93.msp

c:\windows\Installer\24e9a.msp

c:\windows\Installer\24ef2.msp

c:\windows\Installer\24ef7.msp

c:\windows\Installer\253f7bf.msp

c:\windows\Installer\253f7c5.msp

c:\windows\Installer\253f827.msp

c:\windows\Installer\253f82d.msp

c:\windows\Installer\25e04.msp

c:\windows\Installer\25e09.msp

c:\windows\Installer\25e5e.msp

c:\windows\Installer\25e63.msp

c:\windows\Installer\2640f.msp

c:\windows\Installer\26467.msp

c:\windows\Installer\2646e.msp

c:\windows\Installer\26473.msp

c:\windows\Installer\26d08.msp

c:\windows\Installer\26d0f.msp

c:\windows\Installer\26d67.msp

c:\windows\Installer\26d6c.msp

c:\windows\Installer\2739f.msp

c:\windows\Installer\273a5.msp

c:\windows\Installer\27407.msp

c:\windows\Installer\2740d.msp

c:\windows\Installer\2743c.msp

c:\windows\Installer\27441.msp

c:\windows\Installer\27496.msp

c:\windows\Installer\2749b.msp

c:\windows\Installer\274c0.msp

c:\windows\Installer\274c6.msp

c:\windows\Installer\27528.msp

c:\windows\Installer\2752e.msp

c:\windows\Installer\277b6.msp

c:\windows\Installer\27822.msp

c:\windows\Installer\2782a.msp

c:\windows\Installer\2783a.msp

c:\windows\Installer\27ad3.msp

c:\windows\Installer\27b2b.msp

c:\windows\Installer\27b32.msp

c:\windows\Installer\27b37.msp

c:\windows\Installer\27df0.msp

c:\windows\Installer\27e48.msp

c:\windows\Installer\27e4f.msp

c:\windows\Installer\27e54.msp

c:\windows\Installer\28562.msp

c:\windows\Installer\285ba.msp

c:\windows\Installer\285c1.msp

c:\windows\Installer\285c6.msp

c:\windows\Installer\2868b.msp

c:\windows\Installer\28691.msp

c:\windows\Installer\28699.msp

c:\windows\Installer\286a5.msp

c:\windows\Installer\286ab.msp

c:\windows\Installer\2889e.msp

c:\windows\Installer\288a4.msp

c:\windows\Installer\28901.msp

c:\windows\Installer\28907.msp

c:\windows\Installer\28cb5.msp

c:\windows\Installer\28cba.msp

c:\windows\Installer\28d0f.msp

c:\windows\Installer\28d14.msp

c:\windows\Installer\28d42.msp

c:\windows\Installer\28da2.msp

c:\windows\Installer\28daa.msp

c:\windows\Installer\28db0.msp

c:\windows\Installer\29acf.msp

c:\windows\Installer\29ad7.msp

c:\windows\Installer\29b37.msp

c:\windows\Installer\29b3d.msp

c:\windows\Installer\2a5db.msp

c:\windows\Installer\2a5e2.msp

c:\windows\Installer\2a5e7.msp

c:\windows\Installer\2a7b0.msp

c:\windows\Installer\2a7b6.msp

c:\windows\Installer\2a7be.msp

c:\windows\Installer\2a7ca.msp

c:\windows\Installer\2a7d0.msp

c:\windows\Installer\2aa01.msp

c:\windows\Installer\2aa59.msp

c:\windows\Installer\2aa60.msp

c:\windows\Installer\2aa65.msp

c:\windows\Installer\2aadc.msp

c:\windows\Installer\2aae4.msp

c:\windows\Installer\2ab44.msp

c:\windows\Installer\2ab4a.msp

c:\windows\Installer\2af80.msp

c:\windows\Installer\2af86.msp

c:\windows\Installer\2af8e.msp

c:\windows\Installer\2afd582.msp

c:\windows\Installer\2afd5e2.msp

c:\windows\Installer\2afd5ea.msp

c:\windows\Installer\2afd5f0.msp

c:\windows\Installer\2afee.msp

c:\windows\Installer\2affd.msp

c:\windows\Installer\2b05d.msp

c:\windows\Installer\2b065.msp

c:\windows\Installer\2b06b.msp

c:\windows\Installer\2b7bd.msp

c:\windows\Installer\2b7c4.msp

c:\windows\Installer\2b7c9.msp

c:\windows\Installer\2b905.msp

c:\windows\Installer\2b90d.msp

c:\windows\Installer\2b96d.msp

c:\windows\Installer\2b973.msp

c:\windows\Installer\2bd7a.msp

c:\windows\Installer\2bd80.msp

c:\windows\Installer\2bde2.msp

c:\windows\Installer\2bde8.msp

c:\windows\Installer\2be06.msp

c:\windows\Installer\2be0c.msp

c:\windows\Installer\2be69.msp

c:\windows\Installer\2be6f.msp

c:\windows\Installer\2c421.msp

c:\windows\Installer\2c428.msp

c:\windows\Installer\2c480.msp

c:\windows\Installer\2c485.msp

c:\windows\Installer\2c4bd.msp

c:\windows\Installer\2c51d.msp

c:\windows\Installer\2c525.msp

c:\windows\Installer\2c52b.msp

c:\windows\Installer\2c8c4.msp

c:\windows\Installer\2c919.msp

c:\windows\Installer\2c91e.msp

c:\windows\Installer\2ca004d.msp

c:\windows\Installer\2ca00a5.msp

c:\windows\Installer\2ca00ac.msp

c:\windows\Installer\2ca00b1.msp

c:\windows\Installer\2cc3f.msp

c:\windows\Installer\2cc9f.msp

c:\windows\Installer\2cca7.msp

c:\windows\Installer\2ccad.msp

c:\windows\Installer\2cd0a.msp

c:\windows\Installer\2cd11.msp

c:\windows\Installer\2cd16.msp

c:\windows\Installer\2d121.msp

c:\windows\Installer\2d127.msp

c:\windows\Installer\2d184.msp

c:\windows\Installer\2d18a.msp

c:\windows\Installer\2d334.msp

c:\windows\Installer\2d394.msp

c:\windows\Installer\2d39c.msp

c:\windows\Installer\2d3a2.msp

c:\windows\Installer\2d41904.msp

c:\windows\Installer\2d4190c.msp

c:\windows\Installer\2d4196c.msp

c:\windows\Installer\2d41972.msp

c:\windows\Installer\2d547.msp

c:\windows\Installer\2d54d.msp

c:\windows\Installer\2d567.msp

c:\windows\Installer\2d56e.msp

c:\windows\Installer\2d573.msp

c:\windows\Installer\2d5aa.msp

c:\windows\Installer\2d5b0.msp

c:\windows\Installer\2db04.msp

c:\windows\Installer\2db0a.msp

c:\windows\Installer\2db6c.msp

c:\windows\Installer\2db994e.msp

c:\windows\Installer\2db9a4b.msp

c:\windows\Installer\2db9a50.msp

c:\windows\Installer\2dd08.msp

c:\windows\Installer\2dd60.msp

c:\windows\Installer\2dd67.msp

c:\windows\Installer\2dd6c.msp

c:\windows\Installer\2e092.msp

c:\windows\Installer\2e098.msp

c:\windows\Installer\2e0a0.msp

c:\windows\Installer\2e100.msp

c:\windows\Installer\2e107.msp

c:\windows\Installer\2e10d.msp

c:\windows\Installer\2e5e1.msp

c:\windows\Installer\2e5e7.msp

c:\windows\Installer\2e5ef.msp

c:\windows\Installer\2e5fb.msp

c:\windows\Installer\2e601.msp

c:\windows\Installer\2e70a.msp

c:\windows\Installer\2e70f.msp

c:\windows\Installer\2e764.msp

c:\windows\Installer\2e769.msp

c:\windows\Installer\2e778.msp

c:\windows\Installer\2e77d.msp

c:\windows\Installer\2e7d2.msp

c:\windows\Installer\2e7d7.msp

c:\windows\Installer\2e8df.msp

c:\windows\Installer\2e8e7.msp

c:\windows\Installer\2e947.msp

c:\windows\Installer\2e94d.msp

c:\windows\Installer\2ec0c.msp

c:\windows\Installer\2ec12.msp

c:\windows\Installer\2ec6f.msp

c:\windows\Installer\2ec75.msp

c:\windows\Installer\2ed63.msp

c:\windows\Installer\2ed69.msp

c:\windows\Installer\2edcb.msp

c:\windows\Installer\2edd1.msp

c:\windows\Installer\2ee3e.msp

c:\windows\Installer\2ee44.msp

c:\windows\Installer\2ee63bb.msp

c:\windows\Installer\2ee63c0.msp

c:\windows\Installer\2ee6415.msp

c:\windows\Installer\2ee641a.msp

c:\windows\Installer\2eea6.msp

c:\windows\Installer\2eeac.msp

c:\windows\Installer\2f1c8.msp

c:\windows\Installer\2f1ce.msp

c:\windows\Installer\2f1d6.msp

c:\windows\Installer\2f207.msp

c:\windows\Installer\2f236.msp

c:\windows\Installer\2f23d.msp

c:\windows\Installer\2f243.msp

c:\windows\Installer\2f25f.msp

c:\windows\Installer\2f266.msp

c:\windows\Installer\2f26b.msp

c:\windows\Installer\2f88f.msp

c:\windows\Installer\2f896.msp

c:\windows\Installer\2f8ee.msp

c:\windows\Installer\2f8f3.msp

c:\windows\Installer\2fe6b.msp

c:\windows\Installer\2fe71.msp

c:\windows\Installer\2fece.msp

c:\windows\Installer\2fed4.msp

c:\windows\Installer\304c4.msp

c:\windows\Installer\304c9.msp

c:\windows\Installer\3051e.msp

c:\windows\Installer\30523.msp

c:\windows\Installer\305dd.msp

c:\windows\Installer\305e3.msp

c:\windows\Installer\305eb.msp

c:\windows\Installer\3064b.msp

c:\windows\Installer\3084e.msp

c:\windows\Installer\30854.msp

c:\windows\Installer\308b6.msp

c:\windows\Installer\30c46.msp

c:\windows\Installer\30c55.msp

c:\windows\Installer\30c5a.msp

c:\windows\Installer\30c9e.msp

c:\windows\Installer\30ca5.msp

c:\windows\Installer\30caa.msp

c:\windows\Installer\30caf.msp

c:\windows\Installer\30cb4.msp

c:\windows\Installer\30d8e.msp

c:\windows\Installer\30d94.msp

c:\windows\Installer\30df6.msp

c:\windows\Installer\30dfc.msp

c:\windows\Installer\31108.msp

c:\windows\Installer\3110d.msp

c:\windows\Installer\31162.msp

c:\windows\Installer\31167.msp

c:\windows\Installer\316a6.msp

c:\windows\Installer\316ac.msp

c:\windows\Installer\316b4.msp

c:\windows\Installer\31714.msp

c:\windows\Installer\31907.msp

c:\windows\Installer\3190d.msp

c:\windows\Installer\3196f.msp

c:\windows\Installer\31975.msp

c:\windows\Installer\31a9ae2.msp

c:\windows\Installer\31a9aea.msp

c:\windows\Installer\31a9b4a.msp

c:\windows\Installer\31a9b50.msp

c:\windows\Installer\31d7c.msp

c:\windows\Installer\31d84.msp

c:\windows\Installer\31de4.msp

c:\windows\Installer\31dea.msp

c:\windows\Installer\31ed150.msp

c:\windows\Installer\31ed156.msp

c:\windows\Installer\31ed15e.msp

c:\windows\Installer\31ed1be.msp

c:\windows\Installer\31ed1c5.msp

c:\windows\Installer\31ed1cb.msp

c:\windows\Installer\31ffc.msp

c:\windows\Installer\32002.msp

c:\windows\Installer\32064.msp

c:\windows\Installer\3206a.msp

c:\windows\Installer\32116.msp

c:\windows\Installer\3211c.msp

c:\windows\Installer\32124.msp

c:\windows\Installer\32184.msp

c:\windows\Installer\3218b.msp

c:\windows\Installer\32191.msp

c:\windows\Installer\32721.msp

c:\windows\Installer\32779.msp

c:\windows\Installer\32780.msp

c:\windows\Installer\32785.msp

c:\windows\Installer\327fb.msp

c:\windows\Installer\3285b.msp

c:\windows\Installer\32863.msp

c:\windows\Installer\32869.msp

c:\windows\Installer\32bffc3.msp

c:\windows\Installer\32bffcb.msp

c:\windows\Installer\32c002b.msp

c:\windows\Installer\32c0031.msp

c:\windows\Installer\32e25.msp

c:\windows\Installer\32e2b.msp

c:\windows\Installer\32e8d.msp

c:\windows\Installer\32e93.msp

c:\windows\Installer\33190.msp

c:\windows\Installer\33196.msp

c:\windows\Installer\331f8.msp

c:\windows\Installer\331fe.msp

c:\windows\Installer\33365.msp

c:\windows\Installer\3336a.msp

c:\windows\Installer\333bf.msp

c:\windows\Installer\333c4.msp

c:\windows\Installer\33b45.msp

c:\windows\Installer\33ba5.msp

c:\windows\Installer\33bad.msp

c:\windows\Installer\33bb3.msp

c:\windows\Installer\344512b.msp

c:\windows\Installer\3445130.msp

c:\windows\Installer\3445185.msp

c:\windows\Installer\344518a.msp

c:\windows\Installer\345b5.msp

c:\windows\Installer\345bb.msp

c:\windows\Installer\345c3.msp

c:\windows\Installer\345cf.msp

c:\windows\Installer\345d5.msp

c:\windows\Installer\34ac6.msp

c:\windows\Installer\34b26.msp

c:\windows\Installer\34b2e.msp

c:\windows\Installer\34b34.msp

c:\windows\Installer\34f88.msp

c:\windows\Installer\34fe8.msp

c:\windows\Installer\34ff0.msp

c:\windows\Installer\34ff6.msp

c:\windows\Installer\35219.msp

c:\windows\Installer\35279.msp

c:\windows\Installer\35281.msp

c:\windows\Installer\35287.msp

c:\windows\Installer\353be.msp

c:\windows\Installer\353c3.msp

c:\windows\Installer\353fd.msp

c:\windows\Installer\35418.msp

c:\windows\Installer\3541d.msp

c:\windows\Installer\35455.msp

c:\windows\Installer\3545c.msp

c:\windows\Installer\35461.msp

c:\windows\Installer\35eab.msp

c:\windows\Installer\35eb1.msp

c:\windows\Installer\35ec13.msp

c:\windows\Installer\35ec18.msp

c:\windows\Installer\35ec42.msp

c:\windows\Installer\35ec47.msp

c:\windows\Installer\35f13.msp

c:\windows\Installer\35f19.msp

c:\windows\Installer\36032.msp

c:\windows\Installer\36038.msp

c:\windows\Installer\36044.msp

c:\windows\Installer\3604c.msp

c:\windows\Installer\36052.msp

c:\windows\Installer\3a903.msp

c:\windows\Installer\3a963.msp

c:\windows\Installer\3a96b.msp

c:\windows\Installer\3a971.msp

c:\windows\Installer\3b0d3.msp

c:\windows\Installer\3b0d9.msp

c:\windows\Installer\3b0e1.msp

c:\windows\Installer\3b141.msp

c:\windows\Installer\3b148.msp

c:\windows\Installer\3b14e.msp

c:\windows\Installer\3c14d.msp

c:\windows\Installer\3c152.msp

c:\windows\Installer\3c1a7.msp

c:\windows\Installer\3c1ac.msp

c:\windows\Installer\3d6d9.msp

c:\windows\Installer\3d731.msp

c:\windows\Installer\3d738.msp

c:\windows\Installer\3d73d.msp

c:\windows\Installer\3f04d.msp

c:\windows\Installer\3f054.msp

c:\windows\Installer\3f0ac.msp

c:\windows\Installer\3f0b1.msp

c:\windows\Installer\40ee1.msp

c:\windows\Installer\40ee7.msp

c:\windows\Installer\40f49.msp

c:\windows\Installer\40f4f.msp

c:\windows\Installer\41be1.msp

c:\windows\Installer\41be7.msp

c:\windows\Installer\41c49.msp

c:\windows\Installer\41c4f.msp

c:\windows\Installer\4218e.msp

c:\windows\Installer\42194.msp

c:\windows\Installer\4219c.msp

c:\windows\Installer\421fc.msp

c:\windows\Installer\42203.msp

c:\windows\Installer\42209.msp

c:\windows\Installer\424ba.msp

c:\windows\Installer\42512.msp

c:\windows\Installer\42519.msp

c:\windows\Installer\4251e.msp

c:\windows\Installer\42d75.msp

c:\windows\Installer\42dcd.msp

c:\windows\Installer\42dd4.msp

c:\windows\Installer\42dd9.msp

c:\windows\Installer\44571.msp

c:\windows\Installer\445d1.msp

c:\windows\Installer\445d9.msp

c:\windows\Installer\445df.msp

c:\windows\Installer\481ee.msp

c:\windows\Installer\4824e.msp

c:\windows\Installer\48256.msp

c:\windows\Installer\4825c.msp

c:\windows\Installer\539065.msp

c:\windows\Installer\5390bd.msp

c:\windows\Installer\5390c4.msp

c:\windows\Installer\5390c9.msp

c:\windows\Installer\53c5771.msp

c:\windows\Installer\53c5776.msp

c:\windows\Installer\53c57cb.msp

c:\windows\Installer\53c57d0.msp

c:\windows\Installer\5a966.msp

c:\windows\Installer\5a96d.msp

c:\windows\Installer\5a972.msp

c:\windows\Installer\5e045.msp

c:\windows\Installer\5e04c.msp

c:\windows\Installer\5e051.msp

c:\windows\Installer\6d63e2.msp

c:\windows\Installer\6da55.msp

c:\windows\Installer\6da5c.msp

c:\windows\Installer\6da61.msp

c:\windows\Installer\9fbba.msp

c:\windows\Installer\9fbbb.msp

c:\windows\Installer\9fbbc.msp

c:\windows\Installer\9fbbd.msp

c:\windows\Installer\9fbbe.msp

c:\windows\Installer\9fbbf.msp

c:\windows\Installer\9fbc0.msp

c:\windows\Installer\9fbc1.msp

c:\windows\Installer\9fbc2.msp

c:\windows\Installer\9fc67.msp

c:\windows\Installer\9fc6d.msp

c:\windows\Installer\a6afe0.msp

c:\windows\Installer\a6afe6.msp

c:\windows\Installer\a6b048.msp

c:\windows\Installer\a6b04e.msp

c:\windows\Installer\ae3e8.msp

c:\windows\Installer\ae3e9.msp

c:\windows\Installer\ae3ea.msp

c:\windows\Installer\ae3eb.msp

c:\windows\Installer\ae3ec.msp

c:\windows\Installer\ae3ed.msp

c:\windows\Installer\ae3ee.msp

c:\windows\Installer\ae3ef.msp

c:\windows\Installer\ae3f0.msp

c:\windows\Installer\ae495.msp

c:\windows\Installer\ae49b.msp

c:\windows\Installer\b3e3f0.msp

c:\windows\Installer\b3e3f5.msp

c:\windows\Installer\b3e44a.msp

c:\windows\Installer\b3e44f.msp

c:\windows\Installer\b4e3a.msp

c:\windows\Installer\b4e3b.msp

c:\windows\Installer\b4e3c.msp

c:\windows\Installer\b4e3d.msp

c:\windows\Installer\b4e3e.msp

c:\windows\Installer\b4e3f.msp

c:\windows\Installer\b4e40.msp

c:\windows\Installer\b4e41.msp

c:\windows\Installer\b4e42.msp

c:\windows\Installer\b4ee7.msp

c:\windows\Installer\b4eed.msp

c:\windows\Installer\c15bc7.msp

c:\windows\Installer\c15bcc.msp

c:\windows\Installer\cef48.msp

c:\windows\Installer\cef49.msp

c:\windows\Installer\cef4a.msp

c:\windows\Installer\cef4b.msp

c:\windows\Installer\cef4c.msp

c:\windows\Installer\cef4d.msp

c:\windows\Installer\cef4e.msp

c:\windows\Installer\cef4f.msp

c:\windows\Installer\cef50.msp

c:\windows\Installer\ceff5.msp

c:\windows\Installer\ceffb.msp

c:\windows\Installer\d063b.msp

c:\windows\Installer\d063c.msp

c:\windows\Installer\d063d.msp

c:\windows\Installer\d063e.msp

c:\windows\Installer\d063f.msp

c:\windows\Installer\d0640.msp

c:\windows\Installer\d0641.msp

c:\windows\Installer\d0642.msp

c:\windows\Installer\d0643.msp

c:\windows\Installer\d06e8.msp

c:\windows\Installer\d06ee.msp

c:\windows\Installer\eb75b5.msp

c:\windows\Installer\eb75ba.msp

c:\windows\Installer\eb760f.msp

c:\windows\Installer\eb7614.msp

c:\windows\qehidome.ban

c:\windows\ryru.pif

c:\windows\siviv.scr

c:\windows\system32\Cache

c:\windows\system32\drivers\SKYNETkoeppuri.sys

c:\windows\system32\drivers\UACiyalxqmkqm.sys

c:\windows\system32\ibodili.dl

c:\windows\system32\images

c:\windows\system32\images\toolbar\calendar.gif

c:\windows\system32\images\toolbar\crlogo.gif

c:\windows\system32\images\toolbar\export.gif

c:\windows\system32\images\toolbar\export_over.gif

c:\windows\system32\images\toolbar\exportd.gif

c:\windows\system32\images\toolbar\First.gif

c:\windows\system32\images\toolbar\first_over.gif

c:\windows\system32\images\toolbar\Firstd.gif

c:\windows\system32\images\toolbar\gotopage.gif

c:\windows\system32\images\toolbar\gotopage_over.gif

c:\windows\system32\images\toolbar\gotopaged.gif

c:\windows\system32\images\toolbar\grouptree.gif

c:\windows\system32\images\toolbar\grouptree_over.gif

c:\windows\system32\images\toolbar\grouptreed.gif

c:\windows\system32\images\toolbar\grouptreepressed.gif

c:\windows\system32\images\toolbar\Last.gif

c:\windows\system32\images\toolbar\last_over.gif

c:\windows\system32\images\toolbar\Lastd.gif

c:\windows\system32\images\toolbar\Next.gif

c:\windows\system32\images\toolbar\next_over.gif

c:\windows\system32\images\toolbar\Nextd.gif

c:\windows\system32\images\toolbar\Prev.gif

c:\windows\system32\images\toolbar\prev_over.gif

c:\windows\system32\images\toolbar\Prevd.gif

c:\windows\system32\images\toolbar\print.gif

c:\windows\system32\images\toolbar\print_over.gif

c:\windows\system32\images\toolbar\printd.gif

c:\windows\system32\images\toolbar\Refresh.gif

c:\windows\system32\images\toolbar\refresh_over.gif

c:\windows\system32\images\toolbar\refreshd.gif

c:\windows\system32\images\toolbar\Search.gif

c:\windows\system32\images\toolbar\search_over.gif

c:\windows\system32\images\toolbar\searchd.gif

c:\windows\system32\images\toolbar\up.gif

c:\windows\system32\images\toolbar\up_over.gif

c:\windows\system32\images\toolbar\upd.gif

c:\windows\system32\images\tree\begindots.gif

c:\windows\system32\images\tree\beginminus.gif

c:\windows\system32\images\tree\beginplus.gif

c:\windows\system32\images\tree\blank.gif

c:\windows\system32\images\tree\blankdots.gif

c:\windows\system32\images\tree\dots.gif

c:\windows\system32\images\tree\lastdots.gif

c:\windows\system32\images\tree\lastminus.gif

c:\windows\system32\images\tree\lastplus.gif

c:\windows\system32\images\tree\Magnify.gif

c:\windows\system32\images\tree\minus.gif

c:\windows\system32\images\tree\minusbox.gif

c:\windows\system32\images\tree\plus.gif

c:\windows\system32\images\tree\plusbox.gif

c:\windows\system32\images\tree\singleminus.gif

c:\windows\system32\images\tree\singleplus.gif

c:\windows\system32\moxazixi.reg

c:\windows\system32\oqamohi.dll

c:\windows\system32\SKYNETbohsnagy.dat

c:\windows\system32\SKYNETclwpjatj.dll

c:\windows\system32\SKYNETfqncvqvs.dat

c:\windows\system32\SKYNETwalylgrv.dll

c:\windows\system32\UACapbavypeto.db

c:\windows\system32\UACbiuiyqxfan.dll

c:\windows\system32\UACdyfonhbhpv.dll

c:\windows\system32\uacinit.dll

c:\windows\system32\UACoblnsvjcpk.dll

c:\windows\system32\UACsjujaectik.dat

c:\windows\system32\UACuntdghddpk.dll

c:\windows\system32\ukomumy.scr

c:\windows\system32\vawoc.ban

c:\windows\TEMP\ismp540\win32ppk.dll

c:\windows\tuvudycera.scr

c:\windows\vizukigy.bin

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_SKYNETnbdoujpe

-------\Legacy_SKYNETnbdoujpe

-------\Service_UACd.sys

-------\Legacy_UACd.sys

-------\Legacy_NWCWORKSTATION

-------\Service_NWCWorkstation

((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))

.

2009-08-26 17:13 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\setup.exe

2009-08-26 17:13 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ar00000\install.exe

2009-08-26 07:31 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-26 07:31 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-26 05:31 . 2009-08-26 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-08-25 23:34 . 2009-08-25 23:34 -------- d-s---w- C:\something

2009-08-25 03:11 . 2009-08-25 03:11 34816 ----a-w- c:\windows\system32\drivers\nhrje.sys

2009-08-13 17:36 . 2009-08-26 05:35 -------- d-----w- c:\documents and settings\shaanu\Application Data\SUPERAntiSpyware.com

2009-08-13 17:36 . 2009-08-26 05:35 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-12 12:39 . 2009-08-12 12:39 20480 ----a-w- c:\windows\system32\UACjyirvkkwpr.dll

2009-08-12 10:16 . 2009-08-12 10:16 -------- d-----w- c:\documents and settings\shaanu\Application Data\Malwarebytes

2009-08-12 09:38 . 2009-08-26 07:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-11 23:55 . 2009-08-12 09:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware_old

2009-08-11 23:55 . 2009-08-11 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-11 22:11 . 2009-08-11 22:11 14282 ----a-w- c:\windows\system32\enysazinow.dat

2009-08-02 14:37 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\Upgrade\setup2.exe

2009-08-02 14:37 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\Upgrade\install2.exe

2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\magicJack.dll

2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\setup.exe

2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJackLoader.exe

2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\octvqe1_apiw.dll

2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\TjVista.dll

2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\TjIpSys.dll

2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\SJHandsetMagicJack.dll

2009-08-01 16:15 . 2009-08-01 16:15 87384 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\st00000\mjsetup.exe

2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\st00000\magicJack.dll

2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJack.dll

2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJack.exe

2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\install.exe

2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\mjsetup.exe

2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\magicJack.dll

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\st00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 50520 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\cdloader2.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-27 01:33 . 2008-06-11 03:03 -------- d-----w- c:\documents and settings\shaanu\Application Data\Skype

2009-08-26 17:13 . 2009-05-01 00:25 -------- d-----w- c:\documents and settings\shaanu\Application Data\mjusbsp

2009-08-17 02:57 . 2008-10-11 00:22 1680064 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll

2009-08-17 02:54 . 2008-10-11 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-13 12:06 . 2008-10-11 00:22 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2009-08-13 12:05 . 2008-06-09 03:39 79344 -c--a-w- c:\documents and settings\shaanu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-12 09:38 . 2008-10-11 00:10 -------- d-----w- c:\program files\HTML Help Workshop

2009-08-12 09:31 . 2009-08-12 09:31 16682 ----a-w- c:\program files\Common Files\edizy._sy

2009-08-11 23:57 . 2009-04-27 17:47 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-11 23:53 . 2008-10-11 00:26 -------- d-----w- c:\program files\Microsoft SQL Server

2009-08-11 23:31 . 2008-06-09 21:22 -------- d-----w- c:\program files\Microsoft Works

2009-08-11 23:27 . 2008-10-11 00:10 -------- d-----w- c:\program files\Common Files\Merge Modules

2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-28 12:44 . 2009-04-20 00:32 -------- d-----w- c:\program files\Canon

2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:19 . 2008-06-09 03:28 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-04 17:36 . 2009-06-04 17:36 390664 -c--a-w- c:\documents and settings\shaanu\Application Data\Real\RealPlayer\Update\RealPlayer11.exe

2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-05-15 57344]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 68856]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24267560]

"cdloader"="c:\documents and settings\shaanu\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-02-16 131072]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 40960]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-13 185896]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]

"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-17 177448]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-27 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\tibco\\tibrv\\bin\\rvd.exe"=

"c:\\tibco\\tra\\5.5\\bin\\domainutility.exe"=

"c:\\bea\\jrockit81sp6_142_10\\bin\\javaw.exe"=

"c:\\bea\\jdk142_11\\bin\\java.exe"=

"c:\\tibco\\designer\\5.5\\bin\\designer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\tibco\\ems\\bin\\tibemsd.exe"=

"c:\\Business Studio\\tibcojre\\1.5.0\\bin\\javaw.exe"=

"c:\\Documents and Settings\\shaanu\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Documents and Settings\\shaanu\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/17/2008 6:12 PM 161064]

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2/28/2006 7:00 AM 14336]

R2 TIBCOAdmin-ZBWADMIN;TIBCO Administrator 5.4 (ZBWADMIN);C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice "TIBCOAdmin-ZBWADMIN" --> C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice TIBCOAdmin-ZBWADMIN [?]

R2 TIBHawkAgent-ZBWADMIN-zaash;TIBCO Hawk Agent (ZBWADMIN);C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice "TIBHawkAgent-ZBWADMIN-zaash" --> C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice TIBHawkAgent-ZBWADMIN-zaash [?]

S2 jbnxrfv;jbnxrfv;c:\windows\system32\drivers\qafqr.sys --> c:\windows\system32\drivers\qafqr.sys [?]

S2 qzfrsp;qzfrsp;c:\windows\system32\drivers\fpjrsja.sys --> c:\windows\system32\drivers\fpjrsja.sys [?]

S3 tibemsd;TIBCO EMS Server;c:\tibco\ems\bin\emsntsct.exe "tibemsd" --> c:\tibco\ems\bin\emsntsct.exe tibemsd [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-27 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 03:18]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe

HKCU-Run-SmartVoip - c:\program files\SmartVoip.com\SmartVoip\SmartVoip.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\shaanu\Application Data\Mozilla\Firefox\Profiles\07zhw42k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://eenadu.net/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\shaanu\Application Data\Mozilla\Firefox\Profiles\07zhw42k.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\Picasa2\npPicasa3.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-26 20:33

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ????L??????R?@?????,?@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBCOAdmin-ZBWADMIN]

"ImagePath"="C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice \"TIBCOAdmin-ZBWADMIN\""

--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBHawkAgent-ZBWADMIN-zaash]

"ImagePath"="C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice \"TIBHawkAgent-ZBWADMIN-zaash\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBCOAdmin-ZBWADMIN]

"ImagePath"="C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice \"TIBCOAdmin-ZBWADMIN\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBHawkAgent-ZBWADMIN-zaash]

"ImagePath"="C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice \"TIBHawkAgent-ZBWADMIN-zaash\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3868)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\tibco\administrator\domain\ZBWADMIN\bin\tibcoadmin_ZBWADMIN.exe

c:\tibco\tra\domain\ZBWADMIN\hawkagent_ZBWADMIN.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\tibco\tibrv\bin\rvd.exe

c:\tibco\tibrv\bin\rvd.exe

c:\tibco\hawk\bin\tibhawkhma.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE

.

**************************************************************************

.

Completion time: 2009-08-27 20:41 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-27 01:41

Pre-Run: 2,474,987,520 bytes free

Post-Run: 3,720,122,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

879 --- E O F --- 2009-08-17 02:58

Link to post
Share on other sites

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

c:\windows\system32\drivers\nhrje.sys

c:\windows\system32\UACjyirvkkwpr.dll

Driver::

jbnxrfv

qzfrsp

vvdsvc

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

Link to post
Share on other sites

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

You did the magic ,my computer is performing a lot better now.

Here are logs requested by you. Please let me know the further steps.

I also attached the logs for your reference.

Thanks a million to you.

Combofix.txt

======================================================================

ComboFix 09-08-27.02 - shaanu 08/27/2009 18:55.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1187 [GMT -5:00]

Running from: c:\documents and settings\shaanu\Desktop\test1234.exe

Command switches used :: c:\documents and settings\shaanu\Desktop\CFScript.txt

FILE ::

"c:\windows\system32\drivers\nhrje.sys"

"c:\windows\system32\UACjyirvkkwpr.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\nhrje.sys

c:\windows\TEMP\ismp004\win32ppk.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_QZFRSP

-------\Legacy_VVDSVC

-------\Service_jbnxrfv

-------\Service_qzfrsp

-------\Service_vvdsvc

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))

.

2009-08-27 15:09 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\setup.exe

2009-08-27 15:09 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ar00000\install.exe

2009-08-26 07:31 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-26 07:31 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-26 05:31 . 2009-08-26 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-08-25 23:34 . 2009-08-25 23:34 -------- d-s---w- C:\something

2009-08-13 17:36 . 2009-08-26 05:35 -------- d-----w- c:\documents and settings\shaanu\Application Data\SUPERAntiSpyware.com

2009-08-13 17:36 . 2009-08-26 05:35 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-12 10:16 . 2009-08-12 10:16 -------- d-----w- c:\documents and settings\shaanu\Application Data\Malwarebytes

2009-08-12 09:38 . 2009-08-26 07:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-11 23:55 . 2009-08-12 09:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware_old

2009-08-11 23:55 . 2009-08-11 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-11 22:11 . 2009-08-11 22:11 14282 ----a-w- c:\windows\system32\enysazinow.dat

2009-08-02 14:37 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\Upgrade\setup2.exe

2009-08-02 14:37 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\Upgrade\install2.exe

2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\magicJack.dll

2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\setup.exe

2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJackLoader.exe

2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\octvqe1_apiw.dll

2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\TjVista.dll

2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\TjIpSys.dll

2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\SJHandsetMagicJack.dll

2009-08-01 16:15 . 2009-08-01 16:15 87384 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\st00000\mjsetup.exe

2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\st00000\magicJack.dll

2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJack.dll

2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJack.exe

2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\install.exe

2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\mjsetup.exe

2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\magicJack.dll

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\st00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 50520 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\cdloader2.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-28 00:04 . 2008-06-11 03:03 -------- d-----w- c:\documents and settings\shaanu\Application Data\Skype

2009-08-27 15:09 . 2009-05-01 00:25 -------- d-----w- c:\documents and settings\shaanu\Application Data\mjusbsp

2009-08-17 02:57 . 2008-10-11 00:22 1680064 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll

2009-08-17 02:54 . 2008-10-11 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-13 12:06 . 2008-10-11 00:22 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2009-08-13 12:05 . 2008-06-09 03:39 79344 -c--a-w- c:\documents and settings\shaanu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-12 09:38 . 2008-10-11 00:10 -------- d-----w- c:\program files\HTML Help Workshop

2009-08-12 09:31 . 2009-08-12 09:31 16682 ----a-w- c:\program files\Common Files\edizy._sy

2009-08-11 23:57 . 2009-04-27 17:47 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-11 23:53 . 2008-10-11 00:26 -------- d-----w- c:\program files\Microsoft SQL Server

2009-08-11 23:31 . 2008-06-09 21:22 -------- d-----w- c:\program files\Microsoft Works

2009-08-11 23:27 . 2008-10-11 00:10 -------- d-----w- c:\program files\Common Files\Merge Modules

2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-28 12:44 . 2009-04-20 00:32 -------- d-----w- c:\program files\Canon

2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:12 . 2006-02-28 12:00 827392 ------w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:19 . 2008-06-09 03:28 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-04 17:36 . 2009-06-04 17:36 390664 -c--a-w- c:\documents and settings\shaanu\Application Data\Real\RealPlayer\Update\RealPlayer11.exe

2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-27_01.34.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-28 00:04 . 2009-08-28 00:04 16384 c:\windows\Temp\Perflib_Perfdata_978.dat

+ 2008-06-09 21:32 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe

+ 2008-10-26 17:22 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll

- 2008-10-26 17:22 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll

+ 2009-08-28 00:03 . 2009-08-28 00:03 180224 c:\windows\Temp\ismp001\win32ppk.dll

- 2009-08-27 01:32 . 2009-08-27 01:32 180224 c:\windows\Temp\ismp001\win32ppk.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-05-15 57344]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 68856]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24267560]

"cdloader"="c:\documents and settings\shaanu\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-02-16 131072]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 40960]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-13 185896]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]

"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-17 177448]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-27 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\tibco\\tibrv\\bin\\rvd.exe"=

"c:\\tibco\\tra\\5.5\\bin\\domainutility.exe"=

"c:\\bea\\jrockit81sp6_142_10\\bin\\javaw.exe"=

"c:\\bea\\jdk142_11\\bin\\java.exe"=

"c:\\tibco\\designer\\5.5\\bin\\designer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\tibco\\ems\\bin\\tibemsd.exe"=

"c:\\Business Studio\\tibcojre\\1.5.0\\bin\\javaw.exe"=

"c:\\Documents and Settings\\shaanu\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\shaanu\\Application Data\\mjusbsp\\magicJack.exe"=

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/17/2008 6:12 PM 161064]

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2/28/2006 7:00 AM 14336]

R2 TIBCOAdmin-ZBWADMIN;TIBCO Administrator 5.4 (ZBWADMIN);C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice "TIBCOAdmin-ZBWADMIN" --> C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice TIBCOAdmin-ZBWADMIN [?]

R2 TIBHawkAgent-ZBWADMIN-zaash;TIBCO Hawk Agent (ZBWADMIN);C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice "TIBHawkAgent-ZBWADMIN-zaash" --> C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice TIBHawkAgent-ZBWADMIN-zaash [?]

S3 tibemsd;TIBCO EMS Server;c:\tibco\ems\bin\emsntsct.exe "tibemsd" --> c:\tibco\ems\bin\emsntsct.exe tibemsd [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-28 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\shaanu\Application Data\Mozilla\Firefox\Profiles\07zhw42k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://eenadu.net/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\shaanu\Application Data\Mozilla\Firefox\Profiles\07zhw42k.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\Picasa2\npPicasa3.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-27 19:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ????L??????R?@?????,?@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBCOAdmin-ZBWADMIN]

"ImagePath"="C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice \"TIBCOAdmin-ZBWADMIN\""

--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBHawkAgent-ZBWADMIN-zaash]

"ImagePath"="C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice \"TIBHawkAgent-ZBWADMIN-zaash\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBCOAdmin-ZBWADMIN]

"ImagePath"="C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice \"TIBCOAdmin-ZBWADMIN\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBHawkAgent-ZBWADMIN-zaash]

"ImagePath"="C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice \"TIBHawkAgent-ZBWADMIN-zaash\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1752)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\tibco\administrator\domain\ZBWADMIN\bin\tibcoadmin_ZBWADMIN.exe

c:\tibco\tra\domain\ZBWADMIN\hawkagent_ZBWADMIN.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\tibco\tibrv\bin\rvd.exe

c:\tibco\tibrv\bin\rvd.exe

c:\tibco\hawk\bin\tibhawkhma.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE

.

**************************************************************************

.

Completion time: 2009-08-28 19:11 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-28 00:11

ComboFix2.txt 2009-08-27 01:41

Pre-Run: 3,832,475,648 bytes free

Post-Run: 3,778,183,168 bytes free

280 --- E O F --- 2009-08-27 03:05

===============================================

Hijackthis log

===============================================================================

ComboFix 09-08-27.02 - shaanu 08/27/2009 18:55.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1187 [GMT -5:00]

Running from: c:\documents and settings\shaanu\Desktop\test1234.exe

Command switches used :: c:\documents and settings\shaanu\Desktop\CFScript.txt

FILE ::

"c:\windows\system32\drivers\nhrje.sys"

"c:\windows\system32\UACjyirvkkwpr.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\nhrje.sys

c:\windows\TEMP\ismp004\win32ppk.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_QZFRSP

-------\Legacy_VVDSVC

-------\Service_jbnxrfv

-------\Service_qzfrsp

-------\Service_vvdsvc

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))

.

2009-08-27 15:09 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\setup.exe

2009-08-27 15:09 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ar00000\install.exe

2009-08-26 07:31 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-26 07:31 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-26 05:31 . 2009-08-26 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-08-25 23:34 . 2009-08-25 23:34 -------- d-s---w- C:\something

2009-08-13 17:36 . 2009-08-26 05:35 -------- d-----w- c:\documents and settings\shaanu\Application Data\SUPERAntiSpyware.com

2009-08-13 17:36 . 2009-08-26 05:35 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-12 10:16 . 2009-08-12 10:16 -------- d-----w- c:\documents and settings\shaanu\Application Data\Malwarebytes

2009-08-12 09:38 . 2009-08-26 07:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-11 23:55 . 2009-08-12 09:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware_old

2009-08-11 23:55 . 2009-08-11 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-11 22:11 . 2009-08-11 22:11 14282 ----a-w- c:\windows\system32\enysazinow.dat

2009-08-02 14:37 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\Upgrade\setup2.exe

2009-08-02 14:37 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\shaanu\Application Data\mjusbsp\Upgrade\install2.exe

2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\magicJack.dll

2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\setup.exe

2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJackLoader.exe

2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\octvqe1_apiw.dll

2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\TjVista.dll

2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\TjIpSys.dll

2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\SJHandsetMagicJack.dll

2009-08-01 16:15 . 2009-08-01 16:15 87384 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\st00000\mjsetup.exe

2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\st00000\magicJack.dll

2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJack.dll

2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJack.exe

2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\install.exe

2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\mjsetup.exe

2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\magicJack.dll

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\ug00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\st00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\in00000\magicJackSplash.exe

2009-08-01 16:11 . 2009-08-01 16:11 50520 ----a-w- c:\documents and settings\shaanu\Application Data\mjusbsp\cdloader2.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-28 00:04 . 2008-06-11 03:03 -------- d-----w- c:\documents and settings\shaanu\Application Data\Skype

2009-08-27 15:09 . 2009-05-01 00:25 -------- d-----w- c:\documents and settings\shaanu\Application Data\mjusbsp

2009-08-17 02:57 . 2008-10-11 00:22 1680064 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll

2009-08-17 02:54 . 2008-10-11 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-13 12:06 . 2008-10-11 00:22 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll

2009-08-13 12:05 . 2008-06-09 03:39 79344 -c--a-w- c:\documents and settings\shaanu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-12 09:38 . 2008-10-11 00:10 -------- d-----w- c:\program files\HTML Help Workshop

2009-08-12 09:31 . 2009-08-12 09:31 16682 ----a-w- c:\program files\Common Files\edizy._sy

2009-08-11 23:57 . 2009-04-27 17:47 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-11 23:53 . 2008-10-11 00:26 -------- d-----w- c:\program files\Microsoft SQL Server

2009-08-11 23:31 . 2008-06-09 21:22 -------- d-----w- c:\program files\Microsoft Works

2009-08-11 23:27 . 2008-10-11 00:10 -------- d-----w- c:\program files\Common Files\Merge Modules

2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-28 12:44 . 2009-04-20 00:32 -------- d-----w- c:\program files\Canon

2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 04:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:12 . 2006-02-28 12:00 827392 ------w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:19 . 2008-06-09 03:28 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-04 17:36 . 2009-06-04 17:36 390664 -c--a-w- c:\documents and settings\shaanu\Application Data\Real\RealPlayer\Update\RealPlayer11.exe

2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-27_01.34.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-28 00:04 . 2009-08-28 00:04 16384 c:\windows\Temp\Perflib_Perfdata_978.dat

+ 2008-06-09 21:32 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe

+ 2008-10-26 17:22 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll

- 2008-10-26 17:22 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll

+ 2009-08-28 00:03 . 2009-08-28 00:03 180224 c:\windows\Temp\ismp001\win32ppk.dll

- 2009-08-27 01:32 . 2009-08-27 01:32 180224 c:\windows\Temp\ismp001\win32ppk.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-05-15 57344]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 68856]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24267560]

"cdloader"="c:\documents and settings\shaanu\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-02-16 131072]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 131072]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 40960]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-13 185896]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]

"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-17 177448]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-27 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\tibco\\tibrv\\bin\\rvd.exe"=

"c:\\tibco\\tra\\5.5\\bin\\domainutility.exe"=

"c:\\bea\\jrockit81sp6_142_10\\bin\\javaw.exe"=

"c:\\bea\\jdk142_11\\bin\\java.exe"=

"c:\\tibco\\designer\\5.5\\bin\\designer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\tibco\\ems\\bin\\tibemsd.exe"=

"c:\\Business Studio\\tibcojre\\1.5.0\\bin\\javaw.exe"=

"c:\\Documents and Settings\\shaanu\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\shaanu\\Application Data\\mjusbsp\\magicJack.exe"=

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/17/2008 6:12 PM 161064]

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2/28/2006 7:00 AM 14336]

R2 TIBCOAdmin-ZBWADMIN;TIBCO Administrator 5.4 (ZBWADMIN);C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice "TIBCOAdmin-ZBWADMIN" --> C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice TIBCOAdmin-ZBWADMIN [?]

R2 TIBHawkAgent-ZBWADMIN-zaash;TIBCO Hawk Agent (ZBWADMIN);C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice "TIBHawkAgent-ZBWADMIN-zaash" --> C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice TIBHawkAgent-ZBWADMIN-zaash [?]

S3 tibemsd;TIBCO EMS Server;c:\tibco\ems\bin\emsntsct.exe "tibemsd" --> c:\tibco\ems\bin\emsntsct.exe tibemsd [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-28 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\shaanu\Application Data\Mozilla\Firefox\Profiles\07zhw42k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://eenadu.net/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-veoh&p=

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\shaanu\Application Data\Mozilla\Firefox\Profiles\07zhw42k.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\Picasa2\npPicasa3.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-27 19:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ????L??????R?@?????,?@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBCOAdmin-ZBWADMIN]

"ImagePath"="C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice \"TIBCOAdmin-ZBWADMIN\""

--

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBHawkAgent-ZBWADMIN-zaash]

"ImagePath"="C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice \"TIBHawkAgent-ZBWADMIN-zaash\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBCOAdmin-ZBWADMIN]

"ImagePath"="C:/tibco/administrator/domain/ZBWADMIN/bin/tibcoadmin_ZBWADMIN.exe --ntservice \"TIBCOAdmin-ZBWADMIN\""

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TIBHawkAgent-ZBWADMIN-zaash]

"ImagePath"="C:/tibco/tra/domain/ZBWADMIN/hawkagent_ZBWADMIN.exe --ntservice \"TIBHawkAgent-ZBWADMIN-zaash\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1752)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\tibco\administrator\domain\ZBWADMIN\bin\tibcoadmin_ZBWADMIN.exe

c:\tibco\tra\domain\ZBWADMIN\hawkagent_ZBWADMIN.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\tibco\tibrv\bin\rvd.exe

c:\tibco\tibrv\bin\rvd.exe

c:\tibco\hawk\bin\tibhawkhma.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE

.

**************************************************************************

.

Completion time: 2009-08-28 19:11 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-28 00:11

ComboFix2.txt 2009-08-27 01:41

Pre-Run: 3,832,475,648 bytes free

Post-Run: 3,778,183,168 bytes free

280 --- E O F --- 2009-08-27 03:05

log.txt

ComboFix.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.