Something is wrong with my system..HJT log - Page 2

Pancake · 3 Weeks Ago

And the Combofix..??

faraz_k86 · 3 Weeks Ago

I already mentioned in my post that something is preventing me from downloading that.. any site that is hosting combofix wont open on my machine..

but something is still preventing me from opening the security sites like bleepingcomputer or the links u gave me... i just get a connection was reset error.

maybe if you could upload it to mediafire or rapidshare.. maybe then it would work

Pancake · 3 Weeks Ago

Can you get it from another computer and then run it on yours ?? Also see if you can remove this file: C:\Docum ents and Settings\LocalService\ewakl.exe \s its a keylogger,

faraz_k86 · 3 Weeks Ago

thx for letting me know about the keylogger.. i deleted the .exe file you mentioned but could not find anything related to the /s you mentioned.

anyways i downloaded combofix on my linux machine and ran it here.. here is its report:

[IMG]file:///C:/DOCUME%7E1/FARAZA%7E1/LOCALS%7E1/Temp/moz-screenshot.png[/IMG]ComboFix 09-10-28.01 - Faraz Ahmed 10/29/2009 12:15.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1535 [GMT 5:00]
Running from: c:\documents and settings\Faraz Ahmed\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ndisvvan.sys
c:\windows\system32\secupdat.dat . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Passthru

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-28 09:17 . 2009-10-28 09:17 -------- d-----w- c:\documents and settings\Faraz Ahmed\Application Data\Malwarebytes
2009-10-28 09:17 . 2009-09-10 09:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 09:17 . 2009-10-28 09:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 09:17 . 2009-10-28 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-28 09:17 . 2009-09-10 09:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 09:01 . 2009-10-28 09:01 -------- d-----w- C:\FOUND.000
2009-10-27 08:52 . 2009-10-27 08:52 -------- d-----w- c:\program files\Trend Micro
2009-10-27 07:24 . 2009-10-27 07:24 -------- d-----w- c:\program files\Zone Labs
2009-10-27 07:23 . 2009-10-27 07:23 -------- d-----w- c:\windows\Internet Logs
2009-10-26 19:09 . 2009-10-26 19:09 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-26 19:09 . 2009-10-26 19:09 -------- d-----w- c:\documents and settings\Faraz Ahmed\Application Data\SystemRequirementsLab
2009-10-26 17:56 . 2009-10-26 17:56 40128 ----a-w- c:\windows\system32\drivers\zafsnyfd.sys
2009-10-26 16:38 . 2009-10-26 16:38 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-26 16:37 . 2009-10-26 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-10-26 16:36 . 2006-11-15 00:48 1711488 ----a-w- c:\windows\system32\drivers\NETw3x32.sys
2009-10-26 16:36 . 2006-11-08 11:40 2732032 ----a-w- c:\windows\system32\NETw3r32.dll
2009-10-26 16:36 . 2006-11-08 11:39 561152 ----a-w- c:\windows\system32\NETw3c32.dll
2009-10-26 16:35 . 2009-10-26 16:35 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2009-10-26 05:37 . 2009-10-26 05:37 68608 ---h--w- c:\windows\system32\secupdat.dat
2009-10-24 08:05 . 2009-10-24 08:05 -------- d-----w- c:\documents and settings\Faraz Ahmed\Application Data\Pavtube
2009-10-13 07:05 . 2009-10-13 07:05 -------- d-----w- c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Electronic Arts
2009-10-13 07:03 . 2009-09-04 12:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-10-13 07:03 . 2009-09-04 12:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-10-13 07:03 . 2009-09-04 12:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-10-13 07:03 . 2009-09-04 12:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-10-13 07:03 . 2009-09-04 12:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-10-13 07:03 . 2009-09-04 12:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-10-13 07:02 . 2009-09-04 12:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-01 16:35 . 2009-10-01 16:35 -------- d-----w- c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Gas Powered Games
2009-10-01 15:11 . 2009-10-01 15:11 -------- d-----w- c:\documents and settings\Faraz Ahmed\Application Data\WinCare2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-13 07:05 . 2009-09-08 14:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-24 17:20 . 2009-09-11 17:06 25 ----a-w- c:\windows\popcinfot.dat
2009-09-19 06:09 . 2009-09-19 06:09 -------- d-----w- c:\program files\KGB Archiver
2009-09-17 16:41 . 2009-09-17 16:41 -------- d-----w- c:\program files\Samsung ML-1610 Series
2009-09-11 10:00 . 2009-09-11 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-09-08 14:05 . 2009-09-08 14:05 -------- d-----w- c:\documents and settings\Faraz Ahmed\Application Data\Bioshock
2009-09-08 14:05 . 2009-09-08 14:05 -------- d--h--r- c:\documents and settings\Faraz Ahmed\Application Data\SecuROM
2009-09-08 09:59 . 2009-09-08 09:59 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-08 09:59 . 2009-09-08 09:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-06 09:04 . 2009-09-06 09:04 -------- d-----w- c:\program files\CCleaner
2009-09-04 12:44 . 2009-07-27 05:12 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-28 14:43 . 2009-08-28 14:41 1 ----a-w- c:\windows\system32\Earth BluRay Ripper.dat
2009-08-28 14:42 . 2009-08-16 11:41 117696 ----a-w- c:\windows\system32\advddischlp.dll
2009-08-28 14:42 . 2009-08-16 11:41 89256 ----a-w- c:\windows\system32\elbycdio.dll
2009-08-28 14:42 . 2009-08-16 11:41 24232 ----a-w- c:\windows\system32\drivers\elbycdio.sys
2009-08-28 14:42 . 2009-08-16 11:41 103744 ----a-w- c:\windows\system32\drivers\anydvd.sys
2009-08-28 14:42 . 2009-08-16 11:41 1046464 ----a-w- c:\windows\system32\anydialog.dll
2009-08-28 14:41 . 2009-08-16 11:41 4359680 ----a-w- c:\windows\system32\bsdevice.dll
2009-08-28 14:02 . 2009-08-16 11:41 1 ----a-w- c:\windows\system32\iToolSoft Blu-Ray DVD Ripper.dat
2009-08-28 11:28 . 2009-08-16 13:18 1 ----a-w- c:\windows\system32\TOP Blu-ray Ripper.dat
2009-08-28 08:16 . 2009-08-28 08:13 1 ----a-w- c:\windows\system32\iToolSoft Blu-Ray DVD Copy.dat
2009-07-31 10:23 . 2009-05-15 07:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-05-03 09:06 . 2009-07-15 16:02 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-07-15 16:02 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-15 16:02 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2004-08-03 . 5EF48912206FF9225BA9CB3D26917DB1 . 3194368 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-03 . 5EF48912206FF9225BA9CB3D26917DB1 . 3194368 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-10 4608]
"RMClock"="c:\program files\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
"Google Update"="c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"UVS12 Preload"="d:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler .exe" [2007-03-16 31840]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-07-02 2453264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2009-01-21 134656]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe" [2007-03-02 933888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

c:\documents and settings\Faraz Ahmed\Start Menu\Programs\Startup\
UberIcon.lnk - c:\windows\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-2-5 180224]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-8 1719496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-02-27 12:26 131072 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 14:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\zafsnyfd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Dead Space\\Dead Space.exe"=

R0 zafsnyfd;zafsnyfd;c:\windows\system32\Drivers\zafs nyfd.sys --> c:\windows\system32\Drivers\zafsnyfd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2/6/2009 2:24 PM 93336]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/12/2008 6:04 PM 13480]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.s ys [5/24/2006 11:48 AM 10240]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [1/19/2007 3:16 PM 61440]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [3/14/2008 10:08 AM 54560]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/16/2009 4:41 PM 66944]
S3 minidrv32;MiniPort Driver Hub;\??\c:\windows\system32\drivers\minidrv32.sys --> c:\windows\system32\drivers\minidrv32.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [4/8/2009 12:30 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [4/8/2009 12:30 AM 8320]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-562591055-839522115-1003Core.job
- c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-28 18:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {114DE95F-7050-4745-B391-B11AB24660CD} = 203.99.163.240,202.125.132.12
TCP: {E715D03E-929E-4976-8D9B-58C3C1C8D570} = 203.99.163.240,202.125.132.12
FF - ProfilePath - c:\documents and settings\Faraz Ahmed\Application Data\Mozilla\Firefox\Profiles\z9tmgf7k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-562591055-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:16,02,ea,fe,b4,ee,3c,5a,b9,7c,1e,82,27,17 ,13,a8,d4,55,fe,af,8c,d9,0b,
e5,56,5f,15,ab,8f,45,93,c1,df,02,92,1d,20,80,04,73 ,7f,51,1a,11,2f,e7,d0,af,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33 ,8f,50

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{CDF97135-7FD2-4289-96B8-DD4505267ACD}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.314.0"
"UniqueId"="00029ACF49DB80C2"
"ScannerBuild"=dword:0000127c
"ScannerVersionId"=dword:00000f99
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000005
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'explorer.exe'(4004)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF2463.exe
c:\combofix\hidec.exe
c:\combofix\mbr.cfxxe
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.ex e
c:\program files\Orbitdownloader\orbitnet.exe
c:\combofix\PEV.cfxxe
.
************************************************** ************************
.
Completion time: 2009-10-29 12:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 07:27

Pre-Run: 2,512,535,552 bytes free
Post-Run: 4,374,298,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6271D5A2AA0AB0C9976552F48639DCAE

and here is the HJT log after the combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:43 PM, on 10/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Lenovo\PM Driver\PMSveH.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\RMClock\RMClock.exe
C:\Documents and Settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.ex e
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UVS12 Preload] d:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mail.piac.aero/dwa7W.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9914 bytes

and here is the HJT log after the combofix:

ComboFix 09-10-28.01 - Faraz Ahmed 10/29/2009 12:15.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1535 [GMT 5:00]
Running from: c:\documents and settings\Faraz Ahmed\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ndisvvan.sys
c:\windows\system32\secupdat.dat . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Passthru

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-28 09:17 . 2009-10-28 09:17 -------- d-----w- c:\documents and settings\Faraz Ahmed\Application Data\Malwarebytes
2009-10-28 09:17 . 2009-09-10 09:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 09:17 . 2009-10-28 09:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 09:17 . 2009-10-28 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-28 09:17 . 2009-09-10 09:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 09:01 . 2009-10-28 09:01 -------- d-----w- C:\FOUND.000
2009-10-27 08:52 . 2009-10-27 08:52 -------- d-----w- c:\program files\Trend Micro
2009-10-27 07:24 . 2009-10-27 07:24 -------- d-----w- c:\program files\Zone Labs
2009-10-27 07:23 . 2009-10-27 07:23 -------- d-----w- c:\windows\Internet Logs
2009-10-26 19:09 . 2009-10-26 19:09 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-26 19:09 . 2009-10-26 19:09 -------- d-----w- c:\documents and settings\Faraz Ahmed\Application Data\SystemRequirementsLab
2009-10-26 17:56 . 2009-10-26 17:56 40128 ----a-w- c:\windows\system32\drivers\zafsnyfd.sys
2009-10-26 16:38 . 2009-10-26 16:38 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-26 16:37 . 2009-10-26 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-10-26 16:36 . 2006-11-15 00:48 1711488 ----a-w- c:\windows\system32\drivers\NETw3x32.sys
2009-10-26 16:36 . 2006-11-08 11:40 2732032 ----a-w- c:\windows\system32\NETw3r32.dll
2009-10-26 16:36 . 2006-11-08 11:39 561152 ----a-w- c:\windows\system32\NETw3c32.dll
2009-10-26 16:35 . 2009-10-26 16:35 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2009-10-26 05:37 . 2009-10-26 05:37 68608 ---h--w- c:\windows\system32\secupdat.dat
2009-10-24 08:05 . 2009-10-24 08:05 -------- d-----w- c:\documents and settings\Faraz Ahmed\Application Data\Pavtube
2009-10-13 07:05 . 2009-10-13 07:05 -------- d-----w- c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Electronic Arts
2009-10-13 07:03 . 2009-09-04 12:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-10-13 07:03 . 2009-09-04 12:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-10-13 07:03 . 2009-09-04 12:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-10-13 07:03 . 2009-09-04 12:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-10-13 07:03 . 2009-09-04 12:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-10-13 07:03 . 2009-09-04 12:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-10-13 07:02 . 2009-09-04 12:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-01 16:35 . 2009-10-01 16:35 -------- d-----w- c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Gas Powered Games
2009-10-01 15:11 . 2009-10-01 15:11 -------- d-----w- c:\documents and settings\Faraz Ahmed\Application Data\WinCare2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-13 07:05 . 2009-09-08 14:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-24 17:20 . 2009-09-11 17:06 25 ----a-w- c:\windows\popcinfot.dat
2009-09-19 06:09 . 2009-09-19 06:09 -------- d-----w- c:\program files\KGB Archiver
2009-09-17 16:41 . 2009-09-17 16:41 -------- d-----w- c:\program files\Samsung ML-1610 Series
2009-09-11 10:00 . 2009-09-11 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-09-08 14:05 . 2009-09-08 14:05 -------- d-----w- c:\documents and settings\Faraz Ahmed\Application Data\Bioshock
2009-09-08 14:05 . 2009-09-08 14:05 -------- d--h--r- c:\documents and settings\Faraz Ahmed\Application Data\SecuROM
2009-09-08 09:59 . 2009-09-08 09:59 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-08 09:59 . 2009-09-08 09:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-06 09:04 . 2009-09-06 09:04 -------- d-----w- c:\program files\CCleaner
2009-09-04 12:44 . 2009-07-27 05:12 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-28 14:43 . 2009-08-28 14:41 1 ----a-w- c:\windows\system32\Earth BluRay Ripper.dat
2009-08-28 14:42 . 2009-08-16 11:41 117696 ----a-w- c:\windows\system32\advddischlp.dll
2009-08-28 14:42 . 2009-08-16 11:41 89256 ----a-w- c:\windows\system32\elbycdio.dll
2009-08-28 14:42 . 2009-08-16 11:41 24232 ----a-w- c:\windows\system32\drivers\elbycdio.sys
2009-08-28 14:42 . 2009-08-16 11:41 103744 ----a-w- c:\windows\system32\drivers\anydvd.sys
2009-08-28 14:42 . 2009-08-16 11:41 1046464 ----a-w- c:\windows\system32\anydialog.dll
2009-08-28 14:41 . 2009-08-16 11:41 4359680 ----a-w- c:\windows\system32\bsdevice.dll
2009-08-28 14:02 . 2009-08-16 11:41 1 ----a-w- c:\windows\system32\iToolSoft Blu-Ray DVD Ripper.dat
2009-08-28 11:28 . 2009-08-16 13:18 1 ----a-w- c:\windows\system32\TOP Blu-ray Ripper.dat
2009-08-28 08:16 . 2009-08-28 08:13 1 ----a-w- c:\windows\system32\iToolSoft Blu-Ray DVD Copy.dat
2009-07-31 10:23 . 2009-05-15 07:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-05-03 09:06 . 2009-07-15 16:02 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-07-15 16:02 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-15 16:02 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2004-08-03 . 5EF48912206FF9225BA9CB3D26917DB1 . 3194368 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-03 . 5EF48912206FF9225BA9CB3D26917DB1 . 3194368 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-10 4608]
"RMClock"="c:\program files\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
"Google Update"="c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"UVS12 Preload"="d:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler .exe" [2007-03-16 31840]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-07-02 2453264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2009-01-21 134656]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe" [2007-03-02 933888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

c:\documents and settings\Faraz Ahmed\Start Menu\Programs\Startup\
UberIcon.lnk - c:\windows\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-2-5 180224]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-8 1719496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-02-27 12:26 131072 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 14:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\zafsnyfd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Dead Space\\Dead Space.exe"=

R0 zafsnyfd;zafsnyfd;c:\windows\system32\Drivers\zafs nyfd.sys --> c:\windows\system32\Drivers\zafsnyfd.sys [?]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2/6/2009 2:24 PM 93336]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/12/2008 6:04 PM 13480]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.s ys [5/24/2006 11:48 AM 10240]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [1/19/2007 3:16 PM 61440]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [3/14/2008 10:08 AM 54560]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [8/16/2009 4:41 PM 66944]
S3 minidrv32;MiniPort Driver Hub;\??\c:\windows\system32\drivers\minidrv32.sys --> c:\windows\system32\drivers\minidrv32.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [4/8/2009 12:30 AM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [4/8/2009 12:30 AM 8320]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-562591055-839522115-1003Core.job
- c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-28 18:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {114DE95F-7050-4745-B391-B11AB24660CD} = 203.99.163.240,202.125.132.12
TCP: {E715D03E-929E-4976-8D9B-58C3C1C8D570} = 203.99.163.240,202.125.132.12
FF - ProfilePath - c:\documents and settings\Faraz Ahmed\Application Data\Mozilla\Firefox\Profiles\z9tmgf7k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1957994488-562591055-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:16,02,ea,fe,b4,ee,3c,5a,b9,7c,1e,82,27,17 ,13,a8,d4,55,fe,af,8c,d9,0b,
e5,56,5f,15,ab,8f,45,93,c1,df,02,92,1d,20,80,04,73 ,7f,51,1a,11,2f,e7,d0,af,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33 ,8f,50

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{CDF97135-7FD2-4289-96B8-DD4505267ACD}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.314.0"
"UniqueId"="00029ACF49DB80C2"
"ScannerBuild"=dword:0000127c
"ScannerVersionId"=dword:00000f99
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000005
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'explorer.exe'(4004)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF2463.exe
c:\combofix\hidec.exe
c:\combofix\mbr.cfxxe
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\Faraz Ahmed\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.ex e
c:\program files\Orbitdownloader\orbitnet.exe
c:\combofix\PEV.cfxxe
.
************************************************** ************************
.
Completion time: 2009-10-29 12:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 07:27

Pre-Run: 2,512,535,552 bytes free
Post-Run: 4,374,298,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6271D5A2AA0AB0C9976552F48639DCAE

note: just after combofix restarted my pc and after the log was created i got a virus warning by my nod32.. im attaching a screenshot of that warning.

also after combofix my WLAN driver, Bluetooth driver, and LAN driver got corrupted and i had to reinstall them... even now the firewire driver and bluetooth driver is not responding

faraz_k86 · 3 Weeks Ago

forgot to add the screenshot : /

faraz_k86 · 3 Weeks Ago

im sorry im double posting n all but i cant seem to edit my old posts.. but i thought id add that the drivers that are not working are giving me this error:

Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)

Click Troubleshoot to start the troubleshooter for this device.

Pancake · 3 Weeks Ago

I see no more malware problems.As for the warning from NOD It is an unfortunate choice of words for what it found but in brief but a Potentially unwanted tool is a applications that began as hacker tools or Trojans and has been now used by legitimate programs to help detect malware.They are not a threat.

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

ComboFix /u

Please read these for future reference it may save you future problems with malware:

http://www.pchelpforum.com/fixed-hij...afterwork.html
http://www.pchelpforum.com/fixed-hij...happening.html
http://www.pchelpforum.com/fixed-hij...-infected.html

3 Weeks Ago	#8
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 6,867 PC Experience: Elite PC Guru	Re: Something is wrong with my system..HJT lo And the Combofix..?? __________________ An Australian Member of and My real name is Eddy

3 Weeks Ago	#9
faraz_k86 Gold Member Join Date: Jan 2006 Posts: 300 PC Experience: Experienced	Re: Something is wrong with my system..HJT lo I already mentioned in my post that something is preventing me from downloading that.. any site that is hosting combofix wont open on my machine.. but something is still preventing me from opening the security sites like bleepingcomputer or the links u gave me... i just get a connection was reset error. maybe if you could upload it to mediafire or rapidshare.. maybe then it would work

3 Weeks Ago	#10
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 6,867 PC Experience: Elite PC Guru	Re: Something is wrong with my system..HJT lo Can you get it from another computer and then run it on yours ?? Also see if you can remove this file: C:\Docum ents and Settings\LocalService\ewakl.exe \s its a keylogger, __________________ An Australian Member of and My real name is Eddy Last edited by Pancake; 3 Weeks Ago at 05:14 AM.

3 Weeks Ago	#13
faraz_k86 Gold Member Join Date: Jan 2006 Posts: 300 PC Experience: Experienced	Re: Something is wrong with my system..HJT lo im sorry im double posting n all but i cant seem to edit my old posts.. but i thought id add that the drivers that are not working are giving me this error: Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Click Troubleshoot to start the troubleshooter for this device.

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
Wrong CMOS settings .(wrong date and time)	sgrin	Motherboards	3	10-02-2009 02:10 PM
Restore Full System Backup/System Recovery.	Jelly Bean	Windows 95, 98 & ME	0	02-09-2009 01:28 AM
Pending: Help!!! I installed the wrong system restore cd on my laptop	nell1217	Laptop Support	7	05-24-2008 11:15 PM
Information: Windows XP System File Checker - Check for corrupted system files!	chiaz	Windows Tutorials	1	09-29-2006 10:53 PM
when system/boot drive letter goes wrong	jonah	Windows XP/2000	6	02-22-2006 09:51 AM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode