Pending: Need help for Regedit - Page 3

DCiAdmin · 06-07-2009

Hello Pavan,

Have you tried to make a copy of the ComboFix.exe and then renamed the copy to xxxx.exe? You have malware on your system that may be able to prevent the running of some malware clean-up programs. Renaming the copied file will often get past that barrier.

Why do you need to 1st create a copy? Some malware requires a system reboot to rid the system of crud and then will start back up immediately following the reboot to complete the cleaning. If the actual file name isn't there, the program can't successfully restart.

EDIT:

Pavan,

I want to let you know that I am working your thread with a coworker in Singapore in order to insure that all of the nasties on your system are caught. Our reponses might be a bit slow at times, but that's due to the time zone differences. We will do our best to keep your issue moving right along and not to delay your system clean up. Thanks for entrusting this task to us!

pavanbl · 06-07-2009

Hi DCIAdmin,
Thanks for your prompt response. I do understand that it is very difficult for you to respond to me quickly. I really appreciate your dedication to help me. I had posted my problem in many other forums but I never got any response. I really don`t mind to wait until I get a response. Thanks once again.
Coming back to my problem. I had renamed your ComboFix.exe to Test.exe and it miraculously started working. After comprehensively scanning it had published the report, which I had copied below.

ComboFix 09-06-06.03 - Administrator 06/07/2009 17:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1486 [GMT 5.5:30]
Running from: f:\documents and settings\Administrator.HOME\Desktop\Utils\Test.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\Administrator.HOME\Application Data\wiaserva.log
f:\windows.0\regedit.com
f:\windows.0\system32\1037e.exe
f:\windows.0\system32\d3d10core.dll
f:\windows.0\system32\drivers\gxvxcbaqbdvbvdrcbjru hymitklloymepxeto.sys
f:\windows.0\system32\drivers\Msft_Kernel_ccdcmb_0 1007.Wdf
f:\windows.0\system32\drivers\MsftWdf_Kernel_01007 _Coinstaller_Critical.Wdf
f:\windows.0\system32\gxvxcblrstiqhewhgkolwxvrqgxj mkjlijrne.dll
f:\windows.0\system32\gxvxcnimpfbpixlxjcuqwmyfviqj xdwmunrjx.dll
f:\windows.0\system32\Ijl11.dll
f:\windows.0\system32\kernel32new.dll
f:\windows.0\system32\mfc45.dll
f:\windows.0\system32\msvcrtnew.dll
f:\windows.0\system32\tdwvuips.dll
f:\windows.0\system32\tdwvuips32.dll

Infected copy of f:\windows.0\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Legacy_webclientprotectedstorage
-------\Service_restore
-------\Service_WebClientProtectedStorage

((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-03 20:06 . 2009-06-03 20:06 20480 --sha-w- f:\windows.0\system32\acctress.dll
2009-06-03 05:04 . 2009-06-03 05:04 -------- d-----w- f:\windows.0\Open RegEdit
2009-06-03 04:28 . 2008-04-14 00:12 116224 ----a-w- f:\windows.0\system32\dllcache\xrxwiadr.dll
2009-06-03 04:28 . 2008-04-14 00:12 18944 ----a-w- f:\windows.0\system32\dllcache\xrxscnui.dll
2009-06-03 04:28 . 2001-08-17 17:07 4608 ----a-w- f:\windows.0\system32\dllcache\xrxflnch.exe
2009-06-03 04:28 . 2001-08-17 17:07 27648 ----a-w- f:\windows.0\system32\dllcache\xrxftplt.exe
2009-06-03 04:28 . 2001-08-17 17:06 23040 ----a-w- f:\windows.0\system32\dllcache\xrxwbtmp.dll
2009-06-03 04:28 . 2001-08-17 17:07 99865 ----a-w- f:\windows.0\system32\dllcache\xlog.exe
2009-06-03 04:28 . 2008-04-13 16:34 19455 ----a-w- f:\windows.0\system32\dllcache\wvchntxx.sys
2009-06-03 04:28 . 2001-08-17 06:41 16970 ----a-w- f:\windows.0\system32\dllcache\xem336n5.sys
2009-06-03 04:28 . 2008-04-13 18:46 19200 ----a-w- f:\windows.0\system32\dllcache\wstcodec.sys
2009-06-03 04:28 . 2008-04-14 00:12 8192 ----a-w- f:\windows.0\system32\dllcache\wshirda.dll
2009-06-03 04:28 . 2008-04-13 16:34 12063 ----a-w- f:\windows.0\system32\dllcache\wsiintxx.sys
2009-06-03 04:26 . 2001-08-17 08:37 30688 ----a-w- f:\windows.0\system32\dllcache\sym_u3.sys
2009-06-03 04:25 . 2008-04-13 18:56 30592 ----a-w- f:\windows.0\system32\dllcache\rndismpx.sys
2009-06-03 04:24 . 2008-04-14 10:00 40960 ----a-w- f:\windows.0\system32\dllcache\msiregmv.exe
2009-06-03 04:23 . 2001-08-17 17:06 372824 ----a-w- f:\windows.0\system32\dllcache\iconf32.dll
2009-06-03 04:22 . 2008-04-14 10:00 14848 ----a-w- f:\windows.0\system32\dllcache\flattemp.exe
2009-06-03 04:21 . 2001-08-17 17:06 53248 ----a-w- f:\windows.0\system32\dllcache\eqndiag.exe
2009-06-03 04:20 . 2008-04-13 18:46 17024 ----a-w- f:\windows.0\system32\dllcache\ccdecode.sys
2009-06-03 04:19 . 2008-04-13 18:36 42752 ----a-w- f:\windows.0\system32\dllcache\alim1541.sys
2009-06-02 19:25 . 2009-06-02 19:25 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab Setup Files
2009-06-02 18:37 . 2004-06-14 09:26 427864 ----a-w- f:\windows.0\system32\XceedZip.dll
2009-06-02 18:37 . 2009-06-02 18:37 -------- d-----w- f:\program files\Driver-Soft
2009-06-02 18:34 . 2008-04-14 10:00 4608 ----a-w- f:\windows.0\system32\regwiz.exe
2009-06-02 18:34 . 2008-04-14 10:00 4608 ----a-w- f:\windows.0\system32\dllcache\regwiz.exe
2009-06-02 18:34 . 2008-04-14 10:00 23040 ----a-w- f:\windows.0\system32\setup.exe
2009-06-02 18:34 . 2008-04-14 10:00 23040 ----a-w- f:\windows.0\system32\dllcache\setup.exe
2009-06-02 18:27 . 2009-06-02 18:27 -------- d-----w- f:\windows.0\Special Agent P. C. Secure
2009-06-01 05:33 . 2009-06-01 05:33 2560 ----a-w- f:\windows.0\_MSRSTRT.EXE
2009-06-01 05:17 . 2009-06-01 05:17 -------- d-----w- f:\program files\Stardock
2009-06-01 05:17 . 2007-07-11 09:36 42672 ------w- f:\windows.0\system32\wbsys.dll
2009-06-01 05:13 . 2008-04-14 10:00 27648 --s-a-r- f:\documents and settings\Administrator.HOME\Application Data\TuneUp Software\TuneUp Utilities\StartUp Manager\Disabled objects\rncsys32.exe
2009-05-31 15:40 . 2009-05-31 15:40 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo!
2009-05-31 15:40 . 2009-05-31 15:40 -------- d-----w- f:\program files\Yahoo!
2009-05-31 15:11 . 2009-06-03 20:06 89 --s-a-w- f:\windows.0\system32\607470859.dat
2009-05-31 07:52 . 2009-05-31 07:52 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\SRS Labs
2009-05-31 07:52 . 2009-05-31 07:52 -------- d-----w- f:\documents and settings\Administrator.HOME\Local Settings\Application Data\SRS Labs
2009-05-31 07:51 . 2007-07-26 03:55 39808 ----a-r- f:\windows.0\system32\drivers\SRS_SSCFilter_i386.s ys
2009-05-31 07:51 . 2007-07-26 03:55 42112 ----a-r- f:\windows.0\system32\drivers\csiidecoder_kern_i38 6.sys
2009-05-31 07:51 . 2007-07-26 03:55 47360 ----a-r- f:\windows.0\system32\drivers\Surroundhp_kern_i386 .sys
2009-05-31 07:51 . 2007-07-26 03:55 47104 ----a-r- f:\windows.0\system32\drivers\tshd4_kern_i386.sys
2009-05-31 07:51 . 2007-07-26 03:55 32000 ----a-r- f:\windows.0\system32\drivers\wowhd_kern_i386.sys
2009-05-31 07:51 . 2009-05-31 07:51 -------- d-----w- f:\program files\SRS Labs
2009-05-31 06:02 . 2009-05-31 06:02 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\TuneUp Software
2009-05-31 06:02 . 2009-05-31 06:02 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\TuneUp Software
2009-05-31 06:02 . 2009-05-31 06:02 -------- d-sh--w- f:\documents and settings\All Users.WINDOWS.0\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-30 20:42 . 2009-05-30 20:42 -------- d-----w- f:\program files\Computer Zone
2009-05-30 12:58 . 2009-05-30 12:58 -------- d-----w- f:\program files\BandwidthMonitor
2009-05-29 05:06 . 2002-12-31 10:37 263749 ----a-w- f:\windows.0\system32\drivers\CVPNDrv.sys
2009-05-27 12:05 . 2009-05-27 12:05 -------- d-----w- f:\program files\Google
2009-05-27 09:49 . 2009-05-27 09:49 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\PlayPond
2009-05-27 09:49 . 2009-05-27 09:49 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Trymedia
2009-05-26 04:24 . 2009-05-26 04:24 -------- d-----w- f:\documents and settings\Administrator.HOME\Local Settings\Application Data\Google
2009-05-25 06:01 . 2009-05-25 06:01 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\DFX
2009-05-25 06:01 . 2009-05-25 06:01 -------- d-----w- f:\documents and settings\Administrator.HOME\Local Settings\Application Data\DFX
2009-05-24 19:54 . 2009-05-24 19:54 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\NCH Swift Sound
2009-05-24 19:54 . 2009-05-24 19:54 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\NCH Swift Sound
2009-05-24 11:32 . 2009-05-24 11:32 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\eXPert PDF Editor
2009-05-23 12:23 . 2009-05-23 12:23 -------- d-----w- f:\program files\AGEIA Technologies
2009-05-23 12:23 . 2009-05-23 12:23 -------- d-----w- f:\windows.0\system32\AGEIA
2009-05-23 12:23 . 2009-05-25 06:01 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard
2009-05-23 06:02 . 2009-05-23 06:02 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Ubisoft
2009-05-23 06:02 . 2009-05-23 06:02 -------- d-----w- f:\documents and settings\Administrator.HOME\Local Settings\Application Data\Ubisoft
2009-05-23 04:08 . 2009-05-23 04:08 0 ----a-w- f:\documents and settings\Administrator.HOME\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-05-23 04:08 . 2007-03-22 10:46 126976 ----a-w- f:\documents and settings\Administrator.HOME\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2009-05-22 17:15 . 2009-05-22 17:15 -------- d-s---w- f:\documents and settings\Administrator.HOME\UserData
2009-05-22 16:15 . 2009-05-22 16:15 -------- d-s---w- f:\windows.0\system32\config\systemprofile\UserDat a
2009-05-21 19:26 . 2009-05-22 04:51 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\PC Suite
2009-05-21 19:26 . 2009-05-21 19:28 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\PC Suite
2009-05-21 19:23 . 2009-02-09 02:07 7808 ----a-w- f:\windows.0\system32\drivers\usbser_lowerfltj.sys
2009-05-21 19:23 . 2009-02-09 02:07 7808 ----a-w- f:\windows.0\system32\drivers\usbser_lowerflt.sys
2009-05-21 19:23 . 2009-02-09 02:07 659968 ----a-w- f:\windows.0\system32\nmwcdcocls.dll
2009-05-21 19:23 . 2009-02-09 02:07 22016 ----a-w- f:\windows.0\system32\drivers\ccdcmbo.sys
2009-05-21 19:23 . 2009-02-09 02:07 17664 ----a-w- f:\windows.0\system32\drivers\ccdcmb.sys
2009-05-21 19:23 . 2009-02-09 02:02 1112288 ----a-w- f:\windows.0\system32\wdfcoinstaller01007.dll
2009-05-21 19:23 . 2009-05-12 20:22 34396584 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng_web.exe
2009-05-21 19:23 . 2009-05-21 19:23 8192 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst CCD.exe
2009-05-21 19:23 . 2009-05-21 19:23 61440 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-05-21 19:23 . 2009-05-21 19:23 10240 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCS.exe
2009-05-21 16:03 . 2009-05-21 16:03 -------- d-----w- f:\windows.0\system32\xircom
2009-05-21 16:03 . 2009-05-21 16:03 -------- d-----w- f:\windows.0\system32\wbem\snmp
2009-05-21 16:03 . 2009-05-21 16:03 -------- d-----w- f:\program files\microsoft frontpage
2009-05-21 06:28 . 2009-05-21 06:28 -------- d-----w- f:\program files\ffdshow
2009-05-21 06:19 . 2009-05-21 06:19 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\vlc
2009-05-21 04:37 . 2009-06-03 19:00 -------- d---a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP
2009-05-20 18:59 . 2009-05-20 18:59 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Nokia
2009-05-20 18:43 . 2008-04-13 18:45 26112 ----a-w- f:\windows.0\system32\drivers\usbser.sys
2009-05-20 18:43 . 2008-04-13 18:45 26112 ----a-w- f:\windows.0\system32\dllcache\usbser.sys
2009-05-20 18:43 . 2008-03-21 08:27 14640 ------w- f:\windows.0\system32\spmsgXP_2k3.dll
2009-05-20 18:31 . 2009-05-20 18:29 33642704 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_web.exe
2009-05-20 18:31 . 2009-05-20 18:31 8192 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\Uninst CCD.exe
2009-05-20 18:31 . 2009-05-20 18:31 61440 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-05-20 18:31 . 2009-05-20 18:31 10240 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\Uninst PCS.exe
2009-05-20 18:10 . 2008-04-13 18:45 26368 ----a-w- f:\windows.0\system32\dllcache\usbstor.sys
2009-05-20 17:54 . 2009-05-20 17:54 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\NokiaMusic
2009-05-20 17:52 . 2009-05-20 17:53 -------- d-----w- F:\a568eb02bc107d62a7ab7462f4ff
2009-05-20 17:52 . 2009-05-22 04:51 -------- d-----w- f:\windows.0\system32\drivers\UMDF
2009-05-20 17:52 . 2009-05-20 17:52 -------- d-----w- f:\windows.0\system32\LogFiles
2009-05-20 17:52 . 2009-05-20 17:52 -------- d-----w- F:\e25f8d1186b98eab2b5e53
2009-05-20 17:41 . 2008-03-21 08:27 23856 ----a-w- f:\windows.0\system32\spupdsvc.exe
2009-05-20 17:41 . 2006-06-29 07:37 14048 ------w- f:\windows.0\system32\spmsg2.dll
2009-05-20 17:38 . 2009-05-20 17:51 -------- d-----w- F:\9824dee6b021ed1462
2009-05-20 17:37 . 2009-05-20 17:37 -------- d-sh--w- f:\windows.0\ftpcache
2009-05-20 17:28 . 2009-05-23 14:45 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\Nokia
2009-05-20 17:27 . 2008-08-26 03:56 18816 ----a-w- f:\windows.0\system32\drivers\pccsmcfd.sys
2009-05-20 17:27 . 2008-05-07 02:09 1419232 ----a-w- f:\windows.0\system32\wdfcoinstaller01005.dll
2009-05-20 17:27 . 2008-02-01 09:47 90624 ----a-w- f:\windows.0\system32\nmwcdcls.dll
2009-05-20 17:27 . 2008-07-22 16:08 35814576 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Nokia_PC_Suite_rel_7_0_7_0_eng_web.e xe
2009-05-20 17:27 . 2009-05-20 17:27 8192 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\Uninst CCD.exe
2009-05-20 17:27 . 2009-05-20 17:27 61440 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-05-20 17:27 . 2009-05-20 17:27 10240 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\Uninst PCS.exe
2009-05-20 17:26 . 2009-05-21 19:23 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations
2009-05-20 17:25 . 2002-02-20 08:03 113900 ----a-w- f:\windows.0\system32\dneinobj.dll
2009-05-20 17:25 . 2002-01-09 10:40 128380 ----a-w- f:\windows.0\system32\drivers\dne2000.sys
2009-05-20 17:25 . 2002-12-31 10:36 122944 ----a-w- f:\windows.0\system32\CSGina.dll
2009-05-20 17:24 . 2001-07-16 11:34 315904 ----a-w- f:\windows.0\IsUninst.exe
2009-05-20 17:24 . 2009-05-20 17:24 -------- d-----w- f:\documents and settings\Administrator.HOME\WINDOWS
2009-05-20 17:07 . 2009-05-20 17:07 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\iolo
2009-05-20 17:07 . 2009-05-20 17:07 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\iolo
2009-05-20 17:06 . 2009-05-20 17:06 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\Winamp
2009-05-20 16:55 . 2006-10-18 00:31 363008 ----a-r- f:\windows.0\system32\idecoiins.dll
2009-05-20 16:55 . 2006-10-05 00:35 35840 ----a-r- f:\windows.0\system32\NVCOI.DLL
2009-05-20 16:55 . 2006-10-05 00:35 356352 ------w- f:\windows.0\system32\nvuide.exe
2009-05-20 16:55 . 2006-10-18 00:31 363008 ----a-r- f:\windows.0\system32\idecoi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-07 12:30 . 2008-04-14 10:00 182656 ----a-w- f:\windows.0\system32\drivers\ndis.sys
2009-06-02 18:31 . 2009-05-03 15:54 -------- d-----w- f:\program files\DaemonTools
2009-06-02 18:27 . 2009-06-02 18:27 -------- d-sh--w- f:\windows.0\Fonts\Vault
2009-05-31 06:15 . 2009-05-19 18:33 71472 ----a-w- f:\documents and settings\Administrator.HOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 21:09 . 2009-05-19 18:27 86339 ----a-w- f:\windows.0\pchealth\helpctr\OfflineCache\index.d at
2009-05-29 05:06 . 2009-05-14 05:54 -------- d-----w- f:\program files\Cisco Systems
2009-05-25 06:01 . 2009-05-03 16:09 -------- d-----w- f:\program files\Dfx
2009-05-24 20:16 . 2009-05-14 17:54 -------- d-----w- f:\program files\Total Video Converter
2009-05-24 19:54 . 2009-05-09 07:21 -------- d-----w- f:\program files\NCH Swift Sound
2009-05-24 12:10 . 2009-05-10 15:00 -------- d-----w- f:\program files\Nokia
2009-05-21 19:24 . 2009-05-13 03:48 -------- d-----w- f:\program files\Common Files\PCSuite
2009-05-21 19:24 . 2009-05-13 03:47 -------- d-----w- f:\program files\PC Connectivity Solution
2009-05-21 06:22 . 2009-05-19 01:37 -------- d-----w- f:\program files\MPlayer
2009-05-20 17:41 . 2009-05-03 16:31 -------- d-----w- f:\program files\MSBuild
2009-05-20 16:43 . 2009-05-04 06:29 -------- d-----w- f:\program files\Hide Files and Folders
2009-05-19 20:52 . 2009-05-19 20:52 0 ----a-w- f:\windows.0\nsreg.dat
2009-05-19 18:46 . 2009-05-19 18:46 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\InstallShield
2009-05-19 18:42 . 2009-05-19 18:42 312098 ----a-w- f:\windows.0\HideWin.exe
2009-05-19 18:38 . 2009-05-03 15:45 -------- d-----w- f:\program files\Unlocker
2009-05-19 18:35 . 2009-05-19 18:35 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\GRETECH
2009-05-19 18:35 . 2009-05-19 18:35 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\GRETECH
2009-05-19 18:35 . 2009-05-19 18:35 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\BurstCopy Labs
2009-05-19 18:33 . 2009-05-19 18:33 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Azureus
2009-05-19 18:25 . 2009-05-19 18:25 21640 ----a-w- f:\windows.0\system32\emptyregdb.dat
2009-05-19 18:25 . 2009-05-03 15:45 -------- d-----w- f:\program files\Microsoft PowerToys
2009-05-19 18:25 . 2009-05-03 15:45 -------- d-----w- f:\program files\HashTab Shell Extension
2009-05-19 01:39 . 2009-05-03 16:59 -------- d-----w- f:\program files\K-Lite Codec Pack
2009-05-17 09:21 . 2009-05-17 09:21 -------- d-----w- f:\program files\Common Files\PocketSoft
2009-05-17 09:19 . 2009-05-03 16:02 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-05-14 05:54 . 2009-05-14 05:54 -------- d-----w- f:\program files\Common Files\Deterministic Networks
2009-05-14 05:53 . 2009-05-03 16:02 -------- d-----w- f:\program files\Common Files\InstallShield
2009-05-14 05:52 . 2009-05-14 05:52 -------- d-----w- f:\program files\Citrix
2009-05-13 19:49 . 2009-05-13 03:47 -------- d-----w- f:\program files\Common Files\Nokia
2009-05-13 19:49 . 2009-05-13 19:49 -------- d-----w- f:\program files\MSXML 6.0
2009-05-13 19:41 . 2009-05-13 19:40 -------- d-----w- f:\program files\Common Files\Ulead Systems
2009-05-13 19:41 . 2009-05-13 19:41 -------- d-----w- f:\program files\Windows Media Components
2009-05-13 19:40 . 2009-05-13 19:40 -------- d-----w- f:\program files\Ulead Systems
2009-05-12 05:53 . 2009-05-12 05:51 -------- d-----w- f:\program files\Common Files\Nero
2009-05-12 05:51 . 2009-05-12 05:51 -------- d-----w- f:\program files\Nero
2009-05-09 13:35 . 2009-05-05 19:24 -------- d-----w- f:\program files\Azureus
2009-05-05 04:10 . 2009-05-05 04:10 -------- d-----w- f:\program files\Microsoft Office Communicator
2009-05-03 17:34 . 2009-05-03 17:34 -------- d-----w- f:\program files\OpenAL
2009-05-03 17:11 . 2009-05-03 17:05 -------- d-----w- f:\program files\Symantec
2009-05-03 17:11 . 2009-05-03 17:05 -------- d-----w- f:\program files\Common Files\Symantec Shared
2009-05-03 17:01 . 2009-05-03 17:01 -------- d-----w- f:\program files\VideoLAN
2009-05-03 16:41 . 2009-05-03 16:38 -------- d-----w- f:\program files\Common Files\Adobe
2009-05-03 16:41 . 2009-05-03 16:41 -------- d-----w- f:\program files\Common Files\Macrovision Shared
2009-05-03 16:31 . 2009-05-03 16:31 -------- d-----w- f:\program files\Microsoft Works
2009-05-03 16:23 . 2009-05-03 16:09 -------- d-----w- f:\program files\Winamp
2009-05-03 16:17 . 2009-05-03 16:17 -------- d-----w- f:\program files\GRETECH
2009-05-03 16:16 . 2009-05-03 16:16 -------- d-----w- f:\program files\MSConfig CleanUp
2009-05-03 16:07 . 2009-05-03 16:07 -------- d-----w- f:\program files\BurstCopy
2009-05-03 16:04 . 2009-05-03 16:04 -------- d-----w- f:\program files\AMD
2009-05-03 16:02 . 2009-05-03 16:02 -------- d-----w- f:\program files\Realtek
2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\SmartBuster
2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\CachemanXP
2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\Oberon Media
2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\Mystery Legends Sleepy Hollow
2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\KGB Archiver
2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\DIFX
2009-04-05 18:48 . 2009-04-05 18:48 23 --sha-w- f:\windows.0\system32\cdcfafca7.dat
2009-04-05 05:59 . 2009-05-19 18:39 11 --sha-r- f:\documents and settings\All Users.WINDOWS.0\Application Data\BurstCopy Labs\BurstCopy\Data\B9C9BE9B.sys
2009-03-27 02:44 . 2009-05-19 23:52 453152 ----a-w- f:\windows.0\system32\nvuninst.exe
2008-03-09 01:55 . 2009-05-23 12:37 236 ----a-w- f:\program files\Common Files\dx.reg
2008-08-16 12:12 . 2008-08-16 12:12 13112 ----a-w- f:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 12:12 . 2008-08-16 12:12 70456 ----a-w- f:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 12:12 . 2008-08-16 12:12 91448 ----a-w- f:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 12:12 . 2008-08-16 12:12 20800 ----a-w- f:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 12:13 . 2008-08-16 12:13 206136 ----a-w- f:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 12:12 . 2008-08-16 12:12 31032 ----a-w- f:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 12:12 . 2008-08-16 12:12 40248 ----a-w- f:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 03:11 . 2008-05-21 03:11 479232 ----a-w- f:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 03:11 . 2008-05-21 03:11 548864 ----a-w- f:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 03:11 . 2008-05-21 03:11 626688 ----a-w- f:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 08:28 . 2008-06-05 08:28 648504 ----a-w- f:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 12:12 . 2008-08-16 12:12 23864 ----a-w- f:\program files\mozilla firefox\plugins\TcpPServ.dll
.

------- Sigcheck -------

[-] 2008-12-30 04:52 361600 5AE1C2695F6523AD98B948F2887D8C5E f:\windows.0\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="f:\windows.0\system32\ctfmon.exe " [2008-04-14 15360]
"SRS Audio Sandbox"="f:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-05-31 3215360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="f:\windows.0\system32\NvCpl.dll " [2009-03-27 13684736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_3"="advpack.dll" - f:\windows.0\system32\advpack.dll [2008-04-14 99840]

f:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - f:\program files\Cisco Systems\VPN Client\ipsecdialer.exe [2009-5-29 1269834]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\FDCENT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\HideFilesAndFolders_S]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"f:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"f:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R1 FDCENT;FDCENT;f:\windows.0\system32\drivers\FDCENT .SYS [5/20/2009 10:12 PM 47470]
R2 CVPNDRV;Cisco Systems IPsec Driver;f:\windows.0\system32\drivers\CVPNDrv.sys [5/29/2009 10:36 AM 263749]
S1 2e89eb79;2e89eb79;f:\windows.0\system32\drivers\2e 89eb79.sys --> f:\windows.0\system32\drivers\2e89eb79.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://85.114.141.207/meds/
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - f:\documents and settings\Administrator.HOME\Application Data\Mozilla\Firefox\Profiles\i8z24rx2.default\
FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJava11.dll
FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJava12.dll
FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJava13.dll
FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJava14.dll
FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJava32.dll
FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJPI150_16.dll
FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPOJI610.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npicaN.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-07 18:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1220)
f:\windows.0\system32\msi.dll
f:\windows.0\system32\WPDShServiceObj.dll
f:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
f:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
f:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
f:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
f:\windows.0\system32\PortableDeviceTypes.dll
f:\windows.0\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Cisco Systems\VPN Client\cvpnd.exe
f:\windows.0\system32\nvsvc32.exe
.
************************************************** ************************
.
Completion time: 2009-06-07 18:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-07 12:33

Pre-Run: 16,292,974,592 bytes free
Post-Run: 16,485,298,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOW S.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS.0="Mic rosoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff /usepmtimer
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff /usepmtimer

Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
352

Waiting for your reply.

-Pavan Kumar

pavanbl · 06-07-2009

Hi DCIAdmin,
You know what. You ppl are amazing. With that ComboFix.exe tool, it removed all the malaware in PC. Now I installed the antivirus and it is working absolutely fine now. But I would request you to please analyze the logs I copied so that I want to make sure that there is no other prbs. Thanks a ton. :-)

DCiAdmin · 06-07-2009

Now we're getting somewhere! Good job getting that to run. And you're right - it did remove MUCH malware, but only a thorough analysis will tell us if it removed all.

I have a family reunion today and will be out much of the day. I'll work on this the minute I get home.

Thank you for your patience!

pavanbl · 06-08-2009

Hi DCIAdmin,
I am sorry to bother you again. But now my sys is completely screwed up. After installing Kaspersky antivirus. It scanned the whole PC. After that I restarted my PC. Since then my PC won`t start not even safe boot. After the windows logo, it will say "loading your personal settings" and quickly after that it says "Saving your setting" "loggin off" and again it repeats the the loading the settings thing. This keeps on going again and again. Nothing is working now. I even tried recovery console but no go. Please help.

DCiAdmin · 06-08-2009

Pavan,

You installed Kaspersky after I had you run ComboFix? Let me check with a coworker that knows the Kaspersky software - perhaps they have run into this before.

I'll be back with you as soon as I have some answers......

chiaz · 06-08-2009

Hello pavan.

If you can go beyond the Windows logo, why can't you boot to Safe Mode?

06-07-2009	#15
DCiAdmin Tech Team Leader Join Date: Sep 2008 Location: Heart of the US Midwest Posts: 6,179 PC Experience: Perpetual Student	Re: Need help for Regedit Hello Pavan, Have you tried to make a copy of the ComboFix.exe and then renamed the copy to xxxx.exe? You have malware on your system that may be able to prevent the running of some malware clean-up programs. Renaming the copied file will often get past that barrier. Why do you need to 1st create a copy? Some malware requires a system reboot to rid the system of crud and then will start back up immediately following the reboot to complete the cleaning. If the actual file name isn't there, the program can't successfully restart. EDIT: Pavan, I want to let you know that I am working your thread with a coworker in Singapore in order to insure that all of the nasties on your system are caught. Our reponses might be a bit slow at times, but that's due to the time zone differences. We will do our best to keep your issue moving right along and not to delay your system clean up. Thanks for entrusting this task to us! __________________ DCiAdmin *PCHF Rules* / *PreWork* / *AfterWork* / *PCHF Downloads* / *System File Checker* Thank you for entrusting your system to PCHF! Last edited by DCiAdmin; 06-07-2009 at 08:38 AM.

06-07-2009	#16
pavanbl Bronze Member Join Date: Apr 2009 Posts: 18 PC Experience: Experienced	Re: Need help for Regedit Hi DCIAdmin, Thanks for your prompt response. I do understand that it is very difficult for you to respond to me quickly. I really appreciate your dedication to help me. I had posted my problem in many other forums but I never got any response. I really don`t mind to wait until I get a response. Thanks once again. Coming back to my problem. I had renamed your ComboFix.exe to Test.exe and it miraculously started working. After comprehensively scanning it had published the report, which I had copied below. ComboFix 09-06-06.03 - Administrator 06/07/2009 17:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1486 [GMT 5.5:30] Running from: f:\documents and settings\Administrator.HOME\Desktop\Utils\Test.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . f:\documents and settings\Administrator.HOME\Application Data\wiaserva.log f:\windows.0\regedit.com f:\windows.0\system32\1037e.exe f:\windows.0\system32\d3d10core.dll f:\windows.0\system32\drivers\gxvxcbaqbdvbvdrcbjru hymitklloymepxeto.sys f:\windows.0\system32\drivers\Msft_Kernel_ccdcmb_0 1007.Wdf f:\windows.0\system32\drivers\MsftWdf_Kernel_01007 _Coinstaller_Critical.Wdf f:\windows.0\system32\gxvxcblrstiqhewhgkolwxvrqgxj mkjlijrne.dll f:\windows.0\system32\gxvxcnimpfbpixlxjcuqwmyfviqj xdwmunrjx.dll f:\windows.0\system32\Ijl11.dll f:\windows.0\system32\kernel32new.dll f:\windows.0\system32\mfc45.dll f:\windows.0\system32\msvcrtnew.dll f:\windows.0\system32\tdwvuips.dll f:\windows.0\system32\tdwvuips32.dll Infected copy of f:\windows.0\system32\drivers\ndis.sys was found and disinfected Restored copy from - The cat ate it . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_GXVXCSERV.SYS -------\Legacy_webclientprotectedstorage -------\Service_restore -------\Service_WebClientProtectedStorage ((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 ))))))))))))))))))))))))))))))) . 2009-06-03 20:06 . 2009-06-03 20:06 20480 --sha-w- f:\windows.0\system32\acctress.dll 2009-06-03 05:04 . 2009-06-03 05:04 -------- d-----w- f:\windows.0\Open RegEdit 2009-06-03 04:28 . 2008-04-14 00:12 116224 ----a-w- f:\windows.0\system32\dllcache\xrxwiadr.dll 2009-06-03 04:28 . 2008-04-14 00:12 18944 ----a-w- f:\windows.0\system32\dllcache\xrxscnui.dll 2009-06-03 04:28 . 2001-08-17 17:07 4608 ----a-w- f:\windows.0\system32\dllcache\xrxflnch.exe 2009-06-03 04:28 . 2001-08-17 17:07 27648 ----a-w- f:\windows.0\system32\dllcache\xrxftplt.exe 2009-06-03 04:28 . 2001-08-17 17:06 23040 ----a-w- f:\windows.0\system32\dllcache\xrxwbtmp.dll 2009-06-03 04:28 . 2001-08-17 17:07 99865 ----a-w- f:\windows.0\system32\dllcache\xlog.exe 2009-06-03 04:28 . 2008-04-13 16:34 19455 ----a-w- f:\windows.0\system32\dllcache\wvchntxx.sys 2009-06-03 04:28 . 2001-08-17 06:41 16970 ----a-w- f:\windows.0\system32\dllcache\xem336n5.sys 2009-06-03 04:28 . 2008-04-13 18:46 19200 ----a-w- f:\windows.0\system32\dllcache\wstcodec.sys 2009-06-03 04:28 . 2008-04-14 00:12 8192 ----a-w- f:\windows.0\system32\dllcache\wshirda.dll 2009-06-03 04:28 . 2008-04-13 16:34 12063 ----a-w- f:\windows.0\system32\dllcache\wsiintxx.sys 2009-06-03 04:26 . 2001-08-17 08:37 30688 ----a-w- f:\windows.0\system32\dllcache\sym_u3.sys 2009-06-03 04:25 . 2008-04-13 18:56 30592 ----a-w- f:\windows.0\system32\dllcache\rndismpx.sys 2009-06-03 04:24 . 2008-04-14 10:00 40960 ----a-w- f:\windows.0\system32\dllcache\msiregmv.exe 2009-06-03 04:23 . 2001-08-17 17:06 372824 ----a-w- f:\windows.0\system32\dllcache\iconf32.dll 2009-06-03 04:22 . 2008-04-14 10:00 14848 ----a-w- f:\windows.0\system32\dllcache\flattemp.exe 2009-06-03 04:21 . 2001-08-17 17:06 53248 ----a-w- f:\windows.0\system32\dllcache\eqndiag.exe 2009-06-03 04:20 . 2008-04-13 18:46 17024 ----a-w- f:\windows.0\system32\dllcache\ccdecode.sys 2009-06-03 04:19 . 2008-04-13 18:36 42752 ----a-w- f:\windows.0\system32\dllcache\alim1541.sys 2009-06-02 19:25 . 2009-06-02 19:25 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab Setup Files 2009-06-02 18:37 . 2004-06-14 09:26 427864 ----a-w- f:\windows.0\system32\XceedZip.dll 2009-06-02 18:37 . 2009-06-02 18:37 -------- d-----w- f:\program files\Driver-Soft 2009-06-02 18:34 . 2008-04-14 10:00 4608 ----a-w- f:\windows.0\system32\regwiz.exe 2009-06-02 18:34 . 2008-04-14 10:00 4608 ----a-w- f:\windows.0\system32\dllcache\regwiz.exe 2009-06-02 18:34 . 2008-04-14 10:00 23040 ----a-w- f:\windows.0\system32\setup.exe 2009-06-02 18:34 . 2008-04-14 10:00 23040 ----a-w- f:\windows.0\system32\dllcache\setup.exe 2009-06-02 18:27 . 2009-06-02 18:27 -------- d-----w- f:\windows.0\Special Agent P. C. Secure 2009-06-01 05:33 . 2009-06-01 05:33 2560 ----a-w- f:\windows.0\_MSRSTRT.EXE 2009-06-01 05:17 . 2009-06-01 05:17 -------- d-----w- f:\program files\Stardock 2009-06-01 05:17 . 2007-07-11 09:36 42672 ------w- f:\windows.0\system32\wbsys.dll 2009-06-01 05:13 . 2008-04-14 10:00 27648 --s-a-r- f:\documents and settings\Administrator.HOME\Application Data\TuneUp Software\TuneUp Utilities\StartUp Manager\Disabled objects\rncsys32.exe 2009-05-31 15:40 . 2009-05-31 15:40 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Yahoo! 2009-05-31 15:40 . 2009-05-31 15:40 -------- d-----w- f:\program files\Yahoo! 2009-05-31 15:11 . 2009-06-03 20:06 89 --s-a-w- f:\windows.0\system32\607470859.dat 2009-05-31 07:52 . 2009-05-31 07:52 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\SRS Labs 2009-05-31 07:52 . 2009-05-31 07:52 -------- d-----w- f:\documents and settings\Administrator.HOME\Local Settings\Application Data\SRS Labs 2009-05-31 07:51 . 2007-07-26 03:55 39808 ----a-r- f:\windows.0\system32\drivers\SRS_SSCFilter_i386.s ys 2009-05-31 07:51 . 2007-07-26 03:55 42112 ----a-r- f:\windows.0\system32\drivers\csiidecoder_kern_i38 6.sys 2009-05-31 07:51 . 2007-07-26 03:55 47360 ----a-r- f:\windows.0\system32\drivers\Surroundhp_kern_i386 .sys 2009-05-31 07:51 . 2007-07-26 03:55 47104 ----a-r- f:\windows.0\system32\drivers\tshd4_kern_i386.sys 2009-05-31 07:51 . 2007-07-26 03:55 32000 ----a-r- f:\windows.0\system32\drivers\wowhd_kern_i386.sys 2009-05-31 07:51 . 2009-05-31 07:51 -------- d-----w- f:\program files\SRS Labs 2009-05-31 06:02 . 2009-05-31 06:02 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\TuneUp Software 2009-05-31 06:02 . 2009-05-31 06:02 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\TuneUp Software 2009-05-31 06:02 . 2009-05-31 06:02 -------- d-sh--w- f:\documents and settings\All Users.WINDOWS.0\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-05-30 20:42 . 2009-05-30 20:42 -------- d-----w- f:\program files\Computer Zone 2009-05-30 12:58 . 2009-05-30 12:58 -------- d-----w- f:\program files\BandwidthMonitor 2009-05-29 05:06 . 2002-12-31 10:37 263749 ----a-w- f:\windows.0\system32\drivers\CVPNDrv.sys 2009-05-27 12:05 . 2009-05-27 12:05 -------- d-----w- f:\program files\Google 2009-05-27 09:49 . 2009-05-27 09:49 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\PlayPond 2009-05-27 09:49 . 2009-05-27 09:49 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Trymedia 2009-05-26 04:24 . 2009-05-26 04:24 -------- d-----w- f:\documents and settings\Administrator.HOME\Local Settings\Application Data\Google 2009-05-25 06:01 . 2009-05-25 06:01 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\DFX 2009-05-25 06:01 . 2009-05-25 06:01 -------- d-----w- f:\documents and settings\Administrator.HOME\Local Settings\Application Data\DFX 2009-05-24 19:54 . 2009-05-24 19:54 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\NCH Swift Sound 2009-05-24 19:54 . 2009-05-24 19:54 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\NCH Swift Sound 2009-05-24 11:32 . 2009-05-24 11:32 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\eXPert PDF Editor 2009-05-23 12:23 . 2009-05-23 12:23 -------- d-----w- f:\program files\AGEIA Technologies 2009-05-23 12:23 . 2009-05-23 12:23 -------- d-----w- f:\windows.0\system32\AGEIA 2009-05-23 12:23 . 2009-05-25 06:01 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard 2009-05-23 06:02 . 2009-05-23 06:02 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Ubisoft 2009-05-23 06:02 . 2009-05-23 06:02 -------- d-----w- f:\documents and settings\Administrator.HOME\Local Settings\Application Data\Ubisoft 2009-05-23 04:08 . 2009-05-23 04:08 0 ----a-w- f:\documents and settings\Administrator.HOME\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe 2009-05-23 04:08 . 2007-03-22 10:46 126976 ----a-w- f:\documents and settings\Administrator.HOME\Application Data\GRETECH\GomPlayer\GrLauncher.exe 2009-05-22 17:15 . 2009-05-22 17:15 -------- d-s---w- f:\documents and settings\Administrator.HOME\UserData 2009-05-22 16:15 . 2009-05-22 16:15 -------- d-s---w- f:\windows.0\system32\config\systemprofile\UserDat a 2009-05-21 19:26 . 2009-05-22 04:51 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\PC Suite 2009-05-21 19:26 . 2009-05-21 19:28 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\PC Suite 2009-05-21 19:23 . 2009-02-09 02:07 7808 ----a-w- f:\windows.0\system32\drivers\usbser_lowerfltj.sys 2009-05-21 19:23 . 2009-02-09 02:07 7808 ----a-w- f:\windows.0\system32\drivers\usbser_lowerflt.sys 2009-05-21 19:23 . 2009-02-09 02:07 659968 ----a-w- f:\windows.0\system32\nmwcdcocls.dll 2009-05-21 19:23 . 2009-02-09 02:07 22016 ----a-w- f:\windows.0\system32\drivers\ccdcmbo.sys 2009-05-21 19:23 . 2009-02-09 02:07 17664 ----a-w- f:\windows.0\system32\drivers\ccdcmb.sys 2009-05-21 19:23 . 2009-02-09 02:02 1112288 ----a-w- f:\windows.0\system32\wdfcoinstaller01007.dll 2009-05-21 19:23 . 2009-05-12 20:22 34396584 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng_web.exe 2009-05-21 19:23 . 2009-05-21 19:23 8192 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst CCD.exe 2009-05-21 19:23 . 2009-05-21 19:23 61440 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe 2009-05-21 19:23 . 2009-05-21 19:23 10240 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCS.exe 2009-05-21 16:03 . 2009-05-21 16:03 -------- d-----w- f:\windows.0\system32\xircom 2009-05-21 16:03 . 2009-05-21 16:03 -------- d-----w- f:\windows.0\system32\wbem\snmp 2009-05-21 16:03 . 2009-05-21 16:03 -------- d-----w- f:\program files\microsoft frontpage 2009-05-21 06:28 . 2009-05-21 06:28 -------- d-----w- f:\program files\ffdshow 2009-05-21 06:19 . 2009-05-21 06:19 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\vlc 2009-05-21 04:37 . 2009-06-03 19:00 -------- d---a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\TEMP 2009-05-20 18:59 . 2009-05-20 18:59 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Nokia 2009-05-20 18:43 . 2008-04-13 18:45 26112 ----a-w- f:\windows.0\system32\drivers\usbser.sys 2009-05-20 18:43 . 2008-04-13 18:45 26112 ----a-w- f:\windows.0\system32\dllcache\usbser.sys 2009-05-20 18:43 . 2008-03-21 08:27 14640 ------w- f:\windows.0\system32\spmsgXP_2k3.dll 2009-05-20 18:31 . 2009-05-20 18:29 33642704 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_eng_web.exe 2009-05-20 18:31 . 2009-05-20 18:31 8192 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\Uninst CCD.exe 2009-05-20 18:31 . 2009-05-20 18:31 61440 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe 2009-05-20 18:31 . 2009-05-20 18:31 10240 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\Uninst PCS.exe 2009-05-20 18:10 . 2008-04-13 18:45 26368 ----a-w- f:\windows.0\system32\dllcache\usbstor.sys 2009-05-20 17:54 . 2009-05-20 17:54 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\NokiaMusic 2009-05-20 17:52 . 2009-05-20 17:53 -------- d-----w- F:\a568eb02bc107d62a7ab7462f4ff 2009-05-20 17:52 . 2009-05-22 04:51 -------- d-----w- f:\windows.0\system32\drivers\UMDF 2009-05-20 17:52 . 2009-05-20 17:52 -------- d-----w- f:\windows.0\system32\LogFiles 2009-05-20 17:52 . 2009-05-20 17:52 -------- d-----w- F:\e25f8d1186b98eab2b5e53 2009-05-20 17:41 . 2008-03-21 08:27 23856 ----a-w- f:\windows.0\system32\spupdsvc.exe 2009-05-20 17:41 . 2006-06-29 07:37 14048 ------w- f:\windows.0\system32\spmsg2.dll 2009-05-20 17:38 . 2009-05-20 17:51 -------- d-----w- F:\9824dee6b021ed1462 2009-05-20 17:37 . 2009-05-20 17:37 -------- d-sh--w- f:\windows.0\ftpcache 2009-05-20 17:28 . 2009-05-23 14:45 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\Nokia 2009-05-20 17:27 . 2008-08-26 03:56 18816 ----a-w- f:\windows.0\system32\drivers\pccsmcfd.sys 2009-05-20 17:27 . 2008-05-07 02:09 1419232 ----a-w- f:\windows.0\system32\wdfcoinstaller01005.dll 2009-05-20 17:27 . 2008-02-01 09:47 90624 ----a-w- f:\windows.0\system32\nmwcdcls.dll 2009-05-20 17:27 . 2008-07-22 16:08 35814576 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Nokia_PC_Suite_rel_7_0_7_0_eng_web.e xe 2009-05-20 17:27 . 2009-05-20 17:27 8192 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\Uninst CCD.exe 2009-05-20 17:27 . 2009-05-20 17:27 61440 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe 2009-05-20 17:27 . 2009-05-20 17:27 10240 ----a-w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\Uninst PCS.exe 2009-05-20 17:26 . 2009-05-21 19:23 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Installations 2009-05-20 17:25 . 2002-02-20 08:03 113900 ----a-w- f:\windows.0\system32\dneinobj.dll 2009-05-20 17:25 . 2002-01-09 10:40 128380 ----a-w- f:\windows.0\system32\drivers\dne2000.sys 2009-05-20 17:25 . 2002-12-31 10:36 122944 ----a-w- f:\windows.0\system32\CSGina.dll 2009-05-20 17:24 . 2001-07-16 11:34 315904 ----a-w- f:\windows.0\IsUninst.exe 2009-05-20 17:24 . 2009-05-20 17:24 -------- d-----w- f:\documents and settings\Administrator.HOME\WINDOWS 2009-05-20 17:07 . 2009-05-20 17:07 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\iolo 2009-05-20 17:07 . 2009-05-20 17:07 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\iolo 2009-05-20 17:06 . 2009-05-20 17:06 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\Winamp 2009-05-20 16:55 . 2006-10-18 00:31 363008 ----a-r- f:\windows.0\system32\idecoiins.dll 2009-05-20 16:55 . 2006-10-05 00:35 35840 ----a-r- f:\windows.0\system32\NVCOI.DLL 2009-05-20 16:55 . 2006-10-05 00:35 356352 ------w- f:\windows.0\system32\nvuide.exe 2009-05-20 16:55 . 2006-10-18 00:31 363008 ----a-r- f:\windows.0\system32\idecoi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-06-07 12:30 . 2008-04-14 10:00 182656 ----a-w- f:\windows.0\system32\drivers\ndis.sys 2009-06-02 18:31 . 2009-05-03 15:54 -------- d-----w- f:\program files\DaemonTools 2009-06-02 18:27 . 2009-06-02 18:27 -------- d-sh--w- f:\windows.0\Fonts\Vault 2009-05-31 06:15 . 2009-05-19 18:33 71472 ----a-w- f:\documents and settings\Administrator.HOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-30 21:09 . 2009-05-19 18:27 86339 ----a-w- f:\windows.0\pchealth\helpctr\OfflineCache\index.d at 2009-05-29 05:06 . 2009-05-14 05:54 -------- d-----w- f:\program files\Cisco Systems 2009-05-25 06:01 . 2009-05-03 16:09 -------- d-----w- f:\program files\Dfx 2009-05-24 20:16 . 2009-05-14 17:54 -------- d-----w- f:\program files\Total Video Converter 2009-05-24 19:54 . 2009-05-09 07:21 -------- d-----w- f:\program files\NCH Swift Sound 2009-05-24 12:10 . 2009-05-10 15:00 -------- d-----w- f:\program files\Nokia 2009-05-21 19:24 . 2009-05-13 03:48 -------- d-----w- f:\program files\Common Files\PCSuite 2009-05-21 19:24 . 2009-05-13 03:47 -------- d-----w- f:\program files\PC Connectivity Solution 2009-05-21 06:22 . 2009-05-19 01:37 -------- d-----w- f:\program files\MPlayer 2009-05-20 17:41 . 2009-05-03 16:31 -------- d-----w- f:\program files\MSBuild 2009-05-20 16:43 . 2009-05-04 06:29 -------- d-----w- f:\program files\Hide Files and Folders 2009-05-19 20:52 . 2009-05-19 20:52 0 ----a-w- f:\windows.0\nsreg.dat 2009-05-19 18:46 . 2009-05-19 18:46 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\InstallShield 2009-05-19 18:42 . 2009-05-19 18:42 312098 ----a-w- f:\windows.0\HideWin.exe 2009-05-19 18:38 . 2009-05-03 15:45 -------- d-----w- f:\program files\Unlocker 2009-05-19 18:35 . 2009-05-19 18:35 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\GRETECH 2009-05-19 18:35 . 2009-05-19 18:35 -------- d-----w- f:\documents and settings\Administrator.HOME\Application Data\GRETECH 2009-05-19 18:35 . 2009-05-19 18:35 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\BurstCopy Labs 2009-05-19 18:33 . 2009-05-19 18:33 -------- d-----w- f:\documents and settings\All Users.WINDOWS.0\Application Data\Azureus 2009-05-19 18:25 . 2009-05-19 18:25 21640 ----a-w- f:\windows.0\system32\emptyregdb.dat 2009-05-19 18:25 . 2009-05-03 15:45 -------- d-----w- f:\program files\Microsoft PowerToys 2009-05-19 18:25 . 2009-05-03 15:45 -------- d-----w- f:\program files\HashTab Shell Extension 2009-05-19 01:39 . 2009-05-03 16:59 -------- d-----w- f:\program files\K-Lite Codec Pack 2009-05-17 09:21 . 2009-05-17 09:21 -------- d-----w- f:\program files\Common Files\PocketSoft 2009-05-17 09:19 . 2009-05-03 16:02 -------- d--h--w- f:\program files\InstallShield Installation Information 2009-05-14 05:54 . 2009-05-14 05:54 -------- d-----w- f:\program files\Common Files\Deterministic Networks 2009-05-14 05:53 . 2009-05-03 16:02 -------- d-----w- f:\program files\Common Files\InstallShield 2009-05-14 05:52 . 2009-05-14 05:52 -------- d-----w- f:\program files\Citrix 2009-05-13 19:49 . 2009-05-13 03:47 -------- d-----w- f:\program files\Common Files\Nokia 2009-05-13 19:49 . 2009-05-13 19:49 -------- d-----w- f:\program files\MSXML 6.0 2009-05-13 19:41 . 2009-05-13 19:40 -------- d-----w- f:\program files\Common Files\Ulead Systems 2009-05-13 19:41 . 2009-05-13 19:41 -------- d-----w- f:\program files\Windows Media Components 2009-05-13 19:40 . 2009-05-13 19:40 -------- d-----w- f:\program files\Ulead Systems 2009-05-12 05:53 . 2009-05-12 05:51 -------- d-----w- f:\program files\Common Files\Nero 2009-05-12 05:51 . 2009-05-12 05:51 -------- d-----w- f:\program files\Nero 2009-05-09 13:35 . 2009-05-05 19:24 -------- d-----w- f:\program files\Azureus 2009-05-05 04:10 . 2009-05-05 04:10 -------- d-----w- f:\program files\Microsoft Office Communicator 2009-05-03 17:34 . 2009-05-03 17:34 -------- d-----w- f:\program files\OpenAL 2009-05-03 17:11 . 2009-05-03 17:05 -------- d-----w- f:\program files\Symantec 2009-05-03 17:11 . 2009-05-03 17:05 -------- d-----w- f:\program files\Common Files\Symantec Shared 2009-05-03 17:01 . 2009-05-03 17:01 -------- d-----w- f:\program files\VideoLAN 2009-05-03 16:41 . 2009-05-03 16:38 -------- d-----w- f:\program files\Common Files\Adobe 2009-05-03 16:41 . 2009-05-03 16:41 -------- d-----w- f:\program files\Common Files\Macrovision Shared 2009-05-03 16:31 . 2009-05-03 16:31 -------- d-----w- f:\program files\Microsoft Works 2009-05-03 16:23 . 2009-05-03 16:09 -------- d-----w- f:\program files\Winamp 2009-05-03 16:17 . 2009-05-03 16:17 -------- d-----w- f:\program files\GRETECH 2009-05-03 16:16 . 2009-05-03 16:16 -------- d-----w- f:\program files\MSConfig CleanUp 2009-05-03 16:07 . 2009-05-03 16:07 -------- d-----w- f:\program files\BurstCopy 2009-05-03 16:04 . 2009-05-03 16:04 -------- d-----w- f:\program files\AMD 2009-05-03 16:02 . 2009-05-03 16:02 -------- d-----w- f:\program files\Realtek 2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\SmartBuster 2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\CachemanXP 2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\Oberon Media 2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\Mystery Legends Sleepy Hollow 2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\KGB Archiver 2009-05-03 16:01 . 2009-05-03 16:01 -------- d-----w- f:\program files\DIFX 2009-04-05 18:48 . 2009-04-05 18:48 23 --sha-w- f:\windows.0\system32\cdcfafca7.dat 2009-04-05 05:59 . 2009-05-19 18:39 11 --sha-r- f:\documents and settings\All Users.WINDOWS.0\Application Data\BurstCopy Labs\BurstCopy\Data\B9C9BE9B.sys 2009-03-27 02:44 . 2009-05-19 23:52 453152 ----a-w- f:\windows.0\system32\nvuninst.exe 2008-03-09 01:55 . 2009-05-23 12:37 236 ----a-w- f:\program files\Common Files\dx.reg 2008-08-16 12:12 . 2008-08-16 12:12 13112 ----a-w- f:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 12:12 . 2008-08-16 12:12 70456 ----a-w- f:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 12:12 . 2008-08-16 12:12 91448 ----a-w- f:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-16 12:12 . 2008-08-16 12:12 20800 ----a-w- f:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 12:13 . 2008-08-16 12:13 206136 ----a-w- f:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 12:12 . 2008-08-16 12:12 31032 ----a-w- f:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 12:12 . 2008-08-16 12:12 40248 ----a-w- f:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 03:11 . 2008-05-21 03:11 479232 ----a-w- f:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 03:11 . 2008-05-21 03:11 548864 ----a-w- f:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 03:11 . 2008-05-21 03:11 626688 ----a-w- f:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 08:28 . 2008-06-05 08:28 648504 ----a-w- f:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 12:12 . 2008-08-16 12:12 23864 ----a-w- f:\program files\mozilla firefox\plugins\TcpPServ.dll . ------- Sigcheck ------- [-] 2008-12-30 04:52 361600 5AE1C2695F6523AD98B948F2887D8C5E f:\windows.0\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="f:\windows.0\system32\ctfmon.exe " [2008-04-14 15360] "SRS Audio Sandbox"="f:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2009-05-31 3215360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="f:\windows.0\system32\NvCpl.dll " [2009-03-27 13684736] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "_nltide_3"="advpack.dll" - f:\windows.0\system32\advpack.dll [2008-04-14 99840] f:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\ Cisco Systems VPN Client.lnk - f:\program files\Cisco Systems\VPN Client\ipsecdialer.exe [2009-5-29 1269834] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\FDCENT.SYS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\HideFilesAndFolders_S] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "f:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "f:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "f:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= R1 FDCENT;FDCENT;f:\windows.0\system32\drivers\FDCENT .SYS [5/20/2009 10:12 PM 47470] R2 CVPNDRV;Cisco Systems IPsec Driver;f:\windows.0\system32\drivers\CVPNDrv.sys [5/29/2009 10:36 AM 263749] S1 2e89eb79;2e89eb79;f:\windows.0\system32\drivers\2e 89eb79.sys --> f:\windows.0\system32\drivers\2e89eb79.sys [?] --- Other Services/Drivers In Memory --- NewlyCreated - ASPI32 . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://85.114.141.207/meds/ IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - f:\documents and settings\Administrator.HOME\Application Data\Mozilla\Firefox\Profiles\i8z24rx2.default\ FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJava11.dll FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJava12.dll FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJava13.dll FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJava14.dll FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJava32.dll FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPJPI150_16.dll FF - plugin: f:\program files\Java\jre1.5.0_16\bin\NPOJI610.dll FF - plugin: f:\program files\Mozilla Firefox\plugins\npicaN.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ************************************************ ******************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-06-07 18:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ******************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1220) f:\windows.0\system32\msi.dll f:\windows.0\system32\WPDShServiceObj.dll f:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll f:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL f:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr f:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr f:\windows.0\system32\PortableDeviceTypes.dll f:\windows.0\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . f:\program files\Cisco Systems\VPN Client\cvpnd.exe f:\windows.0\system32\nvsvc32.exe . ********************************************** ********************** . Completion time: 2009-06-07 18:03 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-07 12:33 Pre-Run: 16,292,974,592 bytes free Post-Run: 16,485,298,176 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(4)\WINDOW S.0 [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(4)\WINDOWS.0="Mic rosoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff /usepmtimer multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff /usepmtimer Current=1 Default=1 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5 352 Waiting for your reply. -Pavan Kumar

06-07-2009	#17
pavanbl Bronze Member Join Date: Apr 2009 Posts: 18 PC Experience: Experienced	Re: Need help for Regedit Hi DCIAdmin, You know what. You ppl are amazing. With that ComboFix.exe tool, it removed all the malaware in PC. Now I installed the antivirus and it is working absolutely fine now. But I would request you to please analyze the logs I copied so that I want to make sure that there is no other prbs. Thanks a ton. :-) Comments on this post smokeycheech agrees: Thanks for your comments :)

06-07-2009	#18
DCiAdmin Tech Team Leader Join Date: Sep 2008 Location: Heart of the US Midwest Posts: 6,179 PC Experience: Perpetual Student	Re: Need help for Regedit Now we're getting somewhere! Good job getting that to run. And you're right - it did remove MUCH malware, but only a thorough analysis will tell us if it removed all. I have a family reunion today and will be out much of the day. I'll work on this the minute I get home. Thank you for your patience! __________________ DCiAdmin *PCHF Rules* / *PreWork* / *AfterWork* / *PCHF Downloads* / *System File Checker* Thank you for entrusting your system to PCHF!

06-08-2009	#19
pavanbl Bronze Member Join Date: Apr 2009 Posts: 18 PC Experience: Experienced	Re: Need help for Regedit Hi DCIAdmin, I am sorry to bother you again. But now my sys is completely screwed up. After installing Kaspersky antivirus. It scanned the whole PC. After that I restarted my PC. Since then my PC won`t start not even safe boot. After the windows logo, it will say "loading your personal settings" and quickly after that it says "Saving your setting" "loggin off" and again it repeats the the loading the settings thing. This keeps on going again and again. Nothing is working now. I even tried recovery console but no go. Please help.

06-08-2009	#20
DCiAdmin Tech Team Leader Join Date: Sep 2008 Location: Heart of the US Midwest Posts: 6,179 PC Experience: Perpetual Student	Re: Need help for Regedit Pavan, You installed Kaspersky after I had you run ComboFix? Let me check with a coworker that knows the Kaspersky software - perhaps they have run into this before. I'll be back with you as soon as I have some answers...... __________________ DCiAdmin *PCHF Rules* / *PreWork* / *AfterWork* / *PCHF Downloads* / *System File Checker* Thank you for entrusting your system to PCHF!

06-08-2009	#21
chiaz Senior Security Analyst Join Date: Jun 2006 Location: Singapore Posts: 5,177 PC Experience: PC Guru	Re: Need help for Regedit Hello pavan. If you can go beyond the Windows logo, why can't you boot to Safe Mode?

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
Fixed: Task Manager & Regedit are disabled	Mahbod91	[Fixed] Hijackthis! Logs	5	10-09-2008 10:55 PM
[Fixed] Regedit,net, and net1 running automatically.	SushiCookie	Windows XP/2000	14	11-25-2006 10:02 PM
regedit problem	oceancity	Windows XP/2000	3	09-01-2006 07:35 PM
[Fixed] Problem about folder/regedit	_l_	Windows XP/2000	15	04-24-2006 02:23 PM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode