Comments on: How to clean an Infected PC http://rochakchauhan.com/blog/2008/09/04/how-to-clean-and-infected-pc/ Know your limits, but never stop trying to exceed them. Fri, 12 Mar 2010 08:02:35 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: rochakchauhan http://rochakchauhan.com/blog/2008/09/04/how-to-clean-and-infected-pc/comment-page-1/#comment-753 rochakchauhan Sat, 06 Sep 2008 03:59:45 +0000 http://rochakchauhan.com/blog/2008/09/04/how-to-clean-and-infected-pc/#comment-753 Hi Nadia, Well the Combofix has done its job, Your PC is clean now ! This file is nothing but a log file. Take is more like a report card. As you can see, it tells you which files have been deleted from your system and which files created after the previous scan. Now. I would suggest that you install some good antivirus and update it ASAP. Take care, Rochak Chauhan Hi Nadia,

Well the Combofix has done its job, Your PC is clean now !

This file is nothing but a log file. Take is more like a report card. As you can see, it tells you which files have been deleted from your system and which files created after the previous scan.

Now. I would suggest that you install some good antivirus and update it ASAP.

Take care,
Rochak Chauhan

]]> By: Nadia http://rochakchauhan.com/blog/2008/09/04/how-to-clean-and-infected-pc/comment-page-1/#comment-752 Nadia Fri, 05 Sep 2008 22:21:18 +0000 http://rochakchauhan.com/blog/2008/09/04/how-to-clean-and-infected-pc/#comment-752 Hi Rochak, Here is my file after the scan completed. Please le tme know what do I do now. Thanks for your help. ComboFix 08-09-04.09 - Nadia Olson 2008-09-05 13:21:12.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1412 [GMT 2:00] Running from: C:\Documents and Settings\Nadia Olson\My Documents\Downloads\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\jestertb.dll C:\WINDOWS\system32\bafxtokn.ini C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\dbfb.dll C:\WINDOWS\system32\sAdLknnn.ini C:\WINDOWS\system32\sAdLknnn.ini2 C:\WINDOWS\system32\xmjafuld.ini . ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . 2008-09-05 13:01 . 2006-04-12 10:40 270,336 --a------ C:\WINDOWS\system32\cximagecrt.dll 2008-09-05 13:00 . 2008-09-05 13:01 d-------- C:\Program Files\Rohos 2008-09-03 16:17 . 2008-09-04 13:46 d-------- C:\WINDOWS\system32\CatRoot2 2008-09-03 15:38 . 2008-09-03 15:38 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-09-03 14:45 . 2008-09-03 14:45 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-03 14:45 . 2008-09-03 14:45 d-------- C:\Documents and Settings\Nadia Olson\Application Data\Malwarebytes 2008-09-03 14:45 . 2008-09-03 14:45 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-03 14:45 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-03 14:45 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-03 14:01 . 2008-09-03 14:01 d--h----- C:\WINDOWS\PIF 2008-09-03 13:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-09-03 13:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-09-03 13:01 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-09-03 13:01 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-09-03 13:01 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-09-03 13:01 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-09-03 13:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-09-03 13:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-09-03 13:01 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-09-03 12:31 . 2008-09-03 12:31 d-------- C:\Program Files\PcPrivacySoftware.com 2008-09-03 11:54 . 2008-09-03 15:59 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard 2008-09-03 11:53 . 2008-09-03 11:53 d-------- C:\Program Files\Common Files\iS3 2008-09-03 11:53 . 2008-09-03 16:24 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2008-09-01 13:25 . 2008-09-01 13:25 d-------- C:\Program Files\CCleaner 2008-09-01 10:59 . 2008-09-01 10:59 d-------- C:\Program Files\Alwil Software 2008-09-01 09:49 . 2008-09-01 09:49 d-------- C:\Program Files\K-Lite Codec Pack 2008-08-31 20:51 . 2008-08-31 20:51 d-------- C:\Program Files\Tools 2008-08-31 20:51 . 2008-08-31 20:51 d-------- C:\Program Files\Setup 2008-08-31 20:51 . 2008-08-31 20:51 d-------- C:\Program Files\Manual 2008-08-31 18:38 . 2008-08-31 18:38 d-------- C:\Program Files\Windows Defender 2008-08-31 18:38 . 2008-08-31 18:38 d-------- C:\Documents and Settings\Nadia Olson\Application Data\Sammsoft 2008-08-31 18:37 . 2008-08-31 18:38 d-------- C:\Program Files\Advanced Registry Optimizer 2008-08-31 18:37 . 2008-08-31 18:37 d-------- C:\Documents and Settings\Nadia Olson\Application Data\HouseCall 6.6 2008-08-31 14:48 . 2008-08-31 18:35 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-08-31 11:30 . 2008-08-31 18:35 d-------- C:\Program Files\AskBarDis 2008-08-31 10:39 . 2008-08-31 18:36 d-------- C:\Program Files\Advanced Registry Optimizer(2) 2008-08-31 10:39 . 2008-08-31 18:36 d-------- C:\Documents and Settings\Nadia Olson\Application Data\Sammsoft(2) 2008-08-30 20:23 . 2008-08-31 18:37 d-------- C:\Documents and Settings\Nadia Olson\Application Data\Spyware Terminator 2008-08-30 18:30 . 2008-08-31 18:37 d-------- C:\Program Files\Windows Live Safety Center 2008-08-27 15:57 . 2008-08-27 15:57 4,207,584 --a------ C:\Documents and Settings\Front view of House for Sale (2).jpg 2008-08-27 15:56 . 2008-08-27 15:56 964,909 --a------ C:\Documents and Settings\Front view of House for Sale.jpg 2008-08-26 16:46 . 2008-08-31 18:38 d-------- C:\Program Files\Windows Defender(2) 2008-08-25 09:46 . 2008-08-25 09:46 5,769 --a------ C:\WINDOWS\system32\machpcdg.dll 2008-08-25 09:07 . 2008-09-01 09:26 5,512 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-24 19:28 . 2008-03-02 03:28 206,608 --a------ C:\WINDOWS\system32\drivers\TMPassthru.sys 2008-08-24 08:23 . 2008-08-24 08:23 5,769 --a------ C:\WINDOWS\system32\tfjcevno.dll 2008-08-23 22:42 . 2008-08-23 22:42 5,759 --a------ C:\WINDOWS\system32\jlpovhpg.dll 2008-08-22 12:47 . 2008-08-22 12:47 d-------- C:\Program Files\XP Codec Pack 2008-08-16 18:18 . 2008-08-16 18:18 d-------- C:\Program Files\Sun 2008-08-13 15:37 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 15:36 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-06 13:20 . 2008-08-07 12:00 d-------- C:\Program Files\EasyVideoConvert 2008-08-06 13:20 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-08-06 13:20 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-08-06 13:20 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2008-08-06 13:20 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2008-08-05 08:57 . 2008-08-05 08:57 d-------- C:\WINDOWS\system32\Lang 2008-08-05 08:57 . 2006-11-10 09:25 319,456 --a------ C:\WINDOWS\system32\difxapi.dll 2008-08-05 08:56 . 2008-08-05 08:56 d-------- C:\Documents and Settings\Nadia Olson\Application Data\InstallShield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 21:26 --------- d-----w C:\Documents and Settings\Nadia Olson\Application Data\skypePM 2008-09-05 21:25 --------- d-----w C:\Documents and Settings\Nadia Olson\Application Data\Skype 2008-09-05 21:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-05 21:23 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-09-05 21:23 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad 2008-09-05 10:48 --------- d-----w C:\Program Files\7-Zip 2008-09-04 15:13 --------- d-----w C:\Program Files\Dl_cats 2008-09-04 11:30 --------- d-----w C:\Program Files\Trend Micro 2008-09-03 09:46 --------- d-----w C:\Program Files\MSECache 2008-09-02 16:58 --------- d-----w C:\Documents and Settings\Nadia Olson\Application Data\uTorrent 2008-09-01 11:25 --------- d-----w C:\Program Files\Yahoo! 2008-08-31 18:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-31 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-08-27 06:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-23 15:49 --------- d-----w C:\Program Files\Apple Software Update 2008-08-21 06:33 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-16 16:17 --------- d-----w C:\Program Files\Java 2008-08-11 08:57 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-06 13:08 --------- d-----w C:\Program Files\MyPublisher 2008-08-02 11:57 --------- d-----w C:\Documents and Settings\Nadia Olson\Application Data\vlc 2008-08-02 11:53 --------- d-----w C:\Program Files\VideoLAN 2008-08-02 11:00 --------- d-----w C:\Program Files\iTunes 2008-08-02 10:59 --------- d-----w C:\Program Files\iPod 2008-07-30 09:04 --------- d-----w C:\Documents and Settings\Guest\Application Data\MSN Search Toolbar 2008-07-30 08:54 --------- d-----w C:\Documents and Settings\Guest\Application Data\GTek 2008-07-27 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-07-27 09:52 --------- d-----w C:\Program Files\DVD Shrink 2008-07-27 09:52 --------- d-----w C:\Program Files\DVD Decrypter 2008-07-26 12:09 --------- d-----w C:\Program Files\Digital Line Detect 2008-07-26 11:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-26 11:45 --------- d-----w C:\Program Files\ItsDeductibleEX 2008-07-26 11:43 --------- d-----w C:\Program Files\Dell 2008-07-26 11:22 --------- d-----w C:\Program Files\Western Digital Technologies 2008-07-25 09:21 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys 2008-07-25 09:21 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys 2008-07-25 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-20 09:54 --------- d-----w C:\Program Files\Microsoft Baseline Security Analyzer 2 2008-07-18 18:10 --------- d-----w C:\Program Files\QuickTime 2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys 2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys 2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys 2008-07-18 08:51 --------- d-----w C:\Program Files\MSN Messenger 2008-07-17 21:06 --------- d-----w C:\Program Files\Microsoft Office Outlook Connector 2008-07-17 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-07-17 10:26 --------- d-----w C:\Program Files\Microsoft 2008-07-15 09:16 --------- d-----w C:\Program Files\Google 2008-07-09 10:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-08 15:54 --------- d-----w C:\Documents and Settings\Nadia Olson\Application Data\Uniblue 2008-07-08 09:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2008-07-08 09:04 --------- d-----w C:\Program Files\Common Files\LogiShrd 2008-07-08 09:03 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2008-07-08 09:03 --------- d-----w C:\Program Files\Logitech 2008-07-08 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-07-07 11:31 22 ----a-w C:\Program Files\WinRar v3.8.x Patch.zip 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-12 15:08 61,224 ----a-w C:\Documents and Settings\Nadia Olson\GoToAssistDownloadHelper.exe 2008-03-03 15:43 32 ------w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-25 21:07 18,725 ----a-w C:\Program Files\Readme.txt 1998-11-17 08:36 6,715 ----a-r C:\Program Files\bizflyer.htm 1998-10-16 12:14 48,738 ----a-r C:\Program Files\re10half.GIF 1998-10-16 12:14 37,784 ----a-r C:\Program Files\re09graf.GIF 1998-10-15 15:42 17,151 ----a-r C:\Program Files\re00exam.GIF 1998-10-15 15:21 22,904 ----a-r C:\Program Files\re07flyr.GIF 1998-10-15 15:17 23,468 ----a-r C:\Program Files\re06coll.GIF 1998-10-15 15:15 12,123 ----a-r C:\Program Files\re05fram.GIF 1998-10-15 14:11 7,036 ----a-r C:\Program Files\re04Baft.GIF 1998-10-15 14:08 6,634 ----a-r C:\Program Files\re04Abfr.GIF 1998-10-15 14:06 19,926 ----a-r C:\Program Files\re03clon.GIF 1998-10-15 14:01 20,334 ----a-r C:\Program Files\re02crop.GIF 1998-10-15 13:47 23,485 ----a-r C:\Program Files\re00befr.GIF . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}] 2008-08-31 20:11 133616 --a----t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-04-09 2135168] "Google Update"="C:\Documents and Settings\Nadia Olson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-08-31 133104] "Rohos"="C:\Program Files\Rohos\agent.exe" [2008-07-11 771392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112] "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-25 1393928] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152] "dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 425984] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 122941] "CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-10 106496] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632] "TMWebProtectTray"="C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe" [2008-05-13 288136] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544] "CTHelper"="CTHELPER.EXE" [2004-03-11 C:\WINDOWS\system32\CTHELPER.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-08-02 7168] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-08 66864] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 19:10:04 238080] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\WINDOWS\\system32\\dlbxcoms.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlbxPSWX.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\msncall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 RHDISK;RHDISK;C:\Program Files\Rohos\RHDISK.SYS [2008-05-02 35136] R2 TMWebProtect;Trend Micro Web Protection Add-On Service;C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe [2008-05-13 595328] R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608] S2 gupdate1c8e65b56deb04a;Google Update Service (gupdate1c8e65b56deb04a);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-31 133104] S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys [2002-07-01 95232] S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608] S3 USB28xxBGA;USB 2861 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216] S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{DE6FE096-397D-4883-B83C-EDB532855D35} - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Nadia Olson\Application Data\Mozilla\Firefox\Profiles\7v6xtqy3.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/ FF -: plugin - C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npagent.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 23:24:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Dell Network Assistant\ezi_hnm2.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dlbxcoms.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2008-09-05 23:28:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-05 21:28:29 Pre-Run: 12,011,565,056 bytes free Post-Run: 12,129,734,656 bytes free 328 --- E O F --- 2008-08-21 09:01:26 Hi Rochak,

Here is my file after the scan completed. Please le tme know what do I do now.

Thanks for your help.

ComboFix 08-09-04.09 – Nadia Olson 2008-09-05 13:21:12.1 – NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1412 [GMT 2:00]
Running from: C:\Documents and Settings\Nadia Olson\My Documents\Downloads\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\jestertb.dll
C:\WINDOWS\system32\bafxtokn.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\dbfb.dll
C:\WINDOWS\system32\sAdLknnn.ini
C:\WINDOWS\system32\sAdLknnn.ini2
C:\WINDOWS\system32\xmjafuld.ini

.
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-09-05 13:01 . 2006-04-12 10:40 270,336 –a—— C:\WINDOWS\system32\cximagecrt.dll
2008-09-05 13:00 . 2008-09-05 13:01 d——– C:\Program Files\Rohos
2008-09-03 16:17 . 2008-09-04 13:46 d——– C:\WINDOWS\system32\CatRoot2
2008-09-03 15:38 . 2008-09-03 15:38 d——– C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-03 14:45 . 2008-09-03 14:45 d——– C:\Program Files\Malwarebytes’ Anti-Malware
2008-09-03 14:45 . 2008-09-03 14:45 d——– C:\Documents and Settings\Nadia Olson\Application Data\Malwarebytes
2008-09-03 14:45 . 2008-09-03 14:45 d——– C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-03 14:45 . 2008-09-02 00:16 38,528 –a—— C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-03 14:45 . 2008-09-02 00:16 17,200 –a—— C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 14:01 . 2008-09-03 14:01 d–h—– C:\WINDOWS\PIF
2008-09-03 13:01 . 2007-09-06 00:22 289,144 –a—— C:\WINDOWS\system32\VCCLSID.exe
2008-09-03 13:01 . 2006-04-27 17:49 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
2008-09-03 13:01 . 2008-05-29 09:35 86,528 –a—— C:\WINDOWS\system32\VACFix.exe
2008-09-03 13:01 . 2008-05-18 21:40 82,944 –a—— C:\WINDOWS\system32\IEDFix.exe
2008-09-03 13:01 . 2008-08-14 21:52 82,432 –a—— C:\WINDOWS\system32\IEDFix.C.exe
2008-09-03 13:01 . 2008-08-18 12:19 82,432 –a—— C:\WINDOWS\system32\404Fix.exe
2008-09-03 13:01 . 2003-06-05 21:13 53,248 –a—— C:\WINDOWS\system32\Process.exe
2008-09-03 13:01 . 2004-07-31 18:50 51,200 –a—— C:\WINDOWS\system32\dumphive.exe
2008-09-03 13:01 . 2007-10-04 00:36 25,600 –a—— C:\WINDOWS\system32\WS2Fix.exe
2008-09-03 12:31 . 2008-09-03 12:31 d——– C:\Program Files\PcPrivacySoftware.com
2008-09-03 11:54 . 2008-09-03 15:59 d——– C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-03 11:53 . 2008-09-03 11:53 d——– C:\Program Files\Common Files\iS3
2008-09-03 11:53 . 2008-09-03 16:24 d——– C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-01 13:25 . 2008-09-01 13:25 d——– C:\Program Files\CCleaner
2008-09-01 10:59 . 2008-09-01 10:59 d——– C:\Program Files\Alwil Software
2008-09-01 09:49 . 2008-09-01 09:49 d——– C:\Program Files\K-Lite Codec Pack
2008-08-31 20:51 . 2008-08-31 20:51 d——– C:\Program Files\Tools
2008-08-31 20:51 . 2008-08-31 20:51 d——– C:\Program Files\Setup
2008-08-31 20:51 . 2008-08-31 20:51 d——– C:\Program Files\Manual
2008-08-31 18:38 . 2008-08-31 18:38 d——– C:\Program Files\Windows Defender
2008-08-31 18:38 . 2008-08-31 18:38 d——– C:\Documents and Settings\Nadia Olson\Application Data\Sammsoft
2008-08-31 18:37 . 2008-08-31 18:38 d——– C:\Program Files\Advanced Registry Optimizer
2008-08-31 18:37 . 2008-08-31 18:37 d——– C:\Documents and Settings\Nadia Olson\Application Data\HouseCall 6.6
2008-08-31 14:48 . 2008-08-31 18:35 d——– C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-31 11:30 . 2008-08-31 18:35 d——– C:\Program Files\AskBarDis
2008-08-31 10:39 . 2008-08-31 18:36 d——– C:\Program Files\Advanced Registry Optimizer(2)
2008-08-31 10:39 . 2008-08-31 18:36 d——– C:\Documents and Settings\Nadia Olson\Application Data\Sammsoft(2)
2008-08-30 20:23 . 2008-08-31 18:37 d——– C:\Documents and Settings\Nadia Olson\Application Data\Spyware Terminator
2008-08-30 18:30 . 2008-08-31 18:37 d——– C:\Program Files\Windows Live Safety Center
2008-08-27 15:57 . 2008-08-27 15:57 4,207,584 –a—— C:\Documents and Settings\Front view of House for Sale (2).jpg
2008-08-27 15:56 . 2008-08-27 15:56 964,909 –a—— C:\Documents and Settings\Front view of House for Sale.jpg
2008-08-26 16:46 . 2008-08-31 18:38 d——– C:\Program Files\Windows Defender(2)
2008-08-25 09:46 . 2008-08-25 09:46 5,769 –a—— C:\WINDOWS\system32\machpcdg.dll
2008-08-25 09:07 . 2008-09-01 09:26 5,512 –a—— C:\WINDOWS\system32\tmp.reg
2008-08-24 19:28 . 2008-03-02 03:28 206,608 –a—— C:\WINDOWS\system32\drivers\TMPassthru.sys
2008-08-24 08:23 . 2008-08-24 08:23 5,769 –a—— C:\WINDOWS\system32\tfjcevno.dll
2008-08-23 22:42 . 2008-08-23 22:42 5,759 –a—— C:\WINDOWS\system32\jlpovhpg.dll
2008-08-22 12:47 . 2008-08-22 12:47 d——– C:\Program Files\XP Codec Pack
2008-08-16 18:18 . 2008-08-16 18:18 d——– C:\Program Files\Sun
2008-08-13 15:37 . 2008-05-01 16:33 331,776 ——— C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 15:36 . 2008-04-11 21:04 691,712 ——— C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-06 13:20 . 2008-08-07 12:00 d——– C:\Program Files\EasyVideoConvert
2008-08-06 13:20 . 1999-09-10 12:06 45,056 –a—— C:\WINDOWS\system32\WNASPI32.DLL
2008-08-06 13:20 . 1999-09-10 12:06 25,244 –a—— C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-08-06 13:20 . 1999-09-10 12:06 5,600 –a—— C:\WINDOWS\system\WINASPI.DLL
2008-08-06 13:20 . 1999-09-10 12:06 4,672 –a—— C:\WINDOWS\system\WOWPOST.EXE
2008-08-05 08:57 . 2008-08-05 08:57 d——– C:\WINDOWS\system32\Lang
2008-08-05 08:57 . 2006-11-10 09:25 319,456 –a—— C:\WINDOWS\system32\difxapi.dll
2008-08-05 08:56 . 2008-08-05 08:56 d——– C:\Documents and Settings\Nadia Olson\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 21:26 ——— d—–w C:\Documents and Settings\Nadia Olson\Application Data\skypePM
2008-09-05 21:25 ——— d—–w C:\Documents and Settings\Nadia Olson\Application Data\Skype
2008-09-05 21:24 ——— d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-05 21:23 0 —-a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-09-05 21:23 0 —-a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-09-05 10:48 ——— d—–w C:\Program Files\7-Zip
2008-09-04 15:13 ——— d—–w C:\Program Files\Dl_cats
2008-09-04 11:30 ——— d—–w C:\Program Files\Trend Micro
2008-09-03 09:46 ——— d—–w C:\Program Files\MSECache
2008-09-02 16:58 ——— d—–w C:\Documents and Settings\Nadia Olson\Application Data\uTorrent
2008-09-01 11:25 ——— d—–w C:\Program Files\Yahoo!
2008-08-31 18:02 ——— d—–w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 18:00 ——— d—–w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-08-27 06:57 ——— d–h–w C:\Program Files\InstallShield Installation Information
2008-08-23 15:49 ——— d—–w C:\Program Files\Apple Software Update
2008-08-21 06:33 ——— d—–w C:\Program Files\Microsoft Silverlight
2008-08-16 16:17 ——— d—–w C:\Program Files\Java
2008-08-11 08:57 3,350 –sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-06 13:08 ——— d—–w C:\Program Files\MyPublisher
2008-08-02 11:57 ——— d—–w C:\Documents and Settings\Nadia Olson\Application Data\vlc
2008-08-02 11:53 ——— d—–w C:\Program Files\VideoLAN
2008-08-02 11:00 ——— d—–w C:\Program Files\iTunes
2008-08-02 10:59 ——— d—–w C:\Program Files\iPod
2008-07-30 09:04 ——— d—–w C:\Documents and Settings\Guest\Application Data\MSN Search Toolbar
2008-07-30 08:54 ——— d—–w C:\Documents and Settings\Guest\Application Data\GTek
2008-07-27 10:15 ——— d—–w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-27 09:52 ——— d—–w C:\Program Files\DVD Shrink
2008-07-27 09:52 ——— d—–w C:\Program Files\DVD Decrypter
2008-07-26 12:09 ——— d—–w C:\Program Files\Digital Line Detect
2008-07-26 11:46 ——— d—–w C:\Program Files\Common Files\Symantec Shared
2008-07-26 11:45 ——— d—–w C:\Program Files\ItsDeductibleEX
2008-07-26 11:43 ——— d—–w C:\Program Files\Dell
2008-07-26 11:22 ——— d—–w C:\Program Files\Western Digital Technologies
2008-07-25 09:21 65,936 —-a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2008-07-25 09:21 333,328 —-a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-07-25 09:06 ——— d—–w C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-20 09:54 ——— d—–w C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-07-18 18:10 ——— d—–w C:\Program Files\QuickTime
2008-07-18 17:08 36,368 —-a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-07-18 17:08 205,328 —-a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-07-18 16:51 1,195,448 —-a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-07-18 08:51 ——— d—–w C:\Program Files\MSN Messenger
2008-07-17 21:06 ——— d—–w C:\Program Files\Microsoft Office Outlook Connector
2008-07-17 19:14 ——— d—–w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-17 10:26 ——— d—–w C:\Program Files\Microsoft
2008-07-15 09:16 ——— d—–w C:\Program Files\Google
2008-07-09 10:35 ——— d—–w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 15:54 ——— d—–w C:\Documents and Settings\Nadia Olson\Application Data\Uniblue
2008-07-08 09:08 ——— d—–w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-07-08 09:04 ——— d—–w C:\Program Files\Common Files\LogiShrd
2008-07-08 09:03 127,034 ——r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-07-08 09:03 ——— d—–w C:\Program Files\Logitech
2008-07-08 09:02 ——— d—–w C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-07 20:26 253,952 —-a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ——w C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 11:31 22 —-a-w C:\Program Files\WinRar v3.8.x Patch.zip
2008-06-24 16:43 74,240 —-a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ——w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:57 3,592,192 —-a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ——w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ——w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ——w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ——w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 —-a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ——w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ——w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ——w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ——w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ——w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ——w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-12 15:08 61,224 —-a-w C:\Documents and Settings\Nadia Olson\GoToAssistDownloadHelper.exe
2008-03-03 15:43 32 ——w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-25 21:07 18,725 —-a-w C:\Program Files\Readme.txt
1998-11-17 08:36 6,715 —-a-r C:\Program Files\bizflyer.htm
1998-10-16 12:14 48,738 —-a-r C:\Program Files\re10half.GIF
1998-10-16 12:14 37,784 —-a-r C:\Program Files\re09graf.GIF
1998-10-15 15:42 17,151 —-a-r C:\Program Files\re00exam.GIF
1998-10-15 15:21 22,904 —-a-r C:\Program Files\re07flyr.GIF
1998-10-15 15:17 23,468 —-a-r C:\Program Files\re06coll.GIF
1998-10-15 15:15 12,123 —-a-r C:\Program Files\re05fram.GIF
1998-10-15 14:11 7,036 —-a-r C:\Program Files\re04Baft.GIF
1998-10-15 14:08 6,634 —-a-r C:\Program Files\re04Abfr.GIF
1998-10-15 14:06 19,926 —-a-r C:\Program Files\re03clon.GIF
1998-10-15 14:01 20,334 —-a-r C:\Program Files\re02crop.GIF
1998-10-15 13:47 23,485 —-a-r C:\Program Files\re00befr.GIF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-31 20:11 133616 –a—-t- C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SsAAD.exe”=”C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe” [2006-05-08 81920]
“Skype”=”C:\Program Files\Skype\Phone\Skype.exe” [2008-05-30 21718312]
“ctfmon.exe”=”C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]
“AROReminder”=”C:\Program Files\Advanced Registry Optimizer\aro.exe” [2008-04-09 2135168]
“Google Update”=”C:\Documents and Settings\Nadia Olson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” [2008-08-31 133104]
“Rohos”=”C:\Program Files\Rohos\agent.exe” [2008-07-11 771392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“UpdReg”=”C:\WINDOWS\UpdReg.EXE” [2000-05-11 90112]
“UfSeAgnt.exe”=”C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe” [2008-07-25 1393928]
“SunJavaUpdateSched”=”C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“QuickTime Task”=”C:\Program Files\QuickTime\QTTask.exe” [2008-05-27 413696]
“LogitechQuickCamRibbon”=”C:\Program Files\Logitech\QuickCam\Quickcam.exe” [2007-10-25 2178832]
“LogitechCommunicationsManager”=”C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [2007-10-25 563984]
“iTunesHelper”=”C:\Program Files\iTunes\iTunesHelper.exe” [2008-07-30 289064]
“ISUSScheduler”=”C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-08-11 81920]
“ISUSPM Startup”=”C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-08-11 249856]
“IAAnotif”=”C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2008-05-07 178712]
“DVDLauncher”=”C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe” [2006-04-06 49152]
“dlbxmon.exe”=”C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe” [2005-01-18 425984]
“dla”=”C:\WINDOWS\system32\dla\tfswctrl.exe” [2005-05-31 122941]
“CTSysVol”=”C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe” [2003-09-17 57344]
“CTDVDDET”=”C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE” [2003-06-18 45056]
“Corel Photo Downloader”=”C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe” [2006-02-10 106496]
“ATIPTA”=”C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-08-06 344064]
“Adobe Reader Speed Launcher”=”C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“DLBXCATS”=”C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll” [2004-12-07 69632]
“TMWebProtectTray”=”C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe” [2008-05-13 288136]
“DellSupportCenter”=”C:\Program Files\Dell Support Center\bin\sprtcmd.exe” [2008-03-11 202544]
“CTHelper”=”CTHELPER.EXE” [2004-03-11 C:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“DWQueuedReporting”=”C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” [2007-03-22 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk – C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-08-02 7168]
Logitech Desktop Messenger.lnk – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-08 66864]
QuickBooks Update Agent.lnk – C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
Windows Desktop Search.lnk – C:\Program Files\MSN Toolbar Suite\DS\[u]0[/u]2.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 19:10:04 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3fhg”= mp3fhg.acm
“VIDC.X264″= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.i263″= i263_32.drv
“VIDC.YV12″= yv12vfw.dll
“msacm.ac3filter”= ac3filter.acm
“msacm.divxa32″= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
“DisableMonitoring”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“C:\\Program Files\\Google\\Google Talk\\googletalk.exe”=
“C:\\WINDOWS\\system32\\dlbxcoms.exe”=
“C:\\WINDOWS\\system32\\spool\\drivers\\w32×86\\3\\dlbxPSWX.EXE”=
“C:\\Program Files\\Messenger\\msmsgs.exe”=
“C:\\Program Files\\MSN Messenger\\msnmsgr.exe”=
“C:\\Program Files\\MSN Messenger\\msncall.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“C:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“C:\\Program Files\\uTorrent\\uTorrent.exe”=
“C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe”=
“C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe”=
“C:\\Program Files\\iTunes\\iTunes.exe”=
“C:\\Program Files\\Skype\\Phone\\Skype.exe”=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“135:TCP”= 135:TCP:TCP Port 135
“5000:TCP”= 5000:TCP:TCP Port 5000
“5001:TCP”= 5001:TCP:TCP Port 5001
“5002:TCP”= 5002:TCP:TCP Port 5002
“5003:TCP”= 5003:TCP:TCP Port 5003
“5004:TCP”= 5004:TCP:TCP Port 5004
“5005:TCP”= 5005:TCP:TCP Port 5005
“5006:TCP”= 5006:TCP:TCP Port 5006
“5007:TCP”= 5007:TCP:TCP Port 5007
“5008:TCP”= 5008:TCP:TCP Port 5008
“5009:TCP”= 5009:TCP:TCP Port 5009
“5010:TCP”= 5010:TCP:TCP Port 5010
“5011:TCP”= 5011:TCP:TCP Port 5011
“5012:TCP”= 5012:TCP:TCP Port 5012
“5013:TCP”= 5013:TCP:TCP Port 5013
“5014:TCP”= 5014:TCP:TCP Port 5014
“5015:TCP”= 5015:TCP:TCP Port 5015
“5016:TCP”= 5016:TCP:TCP Port 5016
“5017:TCP”= 5017:TCP:TCP Port 5017
“5018:TCP”= 5018:TCP:TCP Port 5018
“5019:TCP”= 5019:TCP:TCP Port 5019
“5020:TCP”= 5020:TCP:TCP Port 5020
“10421:UDP”= 10421:UDP:SingleClick Discovery Protocol
“10426:UDP”= 10426:UDP:SingleClick ICC

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 RHDISK;RHDISK;C:\Program Files\Rohos\RHDISK.SYS [2008-05-02 35136]
R2 TMWebProtect;Trend Micro Web Protection Add-On Service;C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe [2008-05-13 595328]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S2 gupdate1c8e65b56deb04a;Google Update Service (gupdate1c8e65b56deb04a);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
S3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys [2002-07-01 95232]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 USB28xxBGA;USB 2861 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
.
Contents of the ‘Scheduled Tasks’ folder
.
- – - – ORPHANS REMOVED – - – -

BHO-{DE6FE096-397D-4883-B83C-EDB532855D35} – (no file)

.
——- Supplementary Scan ——-
.
FireFox -: Profile – C:\Documents and Settings\Nadia Olson\Application Data\Mozilla\Firefox\Profiles\7v6xtqy3.default\
FireFox -: prefs.js – SEARCH.DEFAULTURL – hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js – STARTUP.HOMEPAGE – hxxp://www.yahoo.com/
FF -: plugin – C:\Program Files\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin – C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin – C:\Program Files\Mozilla Firefox\plugins\npagent.dll
FF -: plugin – C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin – C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin – C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 23:24:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
———————— Other Running Processes ————————
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-09-05 23:28:36 – machine was rebooted
ComboFix-quarantined-files.txt 2008-09-05 21:28:29

Pre-Run: 12,011,565,056 bytes free
Post-Run: 12,129,734,656 bytes free

328 — E O F — 2008-08-21 09:01:26

]]> By: Thinh Vu http://rochakchauhan.com/blog/2008/09/04/how-to-clean-and-infected-pc/comment-page-1/#comment-751 Thinh Vu Thu, 04 Sep 2008 19:34:00 +0000 http://rochakchauhan.com/blog/2008/09/04/how-to-clean-and-infected-pc/#comment-751 I give you the same regards, and again thank you. I give you the same regards, and again thank you.

]]> By: Thinh Vu http://rochakchauhan.com/blog/2008/09/04/how-to-clean-and-infected-pc/comment-page-1/#comment-750 Thinh Vu Thu, 04 Sep 2008 11:28:02 +0000 http://rochakchauhan.com/blog/2008/09/04/how-to-clean-and-infected-pc/#comment-750 Thanks for the suggestion on Comboflix, this article is really great and detailed, I'll put a link to it on the post instead of Comboflix. Thanks for the suggestion on Comboflix, this article is really great and detailed, I’ll put a link to it on the post instead of Comboflix.

]]>