# please HELP!!!...no control panel



## drx (Sep 14, 2007)

hello

I have a HP Compaq nx7010 running Windows XP Home Edition SP2. I was browsing the web searching for a medicine properties and I guess it was when the virus entered my computer. It has been almost 4 weeks now. The virus was a Trojan (Winavxxx or something like that), it appeared as a yellow triangle with "!" sign in the middle resembling windows alerts; alerting me of potential spyware action. Minutes later a pop-up appeared and if I click on it (which I did by mistake, was chatting and hit the enter key when it poped-up) it will re-direct me to a home page which I never used. I also got my homepage changed (hijacked) to google.

I had tried various anti-virus softwares (Norton, AVG, McAfee) and it didn't detect the Trojan nor it avoided its entrance. Now I have Avast!

I have tried many things to kill the virus and work normally. I downloaded SPYNOMORE (by that time I was aware of the Trojan and its big power), I had to re-start my computer and then all got worse. 

When I started in Safe Mode, I was not able to see the Control Panel icon anymore.
I tried to uninstall the SPYNOMORE but it didn't let me do it since I was working in Safe Mode. Finally I downloaded SPYBOT SEARCH&DESTROY, and run it. It found many undesirable files and removed them. Same thing with SPYWARE TERMINATOR, it found many problems and claimed it had solved them. 

But it did not. The system was still working slow with the same pop ups and yellow triangle when I tried to start in Normal Mode and the Control Panel was no-where.

Just to check, I tried to Run-- regedit, but it says that it has been disabled by my administrator. Also it has appeared a few times a popup indicating that I have "restrictions" in this computer. Same with Task Manager...

Another "intersting" thing that I noticed was when I was re-starting the computer in Safe Mode, I saw that the lines read Partition2, and this computer (hard drive) is not partitioned!

Now, after 4 weeks of tryin everything possible, I dont know how, but somehow I managed to get rid of the nasty virus out....NO MORE ANNOYING YELLOW TRIANGLES IN SYSTEM TRAY!!!! Or atleast I think I got rid of it....but my comp is still not working properly

THERE STILL IS NO CONTROL PANEL. Regedit and task manager however have come back.
I get error message saying "This operation has been cancelled due to restrictions in effect on this computer. Please contace your system administrator." I cant even adjust the date/time!!!

And so I am asking for HELP!!! I think I have made the most before posting this here, so if anyone with knowledge about this problem can please help me, I will be very happy.
Thank you so much in advance.

Akshay Hari


----------



## drx (Sep 14, 2007)

*I have read other topics and seen that thay have posted hijackthis log files and i have done the same*

please do help me....thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:03 PM, on 10/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Akshay Hari\Desktop\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! India
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14AF5942-06AE-4FF6-BF9F-B275B3597728}: NameServer = 192.168.1.1,218.248.255.161
O20 - AppInit_DLLs: hrum348.txt
O20 - Winlogon Notify: mllkj - C:\WINDOWS\system32\mllkj.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 12068 bytes


----------



## drx (Sep 14, 2007)

hello......
please....can somebody help me???


----------



## drx (Sep 14, 2007)

im sorry.... i know u ppl are very busy...
i dont wanna try something myself and worsen the situation so im asking for help
im having a crisis here so i would appreciate ur help came in time
thank you


----------



## MFDnNC (Sep 7, 2004)

*NOTE: If you have downloaded ComboFix previously please delete that version and download it again!*

Download this file :

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. *Post that log* 

Note: 
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
·	It will ask if you want to update the program definitions, click Yes.
·	Under Configuration and Preferences, click the Preferences button.
·	Click the Scanning Control tab.
·	Under Scanner Options make sure the following are checked:
o	Close browsers before scanning
o	Scan for tracking cookies
o	Terminate memory threats before quarantining.
o	Please leave the others as they were.
o	Click the Close button to leave the control center screen.
·	On the main screen, under Scan for Harmful Software click Scan your computer.
·	On the left check C:\Fixed Drive.
·	On the right, under Complete Scan, choose Perform Complete Scan.
·	Click Next to start the scan. Please be patient while it scans your computer.
·	After the scan is complete a summary box will appear. Click OK.
·	Make sure everything in the white box has a check next to it, then click Next.
·	It will quarantine what it found and if it asks if you want to reboot, click Yes.
·	To retrieve the removal information for me please do the following:
o	After reboot, double-click the SUPERAntispyware icon on your desktop.
o	Click Preferences. Click the Statistics/Logs tab.
o	Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o	It will open in your default text editor (such as Notepad/Wordpad).
o	Please highlight everything in the notepad, then right-click and choose copy.
·	Click close and close again to exit the program.
·	*Please paste that information here for me regardless of what it finds with a new HijackThis log*.

This will take some time!!!!!!!!


----------



## drx (Sep 14, 2007)

ComboFix 07-09-14.2 - "Akshay Hari" 2007-09-14 22:25:14.1 - NTFSx86 
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.104 [GMT 5.5:30]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\AKSHAY~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\VC3EHF9U\www.broadcaster.com
C:\DOCUME~1\AKSHAY~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\AKSHAY~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.

2007-09-14 22:06 d--------	C:\Program Files\SUPERAntiSpyware
2007-09-14 22:06 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-14 22:06 d--------	C:\DOCUME~1\AKSHAY~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-14 22:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-08-27 15:49	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-27 15:48	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2007-08-27 15:48	94,416	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-27 15:48	92,848	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-27 15:48	801,144	--a------	C:\WINDOWS\system32\aswBoot.exe
2007-08-27 15:48	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-27 15:48	26,624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-27 15:48 d--------	C:\Program Files\Alwil Software
2007-08-27 13:29 d----c---	C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-08-15 13:14 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-15 11:44 d--------	C:\WINDOWS\ERUNT
2007-08-15 08:16 d----c---	C:\DOCUME~1\ADMINI~1\APPLIC~1\Spyware Terminator
2007-08-15 01:58 d----c---	C:\searchplugins
2007-08-15 01:57 d--------	C:\Program Files\Crawler
2007-08-15 01:34	1,152	--a------	C:\WINDOWS\system32\windrv.sys
2007-08-15 01:33 d--------	C:\Program Files\Common Files\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-14 22:04	---------	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2007-09-14 21:47	---------	d--------	C:\Program Files\MSN Messenger
2007-09-14 21:41	---------	d-a------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-14 18:57	---------	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-08-25 22:48	---------	d--------	C:\Program Files\MegauploadToolbar
2007-08-19 04:06	---------	d--------	C:\Program Files\ezt
2007-08-19 04:05	---------	d--------	C:\DOCUME~1\AKSHAY~1\APPLIC~1\MegauploadToolbar
2007-08-15 08:53	---------	d--------	C:\Program Files\Windows Media Connect 2
2007-08-15 02:13	---------	d--------	C:\Program Files\SB
2007-08-09 19:40	---------	d--------	C:\Program Files\PCFriendly
2007-08-09 00:06	---------	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-01 19:35	---------	d--------	C:\Program Files\SpeedBit Video Accelerator
2007-08-01 19:35	---------	d--------	C:\Program Files\Common Files\Symantec Shared
2007-07-19 19:15	---------	d--------	C:\DOCUME~1\AKSHAY~1\APPLIC~1\U3
2005-06-18 21:08	774144	--a------	C:\Program Files\RngInterstitial.dll
2004-10-01 15:00	40960	--a------	C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-20 21:10]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 11:29]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 12:41]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 15:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 15:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-15 01:13]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-18 16:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 14:06]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:30]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-10-18 16:51]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-06-02 17:48:22]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2004-10-18 16:50:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllkj] 
C:\WINDOWS\system32\mllkj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^system.exe]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exe
backup=C:\WINDOWS\pss\system.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Akshay Hari^Start Menu^Programs^Startup^system.exe]
path=C:\Documents and Settings\Akshay Hari\Start Menu\Programs\Startup\system.exe
backup=C:\WINDOWS\pss\system.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
C:\WINDOWS\VM305_STI.EXE Look 316

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cucum]
C:\Program Files\Wyzoj\Sxrlqh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DqECCCGsC]
C:\WINDOWS\lhgyt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
C:\Program Files\Huawei\MT882\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fofq]
C:\PROGRA~1\COMMON~1\fofq\fofqm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"C:\Program Files\Internet Optimizer\optimize.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msxct]
msxct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcdplayx]
"C:\WINDOWS\vcdplayx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
"C:\Program Files\FarStone\GameDrive\VDTask.exe" /AutoRestore

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusProtectPro 3.6]
"C:\Program Files\VirusProtectPro 3.6\VirusProtectPro 3.6.exe" /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Webcam Concepts]
"C:\Program Files\Webcam Concepts\webcamconcepts.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#*K"h'þ9Óœ÷3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#*K"h'þ9Óœ÷3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#*K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#*K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\lhgyt.exe

R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys
R2 cpqdfw;Diagnostics Driver;\??\C:\WINDOWS\system32\drivers\cpqdfw.sys
R2 cq_mem;Diagnostics Memory Driver;\??\C:\WINDOWS\system32\drivers\cq_mem.sys
R2 cqcpu;Diagnostics CPU Driver;\??\C:\WINDOWS\system32\drivers\cqcpu.sys
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCTINDIS5.SYS
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys
S3 ZSMC0305;Look 316;C:\WINDOWS\system32\Drivers\usbVM305.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b4f8ce-215a-11d9-8543-000e35ea3666}]
AutoRun\command- F:\.\Recycled\Driveinfo.exe
Open\Command- F:\.\Recycled\Driveinfo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30b4f8cf-215a-11d9-8543-000e35ea3666}]
Auto\command- F:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{310e3720-f543-11db-84b6-000e35ea3666}]
AutoRun\command- .\Recycled\Driveinfo.exe
Open\Command- .\Recycled\Driveinfo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80333510-9d45-11da-8325-000fb049d57f}]
Auto\command- F:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9da9d2f6-c476-11db-8483-a8d47167aff6}]
Auto\command- G:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8112c41-593c-11db-842a-000fb049d57f}]
Auto\command- MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8e2eb2a-052e-11dc-84cd-000e35ea3666}]
Auto\command- F:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-08-27 14:53:10 C:\WINDOWS\Tasks\Norton AntiVirus Online - Run Full System Scan - Akshay Hari.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 23:51:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-14 23:56:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-14 23:55
.
--- E O F ---


----------



## drx (Sep 14, 2007)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/15/2007 at 09:34 AM

Application Version : 3.9.1008

Core Rules Database Version : 3307
Trace Rules Database Version: 1313

Scan type : Complete Scan
Total Scan Time : 01:00:24

Memory items scanned : 605
Memory threats detected : 0
Registry items scanned : 6992
Registry threats detected : 80
File items scanned : 42206
File threats detected : 50

Adware.Tracking Cookie
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][1].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt
C:\Documents and Settings\Akshay Hari\Cookies\[email protected][2].txt

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Malware.VirusProtectPro
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\ProxyStubClsid
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\ProxyStubClsid32
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\TypeLib
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\TypeLib#Version
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\ProxyStubClsid
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\ProxyStubClsid32
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\TypeLib
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\TypeLib#Version
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\ProxyStubClsid
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\ProxyStubClsid32
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\TypeLib
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\TypeLib#Version
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\ProxyStubClsid
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\ProxyStubClsid32
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\TypeLib
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\TypeLib#Version
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\ProxyStubClsid
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\ProxyStubClsid32
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\TypeLib
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\TypeLib#Version
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\ProxyStubClsid
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\ProxyStubClsid32
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\TypeLib
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\TypeLib#Version
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\ProxyStubClsid
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\ProxyStubClsid32
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\TypeLib
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\TypeLib#Version
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\ProxyStubClsid
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\ProxyStubClsid32
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\TypeLib
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\TypeLib#Version
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\ProxyStubClsid
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\ProxyStubClsid32
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\TypeLib
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\TypeLib#Version
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\ProxyStubClsid
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\ProxyStubClsid32
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\TypeLib
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\TypeLib#Version
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\ProxyStubClsid
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\ProxyStubClsid32
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\TypeLib
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\TypeLib#Version
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\ProxyStubClsid
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\ProxyStubClsid32
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\TypeLib
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\TypeLib#Version
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\ProxyStubClsid
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\ProxyStubClsid32
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\TypeLib
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\TypeLib#Version
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\ProxyStubClsid
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\ProxyStubClsid32
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\TypeLib
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\TypeLib#Version
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\ProxyStubClsid
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\ProxyStubClsid32
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\TypeLib
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\TypeLib#Version
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\ProxyStubClsid
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\ProxyStubClsid32
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\TypeLib
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\TypeLib#Version

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\AKSHAY HARI\FAVORITES\ONLINE SECURITY TEST.URL

Trojan.Net-AVP/AVT
C:\WINDOWS\PSS\AUTORUN.EXECOMMON STARTUP
C:\WINDOWS\PSS\SYSTEM.EXESTARTUP


----------



## drx (Sep 14, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:40 AM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14AF5942-06AE-4FF6-BF9F-B275B3597728}: NameServer = 192.168.1.1,218.248.255.161
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mllkj - C:\WINDOWS\system32\mllkj.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 11186 bytes


----------



## drx (Sep 14, 2007)

hello there
im really so sorry for the late reply
my internet connection was screwed up...got it fixed just today
i have done all that u had advised meto do and i have posted the logs of the same...
I DONT KNOW HOW TO THANK YOU....BECAUSE MY CONTROL PANEL IS BACK!!! 
and the restrictions are gone!!!!plus theres a new internet explorer icon on the desktop...
i dont know how you guys do it...but u guys are awesome!!!
THANK YOU!!!THANKS A MILLION!!!
i will definitely make a donation!!!!
what do i do next?
is my computer completely secure now?
how best can i make it fool proof?
pls reply...


----------



## MFDnNC (Sep 7, 2004)

run hijack - mark this entry and then click fix checked

O20 - Winlogon Notify: mllkj - C:\WINDOWS\system32\mllkj.dll (file missing)

Clean








If you feel its is fixed mark it solved via Thread Tools above

Clear restore points  heres how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

This clears infected restore points and sets a new, clean one.


----------

