TheTechGuide Forum
General Category => Tech Clinic => Topic started by: fudgebandit on October 11, 2008, 11:51:09 PM
-
My Task Manager and Registry editing disabled by administrator
what should i do
-
Just on my way out
In the meantime, can you do the following please
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color] (http://\"http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe\")
For an alternate download location, you can try HERE (http://\"http://fileforum.betanews.com/detail/HijackThis/1071179190/1\")
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install
Hijackthis v2.0.2 will open
Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:39 AM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\imapi.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 (http://\"http://go.microsoft.com/fwlink/?LinkId=74005\")
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab (http://\"http://download.divx.com/player/DivXBrowserPlugin.cab\")
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab (http://\"http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223770907223&h=d6210421de0c270b588289c5e0b3810b/&filename=jinstall-6u7-windows-i586-jc.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0056571223702049) (0056571223702049mcinstcleanup) - Unknown owner - C:\DOCUME~1\Sergi\LOCALS~1\Temp\005657~1.EXE (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 6594 bytes
-
Can I see a couple other logs,
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.
Right Click on RSIT.exe and "Run as Administrator"
Edit, just double click on RSIT.exe and run it, that was meant for a Vista system
- Click Continue at the disclaimer screen.
- Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
- Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
Can you post Both those logs please
-
info.txt logfile of random's system information tool 1.04 2008-10-12 05:15:48
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem-->agrsmdel
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
MapleStory-->MsiExec.exe /I{706A6867-6CCB-4280-A1E3-BAFBA688D70E}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: McAfee VirusScan
FW: McAfee Personal Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
-
Logfile of random's system information tool 1.04 (written by random/random)
Run by Sergi at 2008-10-12 06:46:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 161 GB (95%) free of 170 GB
Total RAM: 511 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:51 AM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sergi\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sergi.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 (http://\"http://go.microsoft.com/fwlink/?LinkId=74005\")
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab (http://\"http://download.divx.com/player/DivXBrowserPlugin.cab\")
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab (http://\"http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223770907223&h=d6210421de0c270b588289c5e0b3810b/&filename=jinstall-6u7-windows-i586-jc.cab\")
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (http://\"http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab\")
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0056571223702049) (0056571223702049mcinstcleanup) - Unknown owner - C:\DOCUME~1\Sergi\LOCALS~1\Temp\005657~1.EXE (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 6690 bytes
-
======Scheduled tasks folder======
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2008-07-09 246088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-07-23 120608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-12 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-12 86016]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-07-12 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\wrar371.exe"="D:\wrar371.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\gxqbkb.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\gxqbkb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\mpvb.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\mpvb.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winawxi.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winawxi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\fsan.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\fsan.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\njnxp.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\njnxp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winkqwvp.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winkqwvp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\ymlg.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\ymlg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\nnmm.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\nnmm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winskie.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winskie.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winguix.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winguix.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winytilxk.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winytilxk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winplwmkp.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winplwmkp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winsype.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winsype.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Sergi\LOCALS~1\Temp\winfugrjd.exe"="C:\DOCUME~1\Sergi\LOCALS~1\Temp\winfugrjd.exe:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
-
======List of files/folders created in the last 1 months======
2008-10-12 05:15:37 ----D---- C:\rsit
2008-10-12 02:07:15 ----D---- C:\Program Files\Trend Micro
2008-10-11 21:32:06 ----D---- C:\Documents and Settings\Sergi\Application Data\Nexon
2008-10-11 21:27:31 ----D---- C:\Nexon
2008-10-11 12:31:14 ----D---- C:\Program Files\Common Files\INCA Shared
2008-10-11 10:45:56 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-10-11 10:45:11 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-11 09:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-11 09:47:17 ----D---- C:\Program Files\SiteAdvisor
2008-10-11 09:43:46 ----D---- C:\Program Files\Common Files\McAfee
2008-10-11 09:43:44 ----D---- C:\Program Files\McAfee.com
2008-10-11 09:43:36 ----D---- C:\Program Files\McAfee
2008-10-11 09:34:33 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-11 09:33:56 ----D---- C:\Documents and Settings\Sergi\Application Data\WinRAR
2008-10-11 09:33:46 ----D---- C:\Program Files\WinRAR
2008-10-11 08:28:02 ----D---- C:\Program Files\DivX
2008-10-11 04:56:50 ----SHD---- C:\RECYCLER
2008-10-11 04:54:07 ----D---- C:\Documents and Settings\Sergi\Application Data\Mozilla
2008-10-11 04:54:02 ----D---- C:\Program Files\Mozilla Firefox
2008-10-11 04:52:39 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-11 04:52:39 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-10-11 04:52:20 ----D---- C:\WINDOWS\system32\Adobe
2008-10-11 04:50:48 ----D---- C:\WINDOWS\Sun
2008-10-11 04:50:48 ----D---- C:\Documents and Settings\Sergi\Application Data\Sun
2008-10-11 04:50:42 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-11 04:50:42 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-11 04:50:42 ----A---- C:\WINDOWS\system32\java.exe
2008-10-11 04:50:21 ----D---- C:\Program Files\Java
2008-10-11 04:50:07 ----D---- C:\Program Files\Common Files\Java
2008-10-11 04:47:49 ----D---- C:\Documents and Settings\Sergi\Application Data\Macromedia
2008-10-11 04:45:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-11 04:45:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-11 04:45:30 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-11 04:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-11 04:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-11 04:45:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-11 04:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-11 04:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-11 04:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-11 04:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-11 04:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-11 04:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-11 04:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-10-11 04:44:22 ----D---- C:\WINDOWS\ie7updates
2008-10-11 04:44:07 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-11 04:43:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-11 04:42:38 ----D---- C:\Documents and Settings\Sergi\Application Data\Adobe
2008-10-11 04:39:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-11 04:35:43 ----D---- C:\WINDOWS\nview
2008-10-11 04:35:43 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-11 04:34:57 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-11 04:34:45 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-11 04:28:57 ----D---- C:\Documents and Settings\Sergi\Application Data\Identities
2008-10-11 04:28:55 ----HD---- C:\Program Files\Uninstall Information
2008-10-11 04:28:52 ----SD---- C:\Documents and Settings\Sergi\Application Data\Microsoft
2008-10-11 04:28:52 ----ASH---- C:\Documents and Settings\Sergi\Application Data\desktop.ini
2008-10-11 04:28:01 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-11 04:27:59 ----D---- C:\WINDOWS\Prefetch
2008-10-11 04:27:58 ----SD---- C:\WINDOWS\system32\Microsoft
2008-10-11 04:27:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-11 04:23:55 ----D---- C:\WINDOWS\system32\xircom
2008-10-11 04:23:55 ----D---- C:\Program Files\xerox
2008-10-11 04:23:55 ----D---- C:\Program Files\microsoft frontpage
2008-10-11 04:23:27 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-11 04:23:26 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-11 04:23:18 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-11 04:23:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-11 04:23:07 ----A---- C:\WINDOWS\control.ini
2008-10-11 04:23:07 ----A---- C:\AUTOEXEC.BAT
2008-10-11 04:22:56 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-11 04:22:52 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-11 04:22:03 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-11 04:22:00 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-11 04:21:56 ----HD---- C:\Program Files\WindowsUpdate
2008-10-11 04:21:38 ----D---- C:\WINDOWS\system32\DirectX
2008-10-11 04:21:31 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-11 04:21:28 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-11 04:21:28 ----A---- C:\WINDOWS\desktop.ini
2008-10-11 04:21:22 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-11 04:21:21 ----D---- C:\Program Files\Common Files\Services
2008-10-11 04:21:21 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-11 04:21:19 ----SD---- C:\WINDOWS\Tasks
2008-10-11 04:21:19 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-11 04:21:18 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-11 04:21:13 ----D---- C:\WINDOWS\srchasst
2008-10-11 04:21:12 ----D---- C:\WINDOWS\system32\Macromed
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-11 04:21:10 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-11 04:21:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-11 04:21:09 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-11 04:21:09 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-11 04:21:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll
-
2008-10-11 04:21:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-11 04:21:06 ----D---- C:\Program Files\Movie Maker
2008-10-11 04:20:51 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-11 04:20:51 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-11 04:20:51 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-11 04:20:51 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-11 04:20:47 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-11 04:20:47 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-11 04:20:46 ----D---- C:\WINDOWS\system32\Restore
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-11 04:20:46 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-11 04:20:45 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-11 04:20:45 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-11 04:20:45 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-11 04:20:43 ----D---- C:\Program Files\NetMeeting
2008-10-11 04:20:42 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-11 04:20:42 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-11 04:20:41 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-11 04:20:41 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-11 04:20:39 ----D---- C:\Program Files\Outlook Express
2008-10-11 04:20:39 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-11 04:20:39 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-11 04:20:39 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-11 04:20:38 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-11 04:20:38 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-11 04:20:38 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-11 04:20:38 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-11 04:20:33 ----D---- C:\Program Files\Common Files\System
2008-10-11 04:20:32 ----D---- C:\Program Files\Internet Explorer
2008-10-11 04:20:00 ----D---- C:\Program Files\ComPlus Applications
2008-10-11 04:19:59 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-11 04:19:59 ----A---- C:\WINDOWS\vb.ini
2008-10-11 04:19:55 ----D---- C:\WINDOWS\Registration
2008-10-11 04:19:48 ----D---- C:\Program Files\Online Services
2008-10-11 04:19:37 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-11 04:19:36 ----D---- C:\Program Files\Windows Media Player
2008-10-11 04:19:35 ----D---- C:\Program Files\Messenger
2008-10-11 04:19:31 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-11 04:19:31 ----A---- C:\WINDOWS\system32\write.exe
2008-10-11 04:19:24 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-11 04:19:24 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-11 04:19:24 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-11 04:19:24 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-11 04:19:24 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-11 04:19:23 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-11 04:19:18 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-11 04:19:18 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-11 04:19:18 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-11 04:19:17 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-11 04:19:17 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-11 04:19:17 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-11 04:19:17 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-11 04:19:17 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-11 04:19:16 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-11 04:19:15 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-11 04:19:11 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-11 04:18:59 ----D---- C:\Program Files\MSN
2008-10-11 04:18:58 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-11 04:18:58 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-11 04:18:58 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-11 04:18:58 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-11 04:18:57 ----D---- C:\Program Files\Windows NT
2008-10-11 04:18:57 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-11 04:18:57 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-11 04:18:56 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-11 04:18:56 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-11 04:18:55 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-10-11 04:18:55 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-11 04:18:55 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-11 04:18:54 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-11 04:18:53 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\rdpwsx.dll
-
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-11 04:18:53 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-11 04:18:52 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-11 04:18:52 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-11 04:18:52 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-11 04:18:52 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-11 04:18:52 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-11 04:18:51 ----D---- C:\WINDOWS\system32\Com
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-11 04:18:51 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-11 04:18:50 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-11 04:18:50 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-11 04:18:50 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-11 04:18:50 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-11 04:18:50 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-11 04:18:49 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-11 04:18:49 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-11 04:18:49 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-11 04:18:49 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-11 04:18:43 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-11 04:18:43 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-11 04:18:43 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-11 04:18:43 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-10 21:11:02 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-10 20:36:18 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-10 20:35:13 ----A---- C:\WINDOWS\imsins.BAK
2008-10-10 20:35:11 ----SHD---- C:\WINDOWS\Installer
2008-10-10 20:35:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-10 20:35:10 ----D---- C:\Program Files\Common Files\ODBC
2008-10-10 20:35:10 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-10 20:35:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-10 20:35:06 ----RD---- C:\Program Files
2008-10-10 20:35:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-10 20:35:06 ----D---- C:\Program Files\Common Files
2008-10-10 20:34:59 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-10 20:34:59 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-10 20:34:59 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-10 20:34:58 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-10 20:34:57 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-10 20:34:56 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-10 20:34:56 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-10 20:34:56 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-10 20:34:56 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-10 20:34:56 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-10 20:34:55 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-10 20:34:54 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-10 20:34:51 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-10 20:34:51 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-10 20:34:51 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-10 20:34:51 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-10 20:34:50 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-10 20:34:49 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-10 20:34:49 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-10 20:34:49 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-10 20:34:48 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-10 20:34:48 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-10 20:34:41 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
-
i fixed the task manager and the registry editor
but i cant view hidden files or get into safe mode
-
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
post the log from combofix please