TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Evil Klown on December 09, 2008, 01:38:50 PM

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 09, 2008, 01:38:50 PM

i cant open my task manager & registry editor. everytime i tried, it always show "Task Manager has been disabled by your administrator." for task manager. same goes for reg editor. i have formatted this comp before coz of same prob coz i was thinking it is virus or worm and it was okay for a while. now it came back and i dont like to reformat this again coz its too much work. also, before i reformatted this it always shows .exe in my drive folders. for example: i made a folder named "abc". then when i reboot i see abc folder as abc.exe. i stated this because it seems to be the same problem(not sure) as before. it starts from inaccessiblilty of task manager ang reg editor.
EDIT: it also seems my comp is slower than usual.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:33 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\nsg8.tmp\nsA.tmp
C:\Program Files\DNA\btdna.exe
E:\Debug\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
O2 - BHO: Javaâ„¢ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Javaâ„¢ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228874207593\")
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3129 bytes

thanks.

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 09, 2008, 01:44:43 PM

additional info: sometimes there is a pop-up saying "Windows - no disk Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c" and i cant get rid of it unless i click ok or cancel for like 25x... i dont knw if this is related...

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 09, 2008, 02:32:19 PM

Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.

Double click on RSIT.exe to launch program.
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Can you post Both those logs please

NOTE: If you do get an error message trying to post those logs back to the forum
Can you simply upload them, Use the Browse..>>UPLOAD buttons on the bottom right of a reply box
A copy of the files can also be found in this location
C:\rsit folder

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 09, 2008, 07:52:00 PM

yeah i got the error msg... so i put it as attachment...

Logfile of random's system information tool 1.04 (written by random/random)
Run by KhaoZ at 2008-12-10 08:41:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (80%) free of 35 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:53 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\nsg8.tmp\nsA.tmp
C:\Program Files\DNA\btdna.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\Blizzard Installer Bootstrap - 0169eb00\Installer.exe
E:\Download\RSIT.exe
E:\Debug\KhaoZ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228874207593\")
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3183 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 218520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4429040]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Garena_setup.exe"="F:\Garena_setup.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlkyxqu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlkyxqu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winjbfqk.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winjbfqk.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\aypnav.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\aypnav.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\lhmrc.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\lhmrc.exe:*:Enabled:ipsec"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\gthjwg.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\gthjwg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxbrt.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxbrt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmtrjs.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmtrjs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrdcx.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrdcx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winympt.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winympt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrbawq.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrbawq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\1051315\YMSGR_~1.EXE"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\1051315\YMSGR_~1.EXE:*:Enabled:ipsec"
"D:\Apps\LimeWire\LimeWire.exe"="D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wincvlyev.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wincvlyev.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe:*:Enabled:ipsec"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhppstg.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhppstg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winsjmcff.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winsjmcff.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlhyuab.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlhyuab.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winpchy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winpchy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmjqo.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmjqo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wingske.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wingske.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cdrjqj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cdrjqj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqgwwj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqgwwj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\iitu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\iitu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqspbn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqspbn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\pujhvu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\pujhvu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqmitm.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqmitm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\drvn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\drvn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cemfoy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cemfoy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winecvam.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winecvam.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\ghpf.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\ghpf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winftnu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winftnu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\apeso.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\apeso.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\yhlp.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\yhlp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winvebhqo.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winvebhqo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winyxnk.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winyxnk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winemmu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winemmu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winwhebrr.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winwhebrr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\fiqvc.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\fiqvc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxnlrsn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxnlrsn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxffc.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxffc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\mhut.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\mhut.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 08:41:39 ----D---- C:\rsit
2008-12-10 02:18:46 ----D---- C:\Program Files\DNA
2008-12-10 02:18:46 ----D---- C:\Program Files\BitTorrent
2008-12-10 02:18:46 ----D---- C:\Documents and Settings\KhaoZ\Application Data\DNA
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Macromedia
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Adobe
2008-12-10 02:04:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-10 01:10:46 ----D---- C:\Program Files\Yahoo!
2008-12-10 01:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-10 01:01:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 00:59:52 ----D---- C:\Documents and Settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:37:10 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-10 00:36:10 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\px.dll
2008-12-10 00:35:02 ----D---- C:\Program Files\Winamp
2008-12-10 00:35:02 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-10 00:25:39 ----SHD---- C:\RECYCLER
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 00:24:50 ----D---- C:\Program Files\Java
2008-12-10 00:24:21 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Sun
2008-12-10 00:12:28 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Mozilla
2008-12-10 00:12:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 23:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 23:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-09 23:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 23:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 23:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 23:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 23:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 23:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-09 23:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 23:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 23:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 23:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 23:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 23:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 23:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 23:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 23:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 23:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 23:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 23:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 23:08:53 ----D---- C:\WINDOWS\ie7updates
2008-12-09 23:08:40 ----D---- C:\WINDOWS\WBEM
2008-12-09 23:07:48 ----HDC---- C:\WINDOWS\ie7
2008-12-09 23:07:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-09 23:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-09 23:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 23:02:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-09 22:30:46 ----D---- C:\WINDOWS\Prefetch
2008-12-09 18:39:33 ----D---- C:\WINDOWS\system32\en-us
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\en
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\bits
2008-12-09 18:39:32 ----D---- C:\WINDOWS\l2schemas
2008-12-09 18:38:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 18:36:36 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 18:35:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 18:33:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 18:05:10 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-09 18:04:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 18:03:20 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 18:03:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 18:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 17:57:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-09 17:57:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 17:52:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Identities
2008-12-09 17:52:28 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 17:52:22 ----SD---- C:\Documents and Settings\KhaoZ\Application Data\Microsoft
2008-12-09 17:52:22 ----ASH---- C:\Documents and Settings\KhaoZ\Application Data\desktop.ini
2008-12-09 17:46:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 17:45:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 17:45:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 17:42:29 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 17:42:29 ----D---- C:\Program Files\xerox
2008-12-09 17:42:29 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 17:42:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:42:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 17:41:57 ----A---- C:\WINDOWS\control.ini
2008-12-09 17:41:57 ----A---- C:\AUTOEXEC.BAT
2008-12-09 17:41:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 17:41:38 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 17:40:37 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 17:40:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 17:40:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 17:40:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 17:40:26 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 17:40:09 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 17:39:53 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 17:39:51 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 17:39:51 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 17:39:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 17:39:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 17:39:44 ----D---- C:\Program Files\Common Files\Services
2008-12-09 17:39:43 ----SD---- C:\WINDOWS\Tasks
2008-12-09 17:39:43 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 17:39:42 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 17:39:39 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:39:38 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 17:39:30 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 17:39:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-09 17:39:24 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 17:39:21 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 17:39:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 17:39:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 17:39:14 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:39:12 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:38:40 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vb.ini
2008-12-09 17:38:34 ----D---- C:\WINDOWS\Registration
2008-12-09 17:38:26 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:38:26 ----D---- C:\Program Files\Online Services
2008-12-09 17:38:20 ----D---- C:\Program Files\Messenger
2008-12-09 17:38:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 17:38:17 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 17:37:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 17:37:50 ----D---- C:\Program Files\MSN
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 17:37:48 ----D---- C:\Program Files\Windows NT
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 17:37:46 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 17:37:45 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 17:37:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 17:37:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 09:36:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 09:32:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-09 09:31:58 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 09:31:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 09:30:58 ----SHD---- C:\WINDOWS\Installer
2008-12-09 09:30:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 09:30:57 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 09:30:57 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 09:30:54 ----RD---- C:\Program Files
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 09:30:41 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 09:30:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 09:30:40 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 09:30:40 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 09:30:39 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 09:30:31 ----RA---- C:\WINDOWS\SET29.tmp
2008-12-09 09:30:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 09:30:27 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-09 09:30:25 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-09 09:30:23 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 09:30:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 09:29:50 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 09:29:46 ----D---- C:\Documents and Settings
2008-12-09 09:28:55 ----SH---- C:\boot. ini
2008-12-09 09:27:29 ----SHD---- C:\System Volume Information
2008-12-09 09:23:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 09:23:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 09:23:56 ----RD---- C:\WINDOWS\Web
2008-12-09 09:23:56 ----HD---- C:\WINDOWS\inf
2008-12-09 09:23:56 ----D---- C:\WINDOWS\WinSxS
2008-12-09 09:23:56 ----D---- C:\WINDOWS\twain_32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Temp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wins
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\spool
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ras
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\npp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\IME
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ias
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\export
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3076
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\2052
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1054
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1042
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1041
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1037
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1033
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1031
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1028
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1025
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system
2008-12-09 09:23:56 ----D---- C:\WINDOWS\security
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Resources
2008-12-09 09:23:56 ----D---- C:\WINDOWS\repair
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Provisioning
2008-12-09 09:23:56 ----D---- C:\WINDOWS\PeerNet
2008-12-09 09:23:56 ----D---- C:\WINDOWS\pchealth
2008-12-09 09:23:56 ----D---- C:\WINDOWS\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msapps
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msagent
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Media
2008-12-09 09:23:56 ----D---- C:\WINDOWS\java
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ime
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Help
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ehome
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Debug
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Cursors
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\AppPatch
2008-12-09 09:23:56 ----D---- C:\WINDOWS\addins
2008-12-09 09:23:56 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-10 00:29:39 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:41:57 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\nippgp.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 09, 2008, 07:58:07 PM

Download ComboFix from one of these locations:

[color=\"#0000ff\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000ff\"]Link 2[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")

[color=\"#ff0000\"]* IMPORTANT !!! Save ComboFix.exe to your Desktop
[/color]

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 09, 2008, 08:17:06 PM

i forgot to mention that before i reformatted this i tried to use combofix and it worked for like an hour then after that im back to inaccessible task manager and regedit...

ComboFix 08-12-07.04 - KhaoZ 2008-12-10 9:07:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.659 [GMT -8:00]
Running from: c:\documents and settings\KhaoZ\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr

((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 08:41 . 2008-12-10 08:41   <DIR>   d--------   C:\rsit
2008-12-10 02:18 . 2008-12-10 09:09   <DIR>   d--------   c:\program files\DNA
2008-12-10 02:18 . 2008-12-10 02:18   <DIR>   d--------   c:\program files\BitTorrent
2008-12-10 02:18 . 2008-12-10 09:09   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\DNA
2008-12-10 02:04 . 2008-12-10 02:04   <DIR>   d--------   c:\documents and settings\KhaoZ\Incomplete
2008-12-10 02:04 . 2008-12-10 02:06   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29 . 2008-12-10 01:29   <DIR>   d--------   c:\program files\Common Files\InstallShield
2008-12-10 01:10 . 2008-12-10 01:10   <DIR>   d--------   c:\program files\Yahoo!
2008-12-10 01:10 . 2008-12-10 01:10   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-10 01:01 . 2008-12-10 01:30   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2008-12-10 00:59 . 2008-12-10 00:59   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:36 . 2008-12-10 00:36   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35 . 2008-12-10 00:37   <DIR>   d--------   c:\program files\Winamp
2008-12-10 00:35 . 2008-12-10 00:38   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33 . 2004-01-11 23:00   348,160   --a------   c:\windows\system32\msvcr71.dll
2008-12-10 00:25 . 2008-12-10 00:24   410,984   --a------   c:\windows\system32\deploytk.dll
2008-12-10 00:25 . 2008-12-10 00:24   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-12-10 00:24 . 2008-12-10 00:24   <DIR>   d--------   c:\program files\Java
2008-12-10 00:12 . 2008-12-10 00:12   0   --a------   c:\windows\nsreg.dat
2008-12-09 23:08 . 2008-10-03 09:41   6,066,176   -----c---   c:\windows\system32\dllcache\ieframe.dll
2008-12-09 23:08 . 2007-04-17 01:32   2,455,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dat
2008-12-09 23:08 . 2007-03-07 21:10   991,232   -----c---   c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-09 23:08 . 2008-08-25 23:24   459,264   -----c---   c:\windows\system32\dllcache\msfeeds.dll
2008-12-09 23:08 . 2008-08-25 23:24   383,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dll
2008-12-09 23:08 . 2008-08-25 23:24   267,776   -----c---   c:\windows\system32\dllcache\iertutil.dll
2008-12-09 23:08 . 2008-08-25 23:24   63,488   -----c---   c:\windows\system32\dllcache\icardie.dll
2008-12-09 23:08 . 2008-08-25 23:24   52,224   -----c---   c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-09 23:08 . 2008-08-25 00:38   13,824   -----c---   c:\windows\system32\dllcache\ieudinit.exe
2008-12-09 23:03 . 2008-04-13 11:17   83,072   --a------   c:\windows\system32\drivers\wdmaud.sys
2008-12-09 23:03 . 2008-04-13 11:17   83,072   --a--c---   c:\windows\system32\dllcache\wdmaud.sys
2008-12-09 23:03 . 2008-04-13 10:45   56,576   --a------   c:\windows\system32\drivers\swmidi.sys
2008-12-09 23:03 . 2008-04-13 10:45   56,576   --a--c---   c:\windows\system32\dllcache\swmidi.sys
2008-12-09 23:03 . 2008-04-13 10:45   52,864   --a------   c:\windows\system32\drivers\DMusic.sys
2008-12-09 23:03 . 2008-04-13 10:45   52,864   --a--c---   c:\windows\system32\dllcache\dmusic.sys
2008-12-09 23:03 . 2008-04-13 10:45   6,272   --a------   c:\windows\system32\drivers\splitter.sys
2008-12-09 23:03 . 2008-04-13 10:45   6,272   --a--c---   c:\windows\system32\dllcache\splitter.sys
2008-12-09 22:59 . 2008-09-04 09:15   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll
2008-12-09 22:58 . 2008-08-14 02:11   2,189,184   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-09 22:58 . 2008-08-14 02:09   2,145,280   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-09 22:58 . 2008-08-14 01:33   2,066,048   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-09 22:58 . 2008-08-14 01:33   2,023,936   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-09 22:58 . 2008-10-15 08:34   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll
2008-12-09 22:57 . 2008-09-15 04:12   1,846,400   -----c---   c:\windows\system32\dllcache\win32k.sys
2008-12-09 22:57 . 2008-08-14 02:04   138,496   -----c---   c:\windows\system32\dllcache\afd.sys
2008-12-09 22:54 . 2008-05-01 06:33   331,776   -----c---   c:\windows\system32\dllcache\msadce.dll
2008-12-09 22:53 . 2008-04-11 11:04   691,712   -----c---   c:\windows\system32\dllcache\inetcomm.dll
2008-12-09 22:53 . 2008-09-08 02:41   333,824   -----c---   c:\windows\system32\dllcache\srv.sys
2008-12-09 22:51 . 2008-06-13 03:05   272,128   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-12-09 22:50 . 2008-05-08 06:02   203,136   -----c---   c:\windows\system32\dllcache\rmcast.sys
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\system32\scripting
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\system32\en
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\system32\bits
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\l2schemas
2008-12-09 18:38 . 2008-12-09 18:38   <DIR>   d--------   c:\windows\ServicePackFiles
2008-12-09 18:27 . 2004-08-03 22:29   701,440   ---------   c:\windows\system32\drivers\ati2mtag.sys
2008-12-09 18:05 . 2008-12-09 18:05   13,646   --a------   c:\windows\system32\wpa.bak
2008-12-09 18:03 . 2007-08-10 20:46   26,488   --a------   c:\windows\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 01:42   ---------   d-----w   c:\program files\microsoft frontpage
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 22:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 22:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 22:12   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 22:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 22:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 22:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-09-15 12:12   1,846,400   ----a-w   c:\windows\system32\win32k.sys
2008-09-10 01:14   1,307,648   ----a-w   c:\windows\system32\msxml6.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4429040]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 218520]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Apps\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

*Newly Created Service* - ASC3360PR
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\KhaoZ\Application Data\Mozilla\Firefox\Profiles\n68xeo5o.default\
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-12-10 09:09:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-12-10 9:12:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 17:12:33

Pre-Run: 29,386,903,552 bytes free
Post-Run: 29,606,670,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

159   --- E O F ---   2008-12-10 07:14:56

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 09, 2008, 08:19:55 PM

This log from ComboFix you posted, is it a recent one?
If not, I want you to delete your copy of ComboFix
Redownload so you have the latest and follow the instructions i posted, then include a new log from ComboFix.txt

We'll get the rest of it after, I can see why task manager and regedit are inaccessible
We'll deal with it later

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 09, 2008, 08:21:53 PM

thats the laters sir taken just moments ago... the old files were deleted when i reformatted...

EDIT: uhh, i deleted my ie7 shortcut from desktop and after combofix its on the desktop again. is it coz of combofix ? also, task manager is locked again...

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 09, 2008, 08:27:17 PM

the RSIT log and combofix log didn't match up

Can you do the following
Run RSIT.exe again, this time only post the log that opens>>Log.txt

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 09, 2008, 08:34:13 PM

i think i knw why it didnt match up... is it because i run combofix from desktop and rsit from drive e ?? now both from desktop...

also sir, i dont have any antivirus so anything you can recommend ? a free one would be nice...

Logfile of random's system information tool 1.04 (written by random/random)
Run by KhaoZ at 2008-12-10 09:28:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (81%) free of 35 GB
Total RAM: 1023 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:38 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe
C:\Documents and Settings\KhaoZ\Desktop\RSIT.exe
E:\Debug\KhaoZ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228874207593\")
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3126 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 218520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4429040]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Apps\LimeWire\LimeWire.exe"="D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 09:12:37 ----A---- C:\ComboFix.txt
2008-12-10 09:05:36 ----A---- C:\Boot.bak
2008-12-10 09:05:32 ----RASHD---- C:\cmdcons
2008-12-10 09:01:53 ----A---- C:\WINDOWS\zip.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\sed.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\grep.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 09:01:47 ----D---- C:\WINDOWS\ERDNT
2008-12-10 09:01:47 ----D---- C:\Qoobox
2008-12-10 09:01:46 ----D---- C:\ComboFix
2008-12-10 08:41:39 ----D---- C:\rsit
2008-12-10 02:18:46 ----D---- C:\Program Files\DNA
2008-12-10 02:18:46 ----D---- C:\Program Files\BitTorrent
2008-12-10 02:18:46 ----D---- C:\Documents and Settings\KhaoZ\Application Data\DNA
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Macromedia
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Adobe
2008-12-10 02:04:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-10 01:10:46 ----D---- C:\Program Files\Yahoo!
2008-12-10 01:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-10 01:01:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 00:59:52 ----D---- C:\Documents and Settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:37:10 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-10 00:36:10 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\px.dll
2008-12-10 00:35:02 ----D---- C:\Program Files\Winamp
2008-12-10 00:35:02 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 00:24:50 ----D---- C:\Program Files\Java
2008-12-10 00:24:21 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Sun
2008-12-10 00:12:28 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Mozilla
2008-12-10 00:12:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 23:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 23:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-09 23:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 23:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 23:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 23:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 23:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 23:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-09 23:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 23:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 23:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 23:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 23:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 23:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 23:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 23:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 23:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 23:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 23:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 23:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 23:08:53 ----D---- C:\WINDOWS\ie7updates
2008-12-09 23:08:40 ----D---- C:\WINDOWS\WBEM
2008-12-09 23:07:48 ----HDC---- C:\WINDOWS\ie7
2008-12-09 23:07:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-09 23:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-09 23:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 23:02:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-09 22:30:46 ----D---- C:\WINDOWS\Prefetch
2008-12-09 18:39:33 ----D---- C:\WINDOWS\system32\en-us
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\en
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\bits
2008-12-09 18:39:32 ----D---- C:\WINDOWS\l2schemas
2008-12-09 18:38:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 18:36:36 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 18:35:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 18:33:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 18:05:10 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-09 18:04:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 18:03:20 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 18:03:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 18:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 17:57:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-09 17:57:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 17:52:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Identities
2008-12-09 17:52:28 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 17:52:22 ----SD---- C:\Documents and Settings\KhaoZ\Application Data\Microsoft
2008-12-09 17:52:22 ----ASH---- C:\Documents and Settings\KhaoZ\Application Data\desktop.ini
2008-12-09 17:46:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 17:45:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 17:45:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 17:42:29 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 17:42:29 ----D---- C:\Program Files\xerox
2008-12-09 17:42:29 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 17:42:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:42:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 17:41:57 ----A---- C:\WINDOWS\control.ini
2008-12-09 17:41:57 ----A---- C:\AUTOEXEC.BAT
2008-12-09 17:41:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 17:41:38 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 17:40:37 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 17:40:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 17:40:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 17:40:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 17:40:26 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 17:40:09 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 17:39:53 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 17:39:51 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 17:39:51 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 17:39:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 17:39:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 17:39:44 ----D---- C:\Program Files\Common Files\Services
2008-12-09 17:39:43 ----SD---- C:\WINDOWS\Tasks
2008-12-09 17:39:43 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 17:39:42 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 17:39:39 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:39:38 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 17:39:30 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 17:39:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-09 17:39:24 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 17:39:21 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 17:39:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 17:39:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 17:39:14 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:39:12 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:38:40 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vb.ini
2008-12-09 17:38:34 ----D---- C:\WINDOWS\Registration
2008-12-09 17:38:26 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:38:26 ----D---- C:\Program Files\Online Services
2008-12-09 17:38:20 ----D---- C:\Program Files\Messenger
2008-12-09 17:38:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 17:38:17 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 17:37:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 17:37:50 ----D---- C:\Program Files\MSN
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 17:37:48 ----D---- C:\Program Files\Windows NT
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 17:37:46 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 17:37:45 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 17:37:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 17:37:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 09:36:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 09:32:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-09 09:31:58 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 09:31:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 09:30:58 ----SHD---- C:\WINDOWS\Installer
2008-12-09 09:30:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 09:30:57 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 09:30:57 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 09:30:54 ----RD---- C:\Program Files
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 09:30:41 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 09:30:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 09:30:40 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 09:30:40 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 09:30:39 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 09:30:31 ----RA---- C:\WINDOWS\SET29.tmp
2008-12-09 09:30:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 09:30:27 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-09 09:30:25 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-09 09:30:23 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 09:30:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 09:29:50 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 09:29:46 ----D---- C:\Documents and Settings
2008-12-09 09:28:55 ----RASH---- C:\boot. ini
2008-12-09 09:27:29 ----SHD---- C:\System Volume Information
2008-12-09 09:23:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 09:23:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 09:23:56 ----RD---- C:\WINDOWS\Web
2008-12-09 09:23:56 ----HD---- C:\WINDOWS\inf
2008-12-09 09:23:56 ----D---- C:\WINDOWS\WinSxS
2008-12-09 09:23:56 ----D---- C:\WINDOWS\twain_32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Temp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wins
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\spool
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ras
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\npp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\IME
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ias
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\export
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3076
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\2052
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1054
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1042
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1041
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1037
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1033
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1031
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1028
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1025
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system
2008-12-09 09:23:56 ----D---- C:\WINDOWS\security
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Resources
2008-12-09 09:23:56 ----D---- C:\WINDOWS\repair
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Provisioning
2008-12-09 09:23:56 ----D---- C:\WINDOWS\PeerNet
2008-12-09 09:23:56 ----D---- C:\WINDOWS\pchealth
2008-12-09 09:23:56 ----D---- C:\WINDOWS\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msapps
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msagent
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Media
2008-12-09 09:23:56 ----D---- C:\WINDOWS\java
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ime
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Help
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ehome
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Debug
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Cursors
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\AppPatch
2008-12-09 09:23:56 ----D---- C:\WINDOWS\addins
2008-12-09 09:23:56 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-10 09:09:46 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:41:57 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 09, 2008, 09:02:56 PM

Quote

i dont have any antivirus so anything you can recommend ? a free one would be nice...

Don't worry, I was going to link you to one fairly soon

/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Can you do the following please
Download > [color=\"red\"]OTMoveIt3[/color] (http://\"http://oldtimer.geekstogo.com/OTMoveIt3.exe\") <[/url] by OldTimer.

Save it to your desktop.
Double-click OTMoveIt3.exe to run it.
Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]
:Processes
explorer.exe
firefox.exe
somxhj.exe
winhmiy.exe
KhaoZ.exe
:Services
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\somxhj.exe"=-
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winybmlw.exe"=-
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winhmiy.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
:Files
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
[/color]

======================================================
Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

If prompted on startup to Run OTMoveit again, allow it please

A Log should open, I'll need to see it later
If no log opens
OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log
In your case it should be the D: drive
I'll need to see that log later

Before posting that log

Go here and download your Free version of Avira AntiVir
http://www.download.com/Avira-AntiVir-Pers...cdlpid=10322935 (http://\"http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlpid=10322935\")
Save the installer to desktop

Install Avira AntiVir from desktop
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time

NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it

A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"

Quarantine or delete everything it finds
When the scan is finished
Reboot the computer

Back in Windows
Can you post all the following back please

1. Please post the log from Avira
Open Avira again (Double click on the red Umbrella icon by the clock)
Click on REPORTS under Overview
Double click on the Scan report you just made
Then click on "Report File"

2. Post the log from OTMoveit3

3. Can you again run RSIT.exe and post it's new log, again, you may have to upload ONLY this one

Keep me informed how things are now running
Also, can you let me know what drive is represented by the E:\ drive please

P.s. I had to edit the script for OTMoveit, not to worry if you have already started
It was just a registry change, that won't do no harm if you missed it

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 09, 2008, 09:40:56 PM

ok... big problem... i cant install the AV software... it suddenly disappears when i start installing/extracting files... i tried it like a few times and it still the same.. no problem downloading the AV installer except it wont install... i got OTMoveIt3 though...

C: is for major programs
D: games and some apps
E: as of now its where most of my downloads are at...

i think the problem started from D: coz i installed a program from a back up dvd that i made before reformatting. also, task manager still is locked...

Logfile of random's system information tool 1.04 (written by random/random)
Run by KhaoZ at 2008-12-10 10:33:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (80%) free of 35 GB
Total RAM: 1023 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:44 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe
C:\Documents and Settings\KhaoZ\Desktop\RSIT.exe
E:\Debug\KhaoZ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228874207593\")
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3082 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 218520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4429040]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Apps\LimeWire\LimeWire.exe"="D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 10:07:56 ----D---- C:\_OTMoveIt
2008-12-10 10:05:59 ----SHD---- C:\RECYCLER
2008-12-10 09:12:37 ----A---- C:\ComboFix.txt
2008-12-10 09:05:36 ----A---- C:\Boot.bak
2008-12-10 09:05:32 ----RASHD---- C:\cmdcons
2008-12-10 09:01:53 ----A---- C:\WINDOWS\zip.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\sed.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\grep.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 09:01:47 ----D---- C:\WINDOWS\ERDNT
2008-12-10 09:01:47 ----D---- C:\Qoobox
2008-12-10 09:01:46 ----D---- C:\ComboFix
2008-12-10 08:41:39 ----D---- C:\rsit
2008-12-10 02:18:46 ----D---- C:\Program Files\DNA
2008-12-10 02:18:46 ----D---- C:\Program Files\BitTorrent
2008-12-10 02:18:46 ----D---- C:\Documents and Settings\KhaoZ\Application Data\DNA
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Macromedia
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Adobe
2008-12-10 02:04:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-10 01:10:46 ----D---- C:\Program Files\Yahoo!
2008-12-10 01:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-10 01:01:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 00:59:52 ----D---- C:\Documents and Settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:37:10 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-10 00:36:10 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\px.dll
2008-12-10 00:35:02 ----D---- C:\Program Files\Winamp
2008-12-10 00:35:02 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 00:24:50 ----D---- C:\Program Files\Java
2008-12-10 00:24:21 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Sun
2008-12-10 00:12:28 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Mozilla
2008-12-10 00:12:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 23:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 23:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-09 23:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 23:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 23:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 23:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 23:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 23:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-09 23:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 23:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 23:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 23:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 23:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 23:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 23:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 23:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 23:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 23:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 23:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 23:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 23:08:53 ----D---- C:\WINDOWS\ie7updates
2008-12-09 23:08:40 ----D---- C:\WINDOWS\WBEM
2008-12-09 23:07:48 ----HDC---- C:\WINDOWS\ie7
2008-12-09 23:07:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-09 23:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-09 23:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 23:02:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-09 22:30:46 ----D---- C:\WINDOWS\Prefetch
2008-12-09 18:39:33 ----D---- C:\WINDOWS\system32\en-us
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\en
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\bits
2008-12-09 18:39:32 ----D---- C:\WINDOWS\l2schemas
2008-12-09 18:38:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 18:36:36 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 18:35:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 18:33:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 18:05:10 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-09 18:04:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 18:03:20 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 18:03:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 18:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 17:57:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-09 17:57:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 17:52:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Identities
2008-12-09 17:52:28 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 17:52:22 ----SD---- C:\Documents and Settings\KhaoZ\Application Data\Microsoft
2008-12-09 17:52:22 ----ASH---- C:\Documents and Settings\KhaoZ\Application Data\desktop.ini
2008-12-09 17:46:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 17:45:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 17:45:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 17:42:29 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 17:42:29 ----D---- C:\Program Files\xerox
2008-12-09 17:42:29 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 17:42:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:42:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 17:41:57 ----A---- C:\WINDOWS\control.ini
2008-12-09 17:41:57 ----A---- C:\AUTOEXEC.BAT
2008-12-09 17:41:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 17:41:38 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 17:40:37 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 17:40:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 17:40:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 17:40:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 17:40:26 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 17:40:09 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 17:39:53 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 17:39:51 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 17:39:51 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 17:39:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 17:39:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 17:39:44 ----D---- C:\Program Files\Common Files\Services
2008-12-09 17:39:43 ----SD---- C:\WINDOWS\Tasks
2008-12-09 17:39:43 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 17:39:42 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 17:39:39 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:39:38 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 17:39:30 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 17:39:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-09 17:39:24 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 17:39:21 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 17:39:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 17:39:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 17:39:14 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:39:12 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:38:40 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vb.ini
2008-12-09 17:38:34 ----D---- C:\WINDOWS\Registration
2008-12-09 17:38:26 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:38:26 ----D---- C:\Program Files\Online Services
2008-12-09 17:38:20 ----D---- C:\Program Files\Messenger
2008-12-09 17:38:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 17:38:17 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 17:37:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 17:37:50 ----D---- C:\Program Files\MSN
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 17:37:48 ----D---- C:\Program Files\Windows NT
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 17:37:46 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 17:37:45 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 17:37:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 17:37:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 09:36:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 09:32:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-09 09:31:58 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 09:31:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 09:30:58 ----SHD---- C:\WINDOWS\Installer
2008-12-09 09:30:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 09:30:57 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 09:30:57 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 09:30:54 ----RD---- C:\Program Files
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 09:30:41 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 09:30:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 09:30:40 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 09:30:40 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 09:30:39 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 09:30:31 ----RA---- C:\WINDOWS\SET29.tmp
2008-12-09 09:30:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 09:30:27 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-09 09:30:25 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-09 09:30:23 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 09:30:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 09:29:50 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 09:29:46 ----D---- C:\Documents and Settings
2008-12-09 09:28:55 ----RASH---- C:\boot. ini
2008-12-09 09:27:29 ----SHD---- C:\System Volume Information
2008-12-09 09:23:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 09:23:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 09:23:56 ----RD---- C:\WINDOWS\Web
2008-12-09 09:23:56 ----HD---- C:\WINDOWS\inf
2008-12-09 09:23:56 ----D---- C:\WINDOWS\WinSxS
2008-12-09 09:23:56 ----D---- C:\WINDOWS\twain_32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Temp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wins
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\spool
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ras
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\npp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\IME
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ias
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\export
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3076
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\2052
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1054
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1042
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1041
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1037
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1033
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1031
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1028
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1025
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system
2008-12-09 09:23:56 ----D---- C:\WINDOWS\security
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Resources
2008-12-09 09:23:56 ----D---- C:\WINDOWS\repair
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Provisioning
2008-12-09 09:23:56 ----D---- C:\WINDOWS\PeerNet
2008-12-09 09:23:56 ----D---- C:\WINDOWS\pchealth
2008-12-09 09:23:56 ----D---- C:\WINDOWS\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msapps
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msagent
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Media
2008-12-09 09:23:56 ----D---- C:\WINDOWS\java
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ime
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Help
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ehome
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Debug
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Cursors
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\AppPatch
2008-12-09 09:23:56 ----D---- C:\WINDOWS\addins
2008-12-09 09:23:56 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-10 09:09:46 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:41:57 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\nippgp.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 09, 2008, 09:43:26 PM

it seems i cant make the log for OTMoveIt3 as an attachment...

========== PROCESSES ==========
Process explorer.exe killed successfully.
Process firefox.exe killed successfully.
Process somxhj.exe killed successfully.
Process winhmiy.exe killed successfully.
Unable to kill process: KhaoZ.exe
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor deleted successfully.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic not found.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic not found.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools deleted successfully.
========== FILES ==========
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe moved successfully.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe not found.
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_GPsFfhMmcuvK8YqXW6AC scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_100756

Files moved on Reboot...
File C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_GPsFfhMmcuvK8YqXW6AC not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_a4.dat not found!

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 09, 2008, 09:44:00 PM

Oh, I see,
do you recognize this file

E:\Debug\KhaoZ.exe

I think it's part of the problem

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 09, 2008, 09:47:18 PM

[quote name=\'guestolo\' post=\'449558\' date=\'Dec 9 2008, 07:44 PM\']Oh, I see,
do you recognize this file

E:\Debug\KhaoZ.exe

I think it's part of the problem[/quote]

i have an E:\Debug folder but i dont recognize that one... i see it in that folder though... it has the hijackthis icon...should i delete it ??

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 09, 2008, 11:41:13 PM

Sorry about that, helping another user

Can you do the following please

Copy the entries below in Blue to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]
:Processes
explorer.exe
firefox.exe
winnqyid.exe
winmhbn.exe
:Services
asc3360pr
:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\somxhj.exe"=-
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winybmlw.exe"=-
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winhmiy.exe"=-
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\xjtjtg.exe"=-
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\qkwd.exe"=-
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winbbgwy.exe"=-
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winnqyid.exe"=-
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winkbxxn.exe"=-
"C:\\DOCUME~1\\KhaoZ\\LOCALS~1\\Temp\\winmhbn.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
:Files
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
[/color]

======================================================
Return to OTMoveIt3, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 12:10:40 AM

avira is still the same... wont install... sometimes i just got up to "i accept" part then vanish...

========== PROCESSES ==========
Process explorer.exe killed successfully.
Process firefox.exe killed successfully.
Unable to kill process: winnqyid.exe
Unable to kill process: winmhbn.exe
========== SERVICES/DRIVERS ==========
Unable to stop service asc3360pr .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools deleted successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_h3bfzmGpWeyKRAXKo9bz scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\seuhb.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winikokf.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_77c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_130535

Files moved on Reboot...
File C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_h3bfzmGpWeyKRAXKo9bz not found!
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\seuhb.exe moved successfully.
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winikokf.exe moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_77c.dat not found!

EDIT: attachemnt for latest rsit log.txt...

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 10, 2008, 12:19:34 AM

I'm hoping a lot of legit files are not infected
Can you do the following please

Please do a scan with [color=\"#3333FF\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")

[color=\"green\"]Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.[/color]

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
In the drop down box labeled Files of type change the type to Text file and give the file a name
Save the file to your desktop.
Copy and paste that information in your next post

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 12:24:27 AM

its says:
"Address Not Found
Firefox can't find the server at www.kaspersky.com.
The browser could not find the host server for the provided address.
* Did you make a mistake when typing the domain? (e.g. "ww.mozilla.org" instead of "www.mozilla.org")
* Are you certain this domain address exists? Its registration may have expired.
* Are you unable to browse other sites? Check your network connection and DNS server settings.
* Is your computer or network protected by a firewall or proxy? Incorrect settings can interfere with Web browsing."

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 10, 2008, 12:31:30 AM

Can I check the following
Open Hijackthis>>Open Misc tools section
Open the HOSTS FILE MANAGER
Select to "Open in Notepad"

Copy/paste back here the contents please

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 12:36:06 AM

well this sux... i just visited other AV sites like bitdefender, mcafee, etc and it turns out i cant open their website too...

this is what you ask: 127.0.0.1 localhost

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 10, 2008, 12:49:04 AM

Let me know if you can download the following tool
I'm assuming probably not, but see if you can
ftp://downloads2.kaspersky-labs.com/devbu....2008_08-49.exe (http://\"ftp://downloads2.kaspersky-labs.com/devbuilds/AVPTool/setup_7.0.0.290_09.12.2008_08-49.exe\")

If you can, just download it to your desktop
DO NOT try and run it yet

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 12:54:33 AM

i cant download it...

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 10, 2008, 01:06:34 AM

Unfortuneately, you have a very nasty infection
Many of your files could be infected

This part worries me

Quote

i have formatted this comp before coz of same prob coz i was thinking it is virus or worm and it was okay for a while. now it came back and i dont like to reformat this again coz its too much work. also, before i reformatted this it always shows .exe in my drive folders. for example: i made a folder named "abc". then when i reboot i see abc folder as abc.exe. i stated this because it seems to be the same problem(not sure) as before. it starts from inaccessiblilty of task manager ang reg editor.

Files in your D and/or E drives could be corrupt also
Causing your system to be infected after you reformatted

Here's some more info on your problem
http://www.threatexpert.com/report.aspx?ui...98-c539115ba659 (http://\"http://www.threatexpert.com/report.aspx?uid=f1684116-0a71-4874-9598-c539115ba659\")

Do you have another computer you can download any tools to?
Do you have a blank CD or CDRW?

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 02:13:12 AM

i have a blank cd but i dont have any other computer which i can download to... so what do u suggest i would do ? is reformatting again not a good idea ?

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 10, 2008, 02:17:16 AM

With the infection you have
Reformatting, and clean install is probably the best idea
Afterwards, get all your latest Windows updates
come back here and get some free protection software

Is your D and E partitions on the same drive as this one?
Or a seperate drive

Before you do the above
Can you download this file? Avira AntiVir Rescue System
http://www.free-av.com/en/tools/12/avira_a...cue_system.html (http://\"http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html\")

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 02:35:37 AM

my d & e is on the same as c... i am currently downloading Avira AntiVir Rescue System... im not sure if it will install though... what do you want me to do with it ?

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 10, 2008, 02:36:47 AM

Just let me know when you have finished downloading it please

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 02:50:18 AM

[quote name=\'guestolo\' post=\'449615\' date=\'Dec 10 2008, 12:36 AM\']Just let me know when you have finished downloading it please[/quote]

done with the download...

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 10, 2008, 02:56:45 AM

Can you do the following
Pop a blank CD or CDRW into your burner

You should see rescueCD.exe on desktop with an Umbrella icon
If you don't see the .exe part when you hover your mouse over it

Show file extensions
Go to START>MyComputer>>TOOLS>>FOLDER OPTIONS>>VIEW>>
UnCheck
"Hide Extensions for know file types"
Apply and OK it

Back at rescuecd.exe
Can you right click on it and rename it to rescuecd.com
Left click a blank area on desktop to set it and ok the prompt

Double click on rescuecd.com
and Run it>>Your burning device should be selected, or choose the correct drive from the drop down arrow
Then click on "Burn CD"
Following the prompts, it should prompt when it's successful and possibly eject the CD afterwards

Let me know if you can do the above then we'll go from there
If you can, at least we can scan with this and ensure to clean C,D,and E drives of bad files

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 03:07:43 AM

done... after cd burning there was a pop-up "jusched.exe - No Disk"

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 10, 2008, 03:14:21 AM

Can you put the disk back in the cd player

If you open MyComuter>>and right click on your CD Drive and select Explore
You should see a number of files>>12 in total

Do you see them all
Your bios may be set to boot from CD first
Do you know how to enter the bios and set boot order to your CDDrive just in case?<<I assume you do as you have reformatted before, sorry just thought I would ask

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 03:20:28 AM

[quote name=\'guestolo\' post=\'449619\' date=\'Dec 10 2008, 01:14 AM\']Can you put the disk back in the cd player

If you open MyComuter>>and right click on your CD Drive and select Explore
You should see a number of files>>12 in total

Do you see them all
Your bios may be set to boot from CD first
Do you know how to enter the bios and set boot order to your CDDrive just in case?[/quote]

it seems there is 1 extra file here... i have 13 files total... antivir, html, licenses, autorun.inf, avira.ico, boot.cat, index.html, initrd.gz, isolinux.bin, isolinux.cfg, license.txt, vmlinuz, welcome.msg

im guessing the other 1 is a virus ?

Title: Task Manager & Regedit inaccessible
Post by: guestolo on December 10, 2008, 03:34:20 AM

I'm not sure what the antivir one is, but it appears legit
I suggest that you print these instructions, or note them down, we'll be doing the next steps without
Graphical interface
I'm off to bed soon, so I won't know how this went till later

Ok, can we try the next step
We may be able to clean a bunch of infected files
and see where we stand from there

Reboot the computer with the CD in the drive and boot from it
Select Option 2 when prompted

At language selection, use the drop down arrow key on your keyboard to highlight
ENGLISH
Then use the SPACE bar to select it then hit ENTER

Drivers should then load
After drivers have loaded
Use the keyboard to highlight SCAN and hit ENTER
LEAVE to "SCAN ALL FILES"

Use the Arrow keys and the Space bar to highlight and Select
"Try to Repair Files" then Hit Enter
Leave other Defaults selected hitting Enter after each prompt

Scan should start
You won't see it scanning C, D, E,
you will most likely see it scanning something like
hda1, hda2, hda3

There is an option to save a log to floppy when done, but I find it usually isn't successful
So there won't be a log to show me afterwards

When the scan is complete, you can try and remove the disk at the prompt
If it won't remove, just Halt the system to shutdown

On startup, you can either continue booting to harddisk, or try and remove the CD before it gets to that prompt
Come back here and let me know how it went
We may try looking at some logs if it went ok

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 03:37:00 AM

ok... will try it now... thanks for you help so far...

Title: Task Manager & Regedit inaccessible
Post by: Evil Klown on December 10, 2008, 11:01:53 AM

it didnt work... after the option page, the comp goes to a sleep-like mode. the screen is off and i cant use mouse or keyboard... repeated this few times and result is still the same... i never got to language selection... im getting tired so im gonna reformat this now... will be back to get for AV protection and stuff...