Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Evil Klown

Pages: [1]
1
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 11:01:53 AM »
it didnt work... after the option page, the comp goes to a sleep-like mode. the screen is off and i cant use mouse or keyboard... repeated this few times and result is still the same... i never got to language selection... im getting tired so im gonna reformat this now... will be back to get for AV protection and stuff...

2
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 03:37:00 AM »
ok... will try it now... thanks for you help so far...

3
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 03:20:28 AM »
[quote name=\'guestolo\' post=\'449619\' date=\'Dec 10 2008, 01:14 AM\']Can you put the disk back in the cd player

If you open MyComuter>>and right click on your CD Drive and select Explore
You should see a number of files>>12 in total

Do you see them all
Your bios may be set to boot from CD first
Do you know how to enter the bios and set boot order to your CDDrive just in case?[/quote]

it seems there is 1 extra file here... i have 13 files total... antivir, html, licenses, autorun.inf, avira.ico, boot.cat, index.html, initrd.gz, isolinux.bin, isolinux.cfg, license.txt, vmlinuz, welcome.msg

im guessing the other 1 is a virus ?

4
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 03:07:43 AM »
done... after cd burning there was a pop-up "jusched.exe - No Disk"

5
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 02:50:18 AM »
[quote name=\'guestolo\' post=\'449615\' date=\'Dec 10 2008, 12:36 AM\']Just let me know when you have finished downloading it please[/quote]

done with the download...

6
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 02:35:37 AM »
my d & e is on the same as c... i am currently downloading Avira AntiVir Rescue System... im not sure if it will install though... what do you want me to do with it ?

7
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 02:13:12 AM »
i have a blank cd but i dont have any other computer which i can download to... so what do u suggest i would do ? is reformatting again not a good idea ?

8
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 12:54:33 AM »
i cant download it...

9
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 12:36:06 AM »
well this sux... i just visited other AV sites like bitdefender, mcafee, etc and it turns out i cant open their website too...

this is what you ask: 127.0.0.1       localhost

10
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 12:24:27 AM »
its says:
"Address Not Found
Firefox can't find the server at www.kaspersky.com.
The browser could not find the host server for the provided address.
    * Did you make a mistake when typing the domain? (e.g. "ww.mozilla.org" instead of "www.mozilla.org")
    * Are you certain this domain address exists?  Its registration may have expired.
    * Are you unable to browse other sites?  Check your network connection and DNS server settings.
    * Is your computer or network protected by a firewall or proxy?  Incorrect settings can interfere with Web browsing."

11
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 10, 2008, 12:10:40 AM »
avira is still the same... wont install... sometimes i just got up to "i accept" part then vanish...

========== PROCESSES ==========
Process explorer.exe killed successfully.
Process firefox.exe killed successfully.
Unable to kill process: winnqyid.exe
Unable to kill process: winmhbn.exe
========== SERVICES/DRIVERS ==========
Unable to stop service asc3360pr .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools deleted successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe not found.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_h3bfzmGpWeyKRAXKo9bz scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\seuhb.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winikokf.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_77c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_130535

Files moved on Reboot...
File C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_h3bfzmGpWeyKRAXKo9bz not found!
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\seuhb.exe moved successfully.
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winikokf.exe moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_77c.dat not found!

EDIT: attachemnt for latest rsit log.txt...

12
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 09, 2008, 09:47:18 PM »
[quote name=\'guestolo\' post=\'449558\' date=\'Dec 9 2008, 07:44 PM\']Oh, I see,
do you recognize this file

E:\Debug\KhaoZ.exe


I think it's part of the problem[/quote]

i have an E:\Debug folder but i dont recognize that one... i see it in that folder though... it has the hijackthis icon...should i delete it ??

13
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 09, 2008, 09:43:26 PM »
it seems i cant make the log for OTMoveIt3 as an attachment...

========== PROCESSES ==========
Process explorer.exe killed successfully.
Process firefox.exe killed successfully.
Process somxhj.exe killed successfully.
Process winhmiy.exe killed successfully.
Unable to kill process: KhaoZ.exe
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor deleted successfully.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic not found.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic not found.
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools deleted successfully.
========== FILES ==========
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe moved successfully.
File/Folder C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe not found.
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_GPsFfhMmcuvK8YqXW6AC scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_100756

Files moved on Reboot...
File C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\etilqs_GPsFfhMmcuvK8YqXW6AC not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_a4.dat not found!

14
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 09, 2008, 09:40:56 PM »
ok... big problem... i cant install the AV software... it suddenly disappears when i start installing/extracting files... i tried it like a few times and it still the same.. no problem downloading the AV installer except it wont install... i got OTMoveIt3 though...

C: is for major programs
D: games and some apps
E: as of now its where most of my downloads are at...

i think the problem started from D: coz i installed a program from a back up dvd that i made before reformatting. also, task manager still is locked...

Logfile of random's system information tool 1.04 (written by random/random)
Run by KhaoZ at 2008-12-10 10:33:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (80%) free of 35 GB
Total RAM: 1023 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:44 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe
C:\Documents and Settings\KhaoZ\Desktop\RSIT.exe
E:\Debug\KhaoZ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3082 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 218520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4429040]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Apps\LimeWire\LimeWire.exe"="D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\xjtjtg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\qkwd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winbbgwy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnqyid.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winkbxxn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmhbn.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 10:07:56 ----D---- C:\_OTMoveIt
2008-12-10 10:05:59 ----SHD---- C:\RECYCLER
2008-12-10 09:12:37 ----A---- C:\ComboFix.txt
2008-12-10 09:05:36 ----A---- C:\Boot.bak
2008-12-10 09:05:32 ----RASHD---- C:\cmdcons
2008-12-10 09:01:53 ----A---- C:\WINDOWS\zip.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\sed.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\grep.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 09:01:47 ----D---- C:\WINDOWS\ERDNT
2008-12-10 09:01:47 ----D---- C:\Qoobox
2008-12-10 09:01:46 ----D---- C:\ComboFix
2008-12-10 08:41:39 ----D---- C:\rsit
2008-12-10 02:18:46 ----D---- C:\Program Files\DNA
2008-12-10 02:18:46 ----D---- C:\Program Files\BitTorrent
2008-12-10 02:18:46 ----D---- C:\Documents and Settings\KhaoZ\Application Data\DNA
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Macromedia
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Adobe
2008-12-10 02:04:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-10 01:10:46 ----D---- C:\Program Files\Yahoo!
2008-12-10 01:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-10 01:01:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 00:59:52 ----D---- C:\Documents and Settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:37:10 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-10 00:36:10 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\px.dll
2008-12-10 00:35:02 ----D---- C:\Program Files\Winamp
2008-12-10 00:35:02 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 00:24:50 ----D---- C:\Program Files\Java
2008-12-10 00:24:21 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Sun
2008-12-10 00:12:28 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Mozilla
2008-12-10 00:12:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 23:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 23:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-09 23:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 23:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 23:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 23:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 23:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 23:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-09 23:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 23:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 23:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 23:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 23:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 23:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 23:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 23:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 23:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 23:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 23:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 23:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 23:08:53 ----D---- C:\WINDOWS\ie7updates
2008-12-09 23:08:40 ----D---- C:\WINDOWS\WBEM
2008-12-09 23:07:48 ----HDC---- C:\WINDOWS\ie7
2008-12-09 23:07:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-09 23:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-09 23:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 23:02:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-09 22:30:46 ----D---- C:\WINDOWS\Prefetch
2008-12-09 18:39:33 ----D---- C:\WINDOWS\system32\en-us
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\en
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\bits
2008-12-09 18:39:32 ----D---- C:\WINDOWS\l2schemas
2008-12-09 18:38:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 18:36:36 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 18:35:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 18:33:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 18:05:10 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-09 18:04:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 18:03:20 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 18:03:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 18:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 17:57:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-09 17:57:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 17:52:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Identities
2008-12-09 17:52:28 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 17:52:22 ----SD---- C:\Documents and Settings\KhaoZ\Application Data\Microsoft
2008-12-09 17:52:22 ----ASH---- C:\Documents and Settings\KhaoZ\Application Data\desktop.ini
2008-12-09 17:46:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 17:45:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 17:45:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 17:42:29 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 17:42:29 ----D---- C:\Program Files\xerox
2008-12-09 17:42:29 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 17:42:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:42:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 17:41:57 ----A---- C:\WINDOWS\control.ini
2008-12-09 17:41:57 ----A---- C:\AUTOEXEC.BAT
2008-12-09 17:41:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 17:41:38 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 17:40:37 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 17:40:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 17:40:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 17:40:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 17:40:26 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 17:40:09 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 17:39:53 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 17:39:51 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 17:39:51 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 17:39:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 17:39:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 17:39:44 ----D---- C:\Program Files\Common Files\Services
2008-12-09 17:39:43 ----SD---- C:\WINDOWS\Tasks
2008-12-09 17:39:43 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 17:39:42 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 17:39:39 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:39:38 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 17:39:30 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 17:39:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-09 17:39:24 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 17:39:21 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 17:39:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 17:39:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 17:39:14 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:39:12 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:38:40 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vb.ini
2008-12-09 17:38:34 ----D---- C:\WINDOWS\Registration
2008-12-09 17:38:26 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:38:26 ----D---- C:\Program Files\Online Services
2008-12-09 17:38:20 ----D---- C:\Program Files\Messenger
2008-12-09 17:38:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 17:38:17 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 17:37:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 17:37:50 ----D---- C:\Program Files\MSN
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 17:37:48 ----D---- C:\Program Files\Windows NT
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 17:37:46 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 17:37:45 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 17:37:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 17:37:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 09:36:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 09:32:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-09 09:31:58 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 09:31:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 09:30:58 ----SHD---- C:\WINDOWS\Installer
2008-12-09 09:30:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 09:30:57 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 09:30:57 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 09:30:54 ----RD---- C:\Program Files
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 09:30:41 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 09:30:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 09:30:40 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 09:30:40 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 09:30:39 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 09:30:31 ----RA---- C:\WINDOWS\SET29.tmp
2008-12-09 09:30:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 09:30:27 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-09 09:30:25 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-09 09:30:23 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 09:30:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 09:29:50 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 09:29:46 ----D---- C:\Documents and Settings
2008-12-09 09:28:55 ----RASH---- C:\boot. ini
2008-12-09 09:27:29 ----SHD---- C:\System Volume Information
2008-12-09 09:23:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 09:23:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 09:23:56 ----RD---- C:\WINDOWS\Web
2008-12-09 09:23:56 ----HD---- C:\WINDOWS\inf
2008-12-09 09:23:56 ----D---- C:\WINDOWS\WinSxS
2008-12-09 09:23:56 ----D---- C:\WINDOWS\twain_32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Temp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wins
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\spool
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ras
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\npp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\IME
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ias
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\export
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3076
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\2052
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1054
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1042
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1041
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1037
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1033
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1031
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1028
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1025
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system
2008-12-09 09:23:56 ----D---- C:\WINDOWS\security
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Resources
2008-12-09 09:23:56 ----D---- C:\WINDOWS\repair
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Provisioning
2008-12-09 09:23:56 ----D---- C:\WINDOWS\PeerNet
2008-12-09 09:23:56 ----D---- C:\WINDOWS\pchealth
2008-12-09 09:23:56 ----D---- C:\WINDOWS\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msapps
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msagent
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Media
2008-12-09 09:23:56 ----D---- C:\WINDOWS\java
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ime
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Help
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ehome
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Debug
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Cursors
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\AppPatch
2008-12-09 09:23:56 ----D---- C:\WINDOWS\addins
2008-12-09 09:23:56 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-10 09:09:46 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:41:57 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\nippgp.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

15
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 09, 2008, 08:34:13 PM »
i think i knw why it didnt match up... is it because i run combofix from desktop and rsit from drive e ?? now both from desktop...

also sir, i dont have any antivirus so anything you can recommend ? a free one would be nice...

Logfile of random's system information tool 1.04 (written by random/random)
Run by KhaoZ at 2008-12-10 09:28:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (81%) free of 35 GB
Total RAM: 1023 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:38 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe
C:\Documents and Settings\KhaoZ\Desktop\RSIT.exe
E:\Debug\KhaoZ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3126 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 218520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4429040]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Apps\LimeWire\LimeWire.exe"="D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\somxhj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winybmlw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhmiy.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 09:12:37 ----A---- C:\ComboFix.txt
2008-12-10 09:05:36 ----A---- C:\Boot.bak
2008-12-10 09:05:32 ----RASHD---- C:\cmdcons
2008-12-10 09:01:53 ----A---- C:\WINDOWS\zip.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\VFIND.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWSC.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\SWREG.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\sed.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\grep.exe
2008-12-10 09:01:53 ----A---- C:\WINDOWS\fdsv.exe
2008-12-10 09:01:47 ----D---- C:\WINDOWS\ERDNT
2008-12-10 09:01:47 ----D---- C:\Qoobox
2008-12-10 09:01:46 ----D---- C:\ComboFix
2008-12-10 08:41:39 ----D---- C:\rsit
2008-12-10 02:18:46 ----D---- C:\Program Files\DNA
2008-12-10 02:18:46 ----D---- C:\Program Files\BitTorrent
2008-12-10 02:18:46 ----D---- C:\Documents and Settings\KhaoZ\Application Data\DNA
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Macromedia
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Adobe
2008-12-10 02:04:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-10 01:10:46 ----D---- C:\Program Files\Yahoo!
2008-12-10 01:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-10 01:01:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 00:59:52 ----D---- C:\Documents and Settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:37:10 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-10 00:36:10 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\px.dll
2008-12-10 00:35:02 ----D---- C:\Program Files\Winamp
2008-12-10 00:35:02 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 00:24:50 ----D---- C:\Program Files\Java
2008-12-10 00:24:21 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Sun
2008-12-10 00:12:28 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Mozilla
2008-12-10 00:12:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 23:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 23:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-09 23:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 23:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 23:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 23:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 23:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 23:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-09 23:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 23:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 23:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 23:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 23:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 23:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 23:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 23:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 23:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 23:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 23:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 23:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 23:08:53 ----D---- C:\WINDOWS\ie7updates
2008-12-09 23:08:40 ----D---- C:\WINDOWS\WBEM
2008-12-09 23:07:48 ----HDC---- C:\WINDOWS\ie7
2008-12-09 23:07:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-09 23:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-09 23:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 23:02:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-09 22:30:46 ----D---- C:\WINDOWS\Prefetch
2008-12-09 18:39:33 ----D---- C:\WINDOWS\system32\en-us
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\en
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\bits
2008-12-09 18:39:32 ----D---- C:\WINDOWS\l2schemas
2008-12-09 18:38:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 18:36:36 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 18:35:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 18:33:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 18:05:10 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-09 18:04:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 18:03:20 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 18:03:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 18:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 17:57:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-09 17:57:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 17:52:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Identities
2008-12-09 17:52:28 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 17:52:22 ----SD---- C:\Documents and Settings\KhaoZ\Application Data\Microsoft
2008-12-09 17:52:22 ----ASH---- C:\Documents and Settings\KhaoZ\Application Data\desktop.ini
2008-12-09 17:46:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 17:45:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 17:45:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 17:42:29 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 17:42:29 ----D---- C:\Program Files\xerox
2008-12-09 17:42:29 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 17:42:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:42:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 17:41:57 ----A---- C:\WINDOWS\control.ini
2008-12-09 17:41:57 ----A---- C:\AUTOEXEC.BAT
2008-12-09 17:41:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 17:41:38 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 17:40:37 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 17:40:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 17:40:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 17:40:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 17:40:26 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 17:40:09 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 17:39:53 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 17:39:51 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 17:39:51 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 17:39:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 17:39:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 17:39:44 ----D---- C:\Program Files\Common Files\Services
2008-12-09 17:39:43 ----SD---- C:\WINDOWS\Tasks
2008-12-09 17:39:43 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 17:39:42 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 17:39:39 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:39:38 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 17:39:30 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 17:39:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-09 17:39:24 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 17:39:21 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 17:39:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 17:39:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 17:39:14 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:39:12 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:38:40 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vb.ini
2008-12-09 17:38:34 ----D---- C:\WINDOWS\Registration
2008-12-09 17:38:26 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:38:26 ----D---- C:\Program Files\Online Services
2008-12-09 17:38:20 ----D---- C:\Program Files\Messenger
2008-12-09 17:38:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 17:38:17 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 17:37:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 17:37:50 ----D---- C:\Program Files\MSN
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 17:37:48 ----D---- C:\Program Files\Windows NT
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 17:37:46 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 17:37:45 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 17:37:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 17:37:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 09:36:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 09:32:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-09 09:31:58 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 09:31:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 09:30:58 ----SHD---- C:\WINDOWS\Installer
2008-12-09 09:30:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 09:30:57 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 09:30:57 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 09:30:54 ----RD---- C:\Program Files
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 09:30:41 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 09:30:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 09:30:40 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 09:30:40 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 09:30:39 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 09:30:31 ----RA---- C:\WINDOWS\SET29.tmp
2008-12-09 09:30:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 09:30:27 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-09 09:30:25 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-09 09:30:23 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 09:30:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 09:29:50 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 09:29:46 ----D---- C:\Documents and Settings
2008-12-09 09:28:55 ----RASH---- C:\boot. ini
2008-12-09 09:27:29 ----SHD---- C:\System Volume Information
2008-12-09 09:23:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 09:23:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 09:23:56 ----RD---- C:\WINDOWS\Web
2008-12-09 09:23:56 ----HD---- C:\WINDOWS\inf
2008-12-09 09:23:56 ----D---- C:\WINDOWS\WinSxS
2008-12-09 09:23:56 ----D---- C:\WINDOWS\twain_32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Temp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wins
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\spool
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ras
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\npp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\IME
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ias
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\export
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3076
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\2052
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1054
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1042
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1041
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1037
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1033
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1031
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1028
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1025
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system
2008-12-09 09:23:56 ----D---- C:\WINDOWS\security
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Resources
2008-12-09 09:23:56 ----D---- C:\WINDOWS\repair
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Provisioning
2008-12-09 09:23:56 ----D---- C:\WINDOWS\PeerNet
2008-12-09 09:23:56 ----D---- C:\WINDOWS\pchealth
2008-12-09 09:23:56 ----D---- C:\WINDOWS\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msapps
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msagent
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Media
2008-12-09 09:23:56 ----D---- C:\WINDOWS\java
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ime
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Help
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ehome
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Debug
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Cursors
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\AppPatch
2008-12-09 09:23:56 ----D---- C:\WINDOWS\addins
2008-12-09 09:23:56 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-10 09:09:46 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:41:57 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

16
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 09, 2008, 08:21:53 PM »
thats the laters sir taken just moments ago... the old files were deleted when i reformatted...

EDIT: uhh, i deleted my ie7 shortcut from desktop and after combofix its on the desktop again. is it coz of combofix ? also, task manager is locked again...

17
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 09, 2008, 08:17:06 PM »
i forgot to mention that before i reformatted this i tried to use combofix and it worked for like an hour then after that im back to inaccessible task manager and regedit...

ComboFix 08-12-07.04 - KhaoZ 2008-12-10  9:07:47.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.659 [GMT -8:00]
Running from: c:\documents and settings\KhaoZ\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


(((((((((((((((((((((((((   Files Created from 2008-11-10 to 2008-12-10  )))))))))))))))))))))))))))))))
.

2008-12-10 08:41 . 2008-12-10 08:41   <DIR>   d--------   C:\rsit
2008-12-10 02:18 . 2008-12-10 09:09   <DIR>   d--------   c:\program files\DNA
2008-12-10 02:18 . 2008-12-10 02:18   <DIR>   d--------   c:\program files\BitTorrent
2008-12-10 02:18 . 2008-12-10 09:09   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\DNA
2008-12-10 02:04 . 2008-12-10 02:04   <DIR>   d--------   c:\documents and settings\KhaoZ\Incomplete
2008-12-10 02:04 . 2008-12-10 02:06   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29 . 2008-12-10 01:29   <DIR>   d--------   c:\program files\Common Files\InstallShield
2008-12-10 01:10 . 2008-12-10 01:10   <DIR>   d--------   c:\program files\Yahoo!
2008-12-10 01:10 . 2008-12-10 01:10   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-10 01:01 . 2008-12-10 01:30   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2008-12-10 00:59 . 2008-12-10 00:59   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:36 . 2008-12-10 00:36   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35 . 2008-12-10 00:37   <DIR>   d--------   c:\program files\Winamp
2008-12-10 00:35 . 2008-12-10 00:38   <DIR>   d--------   c:\documents and settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33 . 2004-01-11 23:00   348,160   --a------   c:\windows\system32\msvcr71.dll
2008-12-10 00:25 . 2008-12-10 00:24   410,984   --a------   c:\windows\system32\deploytk.dll
2008-12-10 00:25 . 2008-12-10 00:24   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-12-10 00:24 . 2008-12-10 00:24   <DIR>   d--------   c:\program files\Java
2008-12-10 00:12 . 2008-12-10 00:12   0   --a------   c:\windows\nsreg.dat
2008-12-09 23:08 . 2008-10-03 09:41   6,066,176   -----c---   c:\windows\system32\dllcache\ieframe.dll
2008-12-09 23:08 . 2007-04-17 01:32   2,455,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dat
2008-12-09 23:08 . 2007-03-07 21:10   991,232   -----c---   c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-09 23:08 . 2008-08-25 23:24   459,264   -----c---   c:\windows\system32\dllcache\msfeeds.dll
2008-12-09 23:08 . 2008-08-25 23:24   383,488   -----c---   c:\windows\system32\dllcache\ieapfltr.dll
2008-12-09 23:08 . 2008-08-25 23:24   267,776   -----c---   c:\windows\system32\dllcache\iertutil.dll
2008-12-09 23:08 . 2008-08-25 23:24   63,488   -----c---   c:\windows\system32\dllcache\icardie.dll
2008-12-09 23:08 . 2008-08-25 23:24   52,224   -----c---   c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-09 23:08 . 2008-08-25 00:38   13,824   -----c---   c:\windows\system32\dllcache\ieudinit.exe
2008-12-09 23:03 . 2008-04-13 11:17   83,072   --a------   c:\windows\system32\drivers\wdmaud.sys
2008-12-09 23:03 . 2008-04-13 11:17   83,072   --a--c---   c:\windows\system32\dllcache\wdmaud.sys
2008-12-09 23:03 . 2008-04-13 10:45   56,576   --a------   c:\windows\system32\drivers\swmidi.sys
2008-12-09 23:03 . 2008-04-13 10:45   56,576   --a--c---   c:\windows\system32\dllcache\swmidi.sys
2008-12-09 23:03 . 2008-04-13 10:45   52,864   --a------   c:\windows\system32\drivers\DMusic.sys
2008-12-09 23:03 . 2008-04-13 10:45   52,864   --a--c---   c:\windows\system32\dllcache\dmusic.sys
2008-12-09 23:03 . 2008-04-13 10:45   6,272   --a------   c:\windows\system32\drivers\splitter.sys
2008-12-09 23:03 . 2008-04-13 10:45   6,272   --a--c---   c:\windows\system32\dllcache\splitter.sys
2008-12-09 22:59 . 2008-09-04 09:15   1,106,944   -----c---   c:\windows\system32\dllcache\msxml3.dll
2008-12-09 22:58 . 2008-08-14 02:11   2,189,184   -----c---   c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-09 22:58 . 2008-08-14 02:09   2,145,280   -----c---   c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-09 22:58 . 2008-08-14 01:33   2,066,048   -----c---   c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-09 22:58 . 2008-08-14 01:33   2,023,936   -----c---   c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-09 22:58 . 2008-10-15 08:34   337,408   -----c---   c:\windows\system32\dllcache\netapi32.dll
2008-12-09 22:57 . 2008-09-15 04:12   1,846,400   -----c---   c:\windows\system32\dllcache\win32k.sys
2008-12-09 22:57 . 2008-08-14 02:04   138,496   -----c---   c:\windows\system32\dllcache\afd.sys
2008-12-09 22:54 . 2008-05-01 06:33   331,776   -----c---   c:\windows\system32\dllcache\msadce.dll
2008-12-09 22:53 . 2008-04-11 11:04   691,712   -----c---   c:\windows\system32\dllcache\inetcomm.dll
2008-12-09 22:53 . 2008-09-08 02:41   333,824   -----c---   c:\windows\system32\dllcache\srv.sys
2008-12-09 22:51 . 2008-06-13 03:05   272,128   -----c---   c:\windows\system32\dllcache\bthport.sys
2008-12-09 22:50 . 2008-05-08 06:02   203,136   -----c---   c:\windows\system32\dllcache\rmcast.sys
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\system32\scripting
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\system32\en
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\system32\bits
2008-12-09 18:39 . 2008-12-09 18:39   <DIR>   d--------   c:\windows\l2schemas
2008-12-09 18:38 . 2008-12-09 18:38   <DIR>   d--------   c:\windows\ServicePackFiles
2008-12-09 18:27 . 2004-08-03 22:29   701,440   ---------   c:\windows\system32\drivers\ati2mtag.sys
2008-12-09 18:05 . 2008-12-09 18:05   13,646   --a------   c:\windows\system32\wpa.bak
2008-12-09 18:03 . 2007-08-10 20:46   26,488   --a------   c:\windows\system32\spupdsvc.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 01:42   ---------   d-----w   c:\program files\microsoft frontpage
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 22:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 22:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 22:12   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 22:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 22:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 22:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-09-15 12:12   1,846,400   ----a-w   c:\windows\system32\win32k.sys
2008-09-10 01:14   1,307,648   ----a-w   c:\windows\system32\msxml6.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4429040]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 218520]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Apps\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=


*Newly Created Service* - ASC3360PR
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\KhaoZ\Application Data\Mozilla\Firefox\Profiles\n68xeo5o.default\
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 09:09:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-12-10  9:12:36 - machine was rebooted
ComboFix-quarantined-files.txt  2008-12-10 17:12:33

Pre-Run: 29,386,903,552 bytes free
Post-Run: 29,606,670,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

159   --- E O F ---   2008-12-10 07:14:56

18
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 09, 2008, 07:52:00 PM »
yeah i got the error msg... so i put it as attachment...

Logfile of random's system information tool 1.04 (written by random/random)
Run by KhaoZ at 2008-12-10 08:41:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (80%) free of 35 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:53 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\nsg8.tmp\nsA.tmp
C:\Program Files\DNA\btdna.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\Blizzard Installer Bootstrap - 0169eb00\Installer.exe
E:\Download\RSIT.exe
E:\Debug\KhaoZ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3183 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 218520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4429040]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-10 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Garena_setup.exe"="F:\Garena_setup.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlkyxqu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlkyxqu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winjbfqk.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winjbfqk.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\aypnav.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\aypnav.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\lhmrc.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\lhmrc.exe:*:Enabled:ipsec"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\gthjwg.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\gthjwg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxbrt.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxbrt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmtrjs.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmtrjs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrdcx.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrdcx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winympt.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winympt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrbawq.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winrbawq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\1051315\YMSGR_~1.EXE"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\1051315\YMSGR_~1.EXE:*:Enabled:ipsec"
"D:\Apps\LimeWire\LimeWire.exe"="D:\Apps\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wincvlyev.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wincvlyev.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe:*:Enabled:ipsec"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhppstg.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winhppstg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winsjmcff.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winsjmcff.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlhyuab.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winlhyuab.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winpchy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winpchy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmjqo.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winmjqo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wingske.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\wingske.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cdrjqj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cdrjqj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqgwwj.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqgwwj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\iitu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\iitu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqspbn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqspbn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\pujhvu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\pujhvu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqmitm.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winqmitm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\drvn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\drvn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cemfoy.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\cemfoy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winecvam.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winecvam.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\ghpf.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\ghpf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winftnu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winftnu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\apeso.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\apeso.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\yhlp.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\yhlp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winvebhqo.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winvebhqo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winyxnk.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winyxnk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winemmu.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winemmu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winwhebrr.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winwhebrr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\fiqvc.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\fiqvc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxnlrsn.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxnlrsn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxffc.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winxffc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\mhut.exe"="C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\mhut.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-10 08:41:39 ----D---- C:\rsit
2008-12-10 02:18:46 ----D---- C:\Program Files\DNA
2008-12-10 02:18:46 ----D---- C:\Program Files\BitTorrent
2008-12-10 02:18:46 ----D---- C:\Documents and Settings\KhaoZ\Application Data\DNA
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Macromedia
2008-12-10 02:07:22 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Adobe
2008-12-10 02:04:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\LimeWire
2008-12-10 01:29:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-10 01:10:46 ----D---- C:\Program Files\Yahoo!
2008-12-10 01:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-10 01:01:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 00:59:52 ----D---- C:\Documents and Settings\KhaoZ\Application Data\InstallShield
2008-12-10 00:37:10 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-10 00:36:10 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Media Player Classic
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-10 00:35:04 ----N---- C:\WINDOWS\system32\px.dll
2008-12-10 00:35:02 ----D---- C:\Program Files\Winamp
2008-12-10 00:35:02 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Winamp
2008-12-10 00:33:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-12-10 00:25:39 ----SHD---- C:\RECYCLER
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 00:25:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 00:24:50 ----D---- C:\Program Files\Java
2008-12-10 00:24:21 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Sun
2008-12-10 00:12:28 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Mozilla
2008-12-10 00:12:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 23:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 23:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-09 23:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 23:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 23:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 23:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 23:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 23:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-09 23:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 23:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 23:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 23:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-09 23:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 23:09:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 23:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 23:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 23:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-09 23:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 23:09:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 23:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 23:08:53 ----D---- C:\WINDOWS\ie7updates
2008-12-09 23:08:40 ----D---- C:\WINDOWS\WBEM
2008-12-09 23:07:48 ----HDC---- C:\WINDOWS\ie7
2008-12-09 23:07:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-09 23:07:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-09 23:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 23:02:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-09 22:30:46 ----D---- C:\WINDOWS\Prefetch
2008-12-09 18:39:33 ----D---- C:\WINDOWS\system32\en-us
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\en
2008-12-09 18:39:32 ----D---- C:\WINDOWS\system32\bits
2008-12-09 18:39:32 ----D---- C:\WINDOWS\l2schemas
2008-12-09 18:38:15 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 18:36:36 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 18:35:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 18:33:41 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 18:05:10 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-09 18:04:19 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-09 18:03:20 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-09 18:03:20 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-09 18:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wups2.dll
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-12-09 17:57:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-12-09 17:57:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-09 17:57:56 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-12-09 17:52:30 ----D---- C:\Documents and Settings\KhaoZ\Application Data\Identities
2008-12-09 17:52:28 ----HD---- C:\Program Files\Uninstall Information
2008-12-09 17:52:22 ----SD---- C:\Documents and Settings\KhaoZ\Application Data\Microsoft
2008-12-09 17:52:22 ----ASH---- C:\Documents and Settings\KhaoZ\Application Data\desktop.ini
2008-12-09 17:46:24 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-09 17:45:45 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-09 17:45:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 17:42:29 ----D---- C:\WINDOWS\system32\xircom
2008-12-09 17:42:29 ----D---- C:\Program Files\xerox
2008-12-09 17:42:29 ----D---- C:\Program Files\microsoft frontpage
2008-12-09 17:42:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-09 17:42:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 17:41:57 ----A---- C:\WINDOWS\control.ini
2008-12-09 17:41:57 ----A---- C:\AUTOEXEC.BAT
2008-12-09 17:41:42 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 17:41:38 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-09 17:40:37 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-09 17:40:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 17:40:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-09 17:40:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-09 17:40:26 ----HD---- C:\Program Files\WindowsUpdate
2008-12-09 17:40:09 ----D---- C:\WINDOWS\system32\DirectX
2008-12-09 17:39:53 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-09 17:39:51 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-09 17:39:51 ----A---- C:\WINDOWS\desktop.ini
2008-12-09 17:39:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-09 17:39:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-09 17:39:44 ----D---- C:\Program Files\Common Files\Services
2008-12-09 17:39:43 ----SD---- C:\WINDOWS\Tasks
2008-12-09 17:39:43 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-09 17:39:42 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-09 17:39:39 ----D---- C:\WINDOWS\srchasst
2008-12-09 17:39:38 ----D---- C:\WINDOWS\system32\Macromed
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-09 17:39:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-09 17:39:33 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-09 17:39:30 ----D---- C:\Program Files\Movie Maker
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-09 17:39:28 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-09 17:39:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-09 17:39:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-09 17:39:24 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-09 17:39:24 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-09 17:39:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-09 17:39:21 ----D---- C:\Program Files\NetMeeting
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-09 17:39:21 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-09 17:39:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-09 17:39:19 ----D---- C:\Program Files\Outlook Express
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-09 17:39:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-09 17:39:18 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-09 17:39:14 ----D---- C:\Program Files\Common Files\System
2008-12-09 17:39:12 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:38:40 ----D---- C:\Program Files\ComPlus Applications
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-09 17:38:38 ----A---- C:\WINDOWS\vb.ini
2008-12-09 17:38:34 ----D---- C:\WINDOWS\Registration
2008-12-09 17:38:26 ----D---- C:\Program Files\Windows Media Player
2008-12-09 17:38:26 ----D---- C:\Program Files\Online Services
2008-12-09 17:38:20 ----D---- C:\Program Files\Messenger
2008-12-09 17:38:17 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-09 17:38:17 ----A---- C:\WINDOWS\system32\write.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-09 17:38:11 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-09 17:38:10 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-09 17:38:05 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-09 17:38:04 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-09 17:38:03 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-09 17:38:02 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-09 17:37:58 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-09 17:37:50 ----D---- C:\Program Files\MSN
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-09 17:37:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-09 17:37:48 ----D---- C:\Program Files\Windows NT
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-09 17:37:48 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-09 17:37:47 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-09 17:37:46 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-09 17:37:46 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-09 17:37:45 ----D---- C:\WINDOWS\system32\Com
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-09 17:37:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-09 17:37:44 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-09 17:37:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-09 17:37:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-09 17:37:38 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-09 09:36:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-09 09:32:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-09 09:31:58 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-09 09:31:01 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 09:30:58 ----SHD---- C:\WINDOWS\Installer
2008-12-09 09:30:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 09:30:57 ----D---- C:\Program Files\Common Files\ODBC
2008-12-09 09:30:57 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-09 09:30:54 ----RD---- C:\Program Files
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-09 09:30:54 ----D---- C:\Program Files\Common Files
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-09 09:30:52 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-09 09:30:50 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-09 09:30:48 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-09 09:30:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-09 09:30:45 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-09 09:30:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-09 09:30:42 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-09 09:30:41 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-09 09:30:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-09 09:30:40 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-09 09:30:40 ----A---- C:\WINDOWS\notepad.exe
2008-12-09 09:30:39 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-09 09:30:31 ----RA---- C:\WINDOWS\SET29.tmp
2008-12-09 09:30:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-09 09:30:27 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-09 09:30:25 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-09 09:30:23 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 09:30:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 09:30:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-09 09:29:50 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 09:29:46 ----D---- C:\Documents and Settings
2008-12-09 09:28:55 ----SH---- C:\boot. ini
2008-12-09 09:27:29 ----SHD---- C:\System Volume Information
2008-12-09 09:23:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-09 09:23:56 ----RSD---- C:\WINDOWS\Fonts
2008-12-09 09:23:56 ----RD---- C:\WINDOWS\Web
2008-12-09 09:23:56 ----HD---- C:\WINDOWS\inf
2008-12-09 09:23:56 ----D---- C:\WINDOWS\WinSxS
2008-12-09 09:23:56 ----D---- C:\WINDOWS\twain_32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Temp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wins
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\spool
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ras
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\npp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\IME
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\icsxml
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\ias
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\export
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\dhcp
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\3076
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\2052
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1054
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1042
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1041
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1037
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1033
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1031
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1028
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32\1025
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system32
2008-12-09 09:23:56 ----D---- C:\WINDOWS\system
2008-12-09 09:23:56 ----D---- C:\WINDOWS\security
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Resources
2008-12-09 09:23:56 ----D---- C:\WINDOWS\repair
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Provisioning
2008-12-09 09:23:56 ----D---- C:\WINDOWS\PeerNet
2008-12-09 09:23:56 ----D---- C:\WINDOWS\pchealth
2008-12-09 09:23:56 ----D---- C:\WINDOWS\mui
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msapps
2008-12-09 09:23:56 ----D---- C:\WINDOWS\msagent
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Media
2008-12-09 09:23:56 ----D---- C:\WINDOWS\java
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ime
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Help
2008-12-09 09:23:56 ----D---- C:\WINDOWS\ehome
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Driver Cache
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Debug
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Cursors
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Connection Wizard
2008-12-09 09:23:56 ----D---- C:\WINDOWS\Config
2008-12-09 09:23:56 ----D---- C:\WINDOWS\AppPatch
2008-12-09 09:23:56 ----D---- C:\WINDOWS\addins
2008-12-09 09:23:56 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-12-10 00:29:39 ----A---- C:\WINDOWS\system.ini
2008-12-09 17:41:57 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\nippgp.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

19
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 09, 2008, 01:44:43 PM »
additional info: sometimes there is a pop-up saying "Windows - no disk Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c" and i cant get rid of it unless i click ok or cancel for like 25x... i dont knw if this is related...

20
Tech Clinic / Task Manager & Regedit inaccessible
« on: December 09, 2008, 01:38:50 PM »
i cant open my task manager & registry editor. everytime i tried, it always show "Task Manager has been disabled by your administrator." for task manager. same goes for reg editor. i have formatted this comp before coz of same prob coz i was thinking it is virus or worm and it was okay for a while. now it came back and i dont like to reformat this again coz its too much work. also, before i reformatted this it always shows .exe in my drive folders. for example: i made a folder named "abc". then when i reboot i see abc folder as abc.exe. i stated this because it seems to be the same problem(not sure) as before. it starts from inaccessiblilty of task manager ang reg editor.
EDIT: it also seems my comp is slower than usual.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:33 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\winnjvy.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\hcym.exe
C:\DOCUME~1\KhaoZ\LOCALS~1\Temp\nsg8.tmp\nsA.tmp
C:\Program Files\DNA\btdna.exe
E:\Debug\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Javaâ„¢ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Javaâ„¢ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228874207593
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3129 bytes

thanks.

Pages: [1]